zavirováný počítač, prosím o pomoc, posílám log

[fdlb]

Ahoj, mám problém s PC, vypadá to, že se odinstalovala spousta aplikací včetně ms office, nevim moc, co se děje. použil jsem několik SW a odstranil spoustu infikovaných souborů.. prosím o radu, díky...


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by Barbora (administrator) on BARU (13-09-2016 11:45:10)
Running from C:\Users\Barbora\Downloads
Loaded Profiles: Barbora (Available Profiles: Barbora)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files (x86)\InterHop\InterHop.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Eastmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Eastmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Eastmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Eastmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Eastmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Eastmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Eastmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Eastmy\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Eastmy\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Eastmy\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe /c /delay:30
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-13] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\...\Run: [BingSvc] => C:\Users\Barbora\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\...\Run: [uTorrent] => C:\Users\Barbora\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-16] (BitTorrent Inc.)
HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\...\Run: [Google Update] => "C:\Users\Barbora\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\...\Run: [GoogleChromeAutoLaunch_928FCB95306D02D4B4A10AF2047078EB] => C:\Program Files (x86)\Eastmy\Application\chrome.exe [1384024 2016-09-12] (Google Inc.)
HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\...\RunOnce: [Uninstall C:\Users\Barbora\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Barbora\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\...\MountPoints2: {79d0d6e0-4fd7-11e5-8267-5ce0c5691779} - "E:\Autorun.exe"
HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\...\MountPoints2: {79d0d6fc-4fd7-11e5-8267-5ce0c5691779} - "E:\Autorun.exe"
HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\...\MountPoints2: {79d0d7d9-4fd7-11e5-8267-5ce0c5691779} - "E:\Autorun.exe"
HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\...\MountPoints2: {79d0d7f5-4fd7-11e5-8267-5ce0c5691779} - "E:\Autorun.exe"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-13] (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{FD78FB2F-1252-4853-B024-F332C49C4814}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-3526400621-2120930496-3531933072-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-13] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-13] (AVAST Software)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL No File

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [No File]
FF Plugin HKU\S-1-5-21-3526400621-2120930496-3531933072-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Barbora\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-3526400621-2120930496-3531933072-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Barbora\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-3526400621-2120930496-3531933072-1001: google.com/WidevineMediaOptimizer -> C:\Users\Barbora\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll [2014-06-09] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-13]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HKU\S-1-5-21-3526400621-2120930496-3531933072-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-09-13] (AVAST Software)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2015-02-03] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [371640 2015-12-29] (Intel Corporation)
R2 InterHop; C:\Program Files (x86)\InterHop\InterHop.exe [325352 2016-09-12] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [X]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [X]
S2 Asus WebStorage Windows Service; "C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe" [X]
S2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [X]
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
S2 EvtEng; "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [X]
S3 Intel(R) Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe" [X]
S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
S2 LMS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe" [X]
S3 MyWiFiDHCPDNS; "C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe" [X]
S3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 PDF Architect 4; "C:\Program Files\PDF Architect 4\ws.exe" [X]
S3 PDF Architect 4 CrashHandler; "C:\Program Files\PDF Architect 4\crash-handler-ws.exe" [X]
S2 PDF Architect 4 Creator; "C:\Program Files\PDF Architect 4\creator-ws.exe" [X]
S2 RegSrvc; "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" [X]
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]
S2 ZeroConfigService; "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-13] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [453192 2016-09-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-09-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-13] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [73512 2015-03-18] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [41824 2015-02-03] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2015-02-03] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216904 2015-02-03] (Intel Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2016-09-13] ()
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [231152 2014-12-12] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79528 2014-10-16] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3495704 2015-03-02] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [X]
S1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [X]
U0 msahci; system32\drivers\msahci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 11:45 - 2016-09-13 11:45 - 00017064 _____ C:\Users\Barbora\Downloads\FRST.txt
2016-09-13 11:45 - 2016-09-13 11:45 - 00000000 ____D C:\FRST
2016-09-13 11:44 - 2016-09-13 11:44 - 02398720 _____ (Farbar) C:\Users\Barbora\Downloads\FRST64.exe
2016-09-13 11:36 - 2016-09-13 11:36 - 00001095 _____ C:\DelFix.txt
2016-09-13 11:04 - 2016-09-13 10:46 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-09-13 10:37 - 2016-09-13 10:37 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-09-13 10:36 - 2016-09-13 10:36 - 00016366 _____ C:\Windows\system32\.crusader
2016-09-13 10:26 - 2016-09-13 10:29 - 11572656 _____ (SurfRight B.V.) C:\Users\Barbora\Downloads\HitmanPro_x64.exe
2016-09-13 02:46 - 2016-09-13 10:17 - 00000000 ____D C:\KVRT_Data
2016-09-13 02:45 - 2016-09-13 02:46 - 104183184 _____ (Kaspersky Lab ZAO) C:\Users\Barbora\Downloads\KVRT.exe
2016-09-13 02:21 - 2016-09-13 02:21 - 00453192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-09-13 02:21 - 2016-09-13 02:21 - 00001900 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-09-13 02:21 - 2016-09-13 00:50 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-09-13 02:08 - 2016-09-13 02:08 - 03826240 _____ C:\Users\Barbora\Downloads\Nepotvrzeno 18957.crdownload
2016-09-13 02:07 - 2016-09-13 11:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-13 02:06 - 2016-09-13 02:06 - 00001080 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-13 02:06 - 2016-09-13 02:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-13 02:06 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-13 02:06 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-13 02:06 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-13 02:04 - 2016-09-13 02:04 - 22851472 _____ (Malwarebytes ) C:\Users\Barbora\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-09-13 02:03 - 2016-09-13 02:04 - 22851472 _____ (Malwarebytes ) C:\Users\Barbora\Downloads\Nepotvrzeno 608916.crdownload
2016-09-13 00:50 - 2016-09-13 00:50 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-09-13 00:50 - 2016-09-13 00:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-13 00:09 - 2016-09-13 00:09 - 00000000 ____D C:\Users\Barbora\AppData\Local\CEF
2016-09-12 23:42 - 2016-09-12 23:42 - 00000000 ____D C:\Users\Barbora\AppData\Local\Microsoft Help
2016-09-12 17:45 - 2016-09-12 17:45 - 00000000 ____D C:\Users\Barbora\AppData\Local\Eastmy
2016-09-12 17:44 - 2016-09-12 17:44 - 00003552 _____ C:\Windows\System32\Tasks\EastmyUpdateTaskMachineCore
2016-09-12 17:44 - 2016-09-12 17:44 - 00003462 _____ C:\Windows\System32\Tasks\EastmyUpdateTaskMachineUA
2016-09-12 17:44 - 2016-09-12 17:44 - 00000000 ____D C:\Program Files (x86)\Eastmy
2016-09-12 17:43 - 2016-09-13 10:19 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-09-12 17:43 - 2016-09-12 17:43 - 00000000 ____D C:\Program Files (x86)\InterHop
2016-09-12 13:54 - 2016-09-12 13:54 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688110484.html
2016-09-12 13:54 - 2016-09-12 13:54 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688110281.html
2016-09-12 13:54 - 2016-09-12 13:54 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688107796.html
2016-09-12 13:54 - 2016-09-12 13:54 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688107531.html
2016-09-12 13:54 - 2016-09-12 13:54 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688105937.html
2016-09-12 13:54 - 2016-09-12 13:54 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688105531.html
2016-09-12 13:54 - 2016-09-12 13:54 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688104078.html
2016-09-12 13:51 - 2016-09-12 13:51 - 00000003 _____ C:\Windows\SysWOW64\en_-1688290531.html
2016-09-12 13:51 - 2016-09-12 13:51 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688289781.html
2016-09-12 13:51 - 2016-09-12 13:51 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688288375.html
2016-09-12 13:51 - 2016-09-12 13:51 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688288218.html
2016-09-12 13:51 - 2016-09-12 13:51 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688281875.html
2016-09-12 13:51 - 2016-09-12 13:51 - 00000003 _____ C:\Windows\SysWOW64\EN_-1688281484.html
2016-09-02 00:35 - 2016-09-02 00:35 - 00000001 _____ C:\Windows\SysWOW64\en.html
2016-09-01 09:50 - 2016-09-12 08:59 - 00000000 ____D C:\Users\Barbora\Downloads\VA - Suicide Squad The Album
2016-09-01 09:32 - 2016-09-01 09:42 - 125880816 _____ C:\Users\Barbora\Downloads\VA---Suicide-Squad-The-Album.rar
2016-08-30 22:02 - 2016-08-30 22:02 - 00000000 ____D C:\Users\Barbora\Desktop\Nová složka (2)
2016-08-30 08:53 - 2016-08-30 08:54 - 00000000 ____D C:\Users\Barbora\Downloads\The Roots - ...And Then You Shoot Your Cousin (2014) [320] by vinnie
2016-08-30 08:43 - 2016-08-30 08:48 - 81329816 _____ C:\Users\Barbora\Downloads\The-Roots---...And-Then-You-Shoot-Your-Cousin-(2014)-[320]-by-vinnie.rar
2016-08-26 08:39 - 2016-09-12 08:57 - 00000000 ____D C:\Users\Barbora\Downloads\SUICIDE SQUAD-SOUNDTRACK '16
2016-08-26 08:26 - 2016-08-26 08:26 - 00003230 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-08-26 08:24 - 2016-08-26 08:36 - 115873668 _____ C:\Users\Barbora\Downloads\SUICIDE-SQUAD-SOUNDTRACK--'16.rar
2016-08-24 18:26 - 2016-08-24 19:07 - 726756380 _____ C:\Users\Barbora\Downloads\starsky-a-hutch-cz-komedie-2004.avi
2016-08-24 13:04 - 2016-08-24 13:04 - 00000003 _____ C:\Windows\SysWOW64\EN_962243750.html
2016-08-24 13:04 - 2016-08-24 13:04 - 00000003 _____ C:\Windows\SysWOW64\EN_962242015.html
2016-08-24 13:04 - 2016-08-24 13:04 - 00000003 _____ C:\Windows\SysWOW64\EN_962241875.html
2016-08-24 13:04 - 2016-08-24 13:04 - 00000003 _____ C:\Windows\SysWOW64\EN_962240250.html
2016-08-24 13:04 - 2016-08-24 13:04 - 00000003 _____ C:\Windows\SysWOW64\EN_962240125.html
2016-08-24 13:04 - 2016-08-24 13:04 - 00000003 _____ C:\Windows\SysWOW64\EN_962238890.html
2016-08-24 13:03 - 2016-08-24 13:03 - 00000003 _____ C:\Windows\SysWOW64\EN_962208765.html
2016-08-24 13:03 - 2016-08-24 13:03 - 00000003 _____ C:\Windows\SysWOW64\EN_962208640.html
2016-08-24 13:03 - 2016-08-24 13:03 - 00000003 _____ C:\Windows\SysWOW64\EN_962204406.html
2016-08-24 13:03 - 2016-08-24 13:03 - 00000003 _____ C:\Windows\SysWOW64\EN_962204281.html
2016-08-24 13:03 - 2016-08-24 13:03 - 00000003 _____ C:\Windows\SysWOW64\EN_962202234.html
2016-08-24 13:03 - 2016-08-24 13:03 - 00000003 _____ C:\Windows\SysWOW64\EN_962201796.html
2016-08-24 13:03 - 2016-08-24 13:03 - 00000003 _____ C:\Windows\SysWOW64\EN_962191437.html
2016-08-24 13:03 - 2016-08-24 13:03 - 00000003 _____ C:\Windows\SysWOW64\EN_962191312.html
2016-08-24 13:03 - 2016-08-24 13:03 - 00000003 _____ C:\Windows\SysWOW64\EN_962183578.html
2016-08-24 13:03 - 2016-08-24 13:03 - 00000003 _____ C:\Windows\SysWOW64\en_962183328.html
2016-08-16 19:54 - 2016-08-16 21:16 - 1469326416 _____ C:\Users\Barbora\Downloads\Legenda-o-Tarzanovi-(The.Legend.of.Tarzan.)-2016.HC.HD-720p.-Dobrodružný,-Akční,.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 11:38 - 2016-04-15 10:57 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-13 11:29 - 2015-09-07 19:59 - 00000980 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3526400621-2120930496-3531933072-1001UA.job
2016-09-13 11:23 - 2015-07-27 14:28 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3526400621-2120930496-3531933072-1001
2016-09-13 11:10 - 2015-07-27 14:34 - 00000000 ____D C:\Users\Barbora\AppData\Local\Google
2016-09-13 11:10 - 2015-07-27 14:27 - 00000000 ___DO C:\Users\Barbora\OneDrive
2016-09-13 11:10 - 2015-07-27 14:23 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-13 11:10 - 2015-07-27 14:23 - 00000000 __SHD C:\Users\Barbora\IntelGraphicsProfiles
2016-09-13 11:09 - 2014-10-21 13:24 - 00741360 _____ C:\Windows\system32\perfh005.dat
2016-09-13 11:09 - 2014-10-21 13:24 - 00152030 _____ C:\Windows\system32\perfc005.dat
2016-09-13 11:09 - 2014-03-18 17:26 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-13 11:09 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-09-13 11:05 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-13 11:02 - 2015-07-27 14:22 - 00000000 ____D C:\Users\Barbora
2016-09-13 10:29 - 2015-09-07 19:59 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3526400621-2120930496-3531933072-1001Core.job
2016-09-13 10:18 - 2016-06-24 14:30 - 00000000 ____D C:\Windows\SysWOW64\_TSpm
2016-09-13 06:37 - 2015-07-27 14:30 - 00003818 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0DE4CDF7-5C55-4413-9CAF-A0495D5A181D}
2016-09-13 02:35 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\WinStore
2016-09-13 02:21 - 2016-07-17 02:13 - 00003882 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468714389
2016-09-13 02:21 - 2015-10-26 14:23 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-13 02:17 - 2016-03-29 12:17 - 00000000 ____D C:\Windows\system32\log
2016-09-13 00:50 - 2016-07-12 02:32 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-09-13 00:50 - 2015-10-26 14:23 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-09-13 00:50 - 2015-10-26 14:23 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-09-13 00:50 - 2015-10-26 14:23 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-09-13 00:50 - 2015-10-26 14:23 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-09-13 00:50 - 2015-10-26 14:23 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-09-13 00:50 - 2015-10-26 14:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-09-13 00:50 - 2015-10-26 14:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-09-13 00:50 - 2015-10-26 14:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-09-13 00:48 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2016-09-13 00:40 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-09-13 00:30 - 2015-08-08 21:52 - 00000000 ____D C:\Users\Barbora\AppData\Roaming\uTorrent
2016-09-13 00:30 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-13 00:29 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\registration
2016-09-12 23:41 - 2015-07-27 14:23 - 00000000 ____D C:\Users\Barbora\AppData\Local\Packages
2016-09-12 23:40 - 2015-08-04 09:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-12 23:40 - 2015-07-28 16:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-12 23:40 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-12 23:12 - 2016-05-19 10:26 - 00021608 _____ C:\Users\Public\Documents\report.dat
2016-09-12 23:12 - 2015-07-28 13:49 - 10527744 ___SH C:\Users\Barbora\Desktop\Thumbs.db
2016-09-12 23:04 - 2015-07-27 14:23 - 00000125 _____ C:\Users\Barbora\AppData\Roaming\sp_data.sys
2016-09-12 17:44 - 2016-04-11 12:14 - 00002281 _____ C:\Users\Barbora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-12 13:53 - 2015-12-25 19:59 - 00000000 ____D C:\Users\Barbora\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2016-09-12 13:53 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-09-12 13:51 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2016-09-12 13:51 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2016-09-12 12:00 - 2015-07-27 14:29 - 00003480 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-09-12 12:00 - 2015-07-27 14:29 - 00003470 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-09-12 08:40 - 2015-07-27 14:29 - 00000000 ____D C:\Users\Barbora\AppData\Roaming\Skype
2016-09-11 22:08 - 2016-05-06 22:13 - 00000000 ____D C:\Users\Barbora\Desktop\fiží banka
2016-09-09 23:50 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-09-06 10:12 - 2016-08-10 17:06 - 00000000 ____D C:\Users\Barbora\AppData\Roaming\setup1
2016-09-03 17:04 - 2015-07-27 14:29 - 00003912 _____ C:\Windows\System32\Tasks\Update Checker
2016-08-26 14:02 - 2016-07-26 12:40 - 00000000 _____ C:\Users\Public\Documents\report1.dat
2016-08-26 08:26 - 2016-04-28 07:15 - 00002370 _____ C:\Users\Barbora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2016-08-26 08:26 - 2015-07-28 16:17 - 00003176 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3526400621-2120930496-3531933072-1001
2016-08-17 22:52 - 2016-06-16 22:36 - 00000000 ____D C:\Users\Barbora\AppData\Roaming\vlc
2016-08-17 19:58 - 2015-08-05 16:02 - 01489408 ___SH C:\Users\Barbora\Downloads\Thumbs.db
2016-08-16 19:38 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-08-14 00:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2015-07-27 14:23 - 2016-09-12 23:04 - 0000125 _____ () C:\Users\Barbora\AppData\Roaming\sp_data.sys

Files to move or delete:
====================
C:\Users\Barbora\OutlookExtract.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-08 22:07

==================== End of FRST.txt ============================

[JaRon]

ahoj,
no odviroval si hlava-nehlava a teraz neviem, co cakas od fora ,,,
- doporucujem vycistit PC s CCleanerom - hlavne registre
- aplikacie, ktore si zlikvidol Ty alebo virus, bude potrebne nainstalovat nanovo

[fdlb]

Jsem absolutní lajk, takže cokoli pomůže. To, co jsem já dosud provedl je to, že jsem sledoval tenhle postup:
http://tharifas.sweb.cz/jak_odvirovat_pocitac.html

nevim, co vše, se dá vyčíst z toho logu a nevim, jestli jsou v pc další infekce a nebo stačí pročistit registry, jak říkáš a nainstalovat chybějící appky a jet spokojeně dál.

[JaRon]

nabuduce vloz hned po zavireni log na toto forum ,,,,
urob co som napisal a na zaver prescanuj PC s MBAM

[fdlb]

MBAM detekuje 0..takze OK? naistaluju, co mi chybí a dík za pomoc. Příště budu chytřejší.

[JaRon]

rado sa stalo