Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Malware a částečně nefunkční Chrome

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
zajic22
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 led 2017 23:05

Malware a částečně nefunkční Chrome

#1 Příspěvek od zajic22 »

Dobrý večer, měl bych na Vás prosbu - včera jsem si stáhl film a v příloze byl codec, který se měl nainstalovat, aby se mohl film spustit. Po rozkliknutí se začali samovolně instalovat programy. Skončilo to tak, že mi tu pořád vyskakují reklamy, které překrývají všechny ostatní programy. Chrome funguje, ale nedají se s ním používat některé stránky (zatím jen youtube a google) a občas se samovolně zapne nová záložka a spustí nějakou reklamní stránku. Zkoušel jsem Avast a ESET, ale bohužel ani jedno nepomohlo. Zdá se mi, že se akorát zmírnila frekvence vyskakování reklam, jinak vše stejné.

Byl bych moc rád za jakoukoliv radu nebo pomoc, protože se v těchto věcech absolutně neorientuju. Předem děkuji a přeji pěkný zbytek večera.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware a částečně nefunkční Chrome

#2 Příspěvek od Rudy »

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zajic22
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 led 2017 23:05

Re: Malware a částečně nefunkční Chrome

#3 Příspěvek od zajic22 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by Jiří Zajíček (13-01-2017 18:08:38)
Running from C:\Users\Jiři Zajíček\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-27 01:58:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2412516691-3949005397-3537030179-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2412516691-3949005397-3537030179-503 - Limited - Disabled)
Guest (S-1-5-21-2412516691-3949005397-3537030179-501 - Limited - Disabled)
Jiří Zajíček (S-1-5-21-2412516691-3949005397-3537030179-1001 - Administrator - Enabled) => C:\Users\Jiři Zajíček

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 10.0.386.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.386.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.8 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.05.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.42 - ICEpower a/s)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
calibre (HKLM-x32\...\{E82D98B9-8C5F-4B55-99B9-B1DA5DD7D3FF}) (Version: 2.70.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
ESET Smart Security (HKLM\...\{E483B847-824D-4659-A760-0AC8FE24055E}) (Version: 10.0.386.1 - ESET, spol. s r.o.)
Foxit PhantomPDF (HKLM-x32\...\{045A0488-55C1-45B1-9992-4B4134904D61}) (Version: 7.0.59.127 - Foxit Software Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.11.110.1 - Intel Security)
Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.474.2 - McAfee, Inc.)
Microsoft Office 2013 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 15.0.4885.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA Graphics Driver 345.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.05 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{4C6314F6-2DE8-4354-856A-787679AEF407}) (Version: 1.15.0 - Microleaves) <==== ATTENTION
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenAL 1.1 Core PC SDK (ver 3.05) (HKLM-x32\...\InstallShield_{1C10D0D6-AF1A-48B8-9BF7-52A2BB014E0C}) (Version: 3.05 - Creative Labs)
OpenAL 1.1 Core PC SDK (ver 3.05) (x32 Version: 3.05 - Creative Labs) Hidden
Ovládací panel NVIDIA 369.09 (Version: 369.09 - NVIDIA Corporation) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
Pro Evolution Soccer 2016 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNg==_is1) (Version: 1 - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.332 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7417 - Realtek Semiconductor Corp.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Walking Dead A New Frontier Episode 1 (HKLM-x32\...\The Walking Dead A New Frontier Episode 1_is1) (Version: - )
The Walking Dead A New Frontier Episode 2 (HKLM-x32\...\The Walking Dead A New Frontier Episode 2_is1) (Version: - )
Traffic Exchange (x32 Version: 1.15.0 - Microleaves) Hidden <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0072A024-7F31-4681-A8FF-9592951A1D64} - System32\Tasks\UncheckitTaskMN => C:\Program Files (x86)\Uncheckit\cktSvc.exe <==== ATTENTION
Task: {06B36CB0-CF4C-454B-ABAA-B46368DD731A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {170ACB8D-766E-4BE7-8BF1-5912176116BF} - System32\Tasks\Online Application => C:\Program Files (x86)\Online Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD)
Task: {1857814D-3E66-46A8-8DA3-D02F4293DB36} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {185A6A0E-4C96-47AC-A68E-B40AB613D032} - System32\Tasks\Online Application v2 => C:\Program Files (x86)\Online Application\Online-Guardian-v2.exe [2017-01-03] (Microleaves LTD)
Task: {237F50CB-7286-4990-93FB-2D4AD56581FB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-26] (Realtek Semiconductor)
Task: {2C5BDBE8-A277-4C54-B49D-81B622B60E3A} - System32\Tasks\UncheckitUpdateTaskC => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe <==== ATTENTION
Task: {339F83F6-61CB-4B96-B63E-0821587BA96D} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35AB9822-D3EE-42B9-806C-81500FB4121F} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {3B95CC17-03FF-4D07-9EBD-F1293D6D9D17} - System32\Tasks\Traffic Exchange v2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe [2017-01-03] (Microleaves LTD) <==== ATTENTION
Task: {3E921AFE-E9F8-4F11-971F-06F7528BA37E} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe
Task: {3F2EAAEF-0B25-455D-98E7-4978D4C89C6B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3F4C1602-0FFF-441A-A1EE-3EB48CADC91B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {49FDDF9B-F10F-4560-A18E-9DEE9B355044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-14] (Google Inc.)
Task: {52FCD72F-A214-4C6A-BE94-34EBFDE28DDA} - System32\Tasks\Online Application Guardian => C:\Program Files (x86)\Online Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD)
Task: {5817B728-2898-444B-8888-94E09D749E85} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6445E2A1-050B-4106-9987-9E6A121AA372} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {661383F3-7B85-4AFE-AD57-2F687C8AC90B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {68B6B4C8-3F99-404F-B214-74A13B44EA7B} - System32\Tasks\SteamClient => C:\Users\Jiři Zajíček\AppData\Roaming\Steam\SteamHelper.exe <==== ATTENTION
Task: {6DA30928-130F-473E-8776-AD799C09F6DD} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe
Task: {6DE9F26E-1912-4E3C-BBDD-2D9FD9089BDA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7179BFF9-133A-45D5-A2A1-E0966F77339B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {74D83754-C252-4DE6-9A53-64333D5DBFE5} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
Task: {773F3852-D563-497B-8841-835AA09E40DA} - System32\Tasks\836898v6a201h23 => Rundll32.exe "C:\ProgramData\836898v6a201h23\836898v6a201h23.dll",bgozrak <==== ATTENTION
Task: {7F2804B6-7FD4-4662-B8B7-36343909C5C4} - System32\Tasks\vreXjvXBrowserUpdateCore => C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe <==== ATTENTION
Task: {80728216-07B4-47DB-80DC-E0986C497AF5} - System32\Tasks\Online Application v2 Guardian => C:\Program Files (x86)\Online Application\Online-Guardian-v2.exe [2017-01-03] (Microleaves LTD)
Task: {8FD88945-D5F4-417B-9744-9CC830EE37ED} - System32\Tasks\vreXjvXCheckTask => C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe <==== ATTENTION
Task: {90469C48-0FE7-496B-8794-C84A8C95B06F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {936648A0-AF2F-4566-B2C6-78892453E507} - System32\Tasks\Traffic Exchange v2 Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe [2017-01-03] (Microleaves LTD) <==== ATTENTION
Task: {95933F04-DD8D-4970-A2B3-84FB783AB0BF} - System32\Tasks\vreXjvXBrowserUpdateUA => C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe <==== ATTENTION
Task: {967FD513-1BC7-4128-B452-19F926929604} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-01-10] (Microleaves) <==== ATTENTION
Task: {96FE366A-C936-4E8B-B5D9-26611AD115D2} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {9D51FDA1-4110-4048-ADAB-D90106827075} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {9F91D505-F10A-4644-BEC0-EAA1B81A88F1} - System32\Tasks\UncheckitUpdateTaskDB => C:\Program Files (x86)\Uncheckit\UncheckitUpdate.exe <==== ATTENTION
Task: {A3B57E17-B0E3-47BE-8DEF-0154C96D4EED} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A46D0B17-0223-43D5-8904-58BB479F41CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-14] (Google Inc.)
Task: {A57B1AD0-82FD-4F0A-AB99-5ECAF4ECE89A} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AAAC0D5A-78F1-405B-9C4D-0A9E804050D8} - System32\Tasks\Online Application v2 Guard => C:\Program Files (x86)\Online Application\Online-Guardian-v2.exe [2017-01-03] (Microleaves LTD)
Task: {AFAE7F88-B5E0-41EC-89FD-F9F4686F3E8E} - System32\Tasks\Traffic Exchange v2 Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe [2017-01-03] (Microleaves LTD) <==== ATTENTION
Task: {B494CA0E-E78E-4E4A-8529-669669A43ACD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {B77C1439-E88C-4B84-B1B0-6E7A5918114C} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {BEDA90E5-B653-462E-AA72-07B54DC92738} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C03A3EB4-85B4-4F46-8576-F2F128EA5A31} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C25EB647-FFCE-4A1B-95DB-C2F721E50B32} - System32\Tasks\Online Application Guard => C:\Program Files (x86)\Online Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD)
Task: {C318B8CD-3417-4093-B0D8-887E6682BF74} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\DD566D4F749EB71655048D862CC218B2\Update\BrowserUpdate.exe <==== ATTENTION
Task: {C40657D0-B10A-4BAD-BB39-B340785E47A3} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe <==== ATTENTION
Task: {CAE3C7D5-5EB7-444E-A21D-295569A44E04} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CB3A0509-14BC-4ACF-966F-D4B1EB7BF4C9} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Online Application\Online Application Updater.exe [2017-01-10] (Microleaves)
Task: {D5BD8B5A-86B2-42F2-BF44-178DB176D1F2} - System32\Tasks\Driver Booster SkipUAC (Jiří Zajíček) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: {D66BABBA-A1BE-4C97-BF8D-B472FA70FF8D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Jiři Zajíček\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {D949D961-56D6-43A7-A1F8-DA7A6A8100A1} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Task: {DB04DF33-6848-4C7E-872D-105070E3767D} - System32\Tasks\Nimeckreelule Log => C:\Program Files (x86)\Nimeckreelule\Nmclogtask.exe <==== ATTENTION
Task: {DE402BBC-823B-4093-8441-BF1E398BC2D9} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {E2F5EBB5-6E11-4D16-86B7-27DC931831A2} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Task: {E39077DD-1F00-472C-84A6-C5FB70B3A948} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E45918C4-DCA7-4322-ADC5-550ECBDA9F4D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 Guard.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 Guardian.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Jiři Zajíček\Desktop\Hry\Lеaguе of Legends.lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.rehcnual.lol.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gоoglе Chrome.lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Ехplоrer.lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnet Ехрlоrеr Вrowser.lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Chromе.lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Chrоme (2).lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Chrоmе (3).lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Diаblо III.lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.rehcnual iii olbaid.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Gооgle Chrоme.lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\53cc32c2751104df\Сupblue.lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\DАEМОN Тools Lite.lnk -> C:\Users\Jiři Zajíček\AppData\Roaming\Browsers\exe.rehcnualtd.bat (No File) <===== Cyrillic

ShortcutWithArgument: C:\Users\Jiři Zajíček\AppData\Local\vreXjvX\User Data\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:13 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-27 02:33 - 2016-08-01 13:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-23 21:00 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-12-13 20:13 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-10 12:30 - 2017-01-10 12:30 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
2016-03-16 18:06 - 2016-03-16 18:06 - 46344704 _____ () C:\Program Files (x86)\ContentPush\app\bin\nw.exe
2016-09-27 03:24 - 2016-09-27 03:24 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 18:38 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 18:38 - 2016-12-21 08:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-11 18:37 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 18:37 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 18:37 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 18:37 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 18:37 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 05:15 - 2016-12-14 05:16 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 05:15 - 2016-12-14 05:16 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 05:15 - 2016-12-14 05:16 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 05:15 - 2016-12-14 05:16 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-11-23 15:33 - 2016-11-23 15:34 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 15:33 - 2016-11-23 15:34 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 04:43 - 2016-06-03 04:43 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 15:33 - 2016-11-23 15:34 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 15:33 - 2016-11-23 15:34 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-01-10 12:30 - 2017-01-10 12:30 - 00219032 _____ () c:\program files\żěńą\x86\kuaizipupdatechecker.dll
2017-01-11 12:09 - 2017-01-03 03:49 - 00324336 _____ () c:\users\jiři zajíček\appdata\local\safisvc\safisvc.dll
2017-01-11 12:09 - 2016-12-21 02:13 - 00261360 _____ () c:\users\jiři zajíček\appdata\local\safisvc\updater\checkupdate.dll
2017-01-11 12:09 - 2016-10-25 04:33 - 00166128 _____ () c:\users\jiři zajíček\appdata\local\safisvc\substat.dll
2017-01-11 12:09 - 2016-12-20 05:38 - 01778928 _____ () c:\users\jiři zajíček\appdata\local\safisvc\softconfig.dll
2016-03-16 18:06 - 2016-03-16 18:06 - 01481728 _____ () C:\Program Files (x86)\ContentPush\app\bin\libglesv2.dll
2016-03-16 18:06 - 2016-03-16 18:06 - 00073728 _____ () C:\Program Files (x86)\ContentPush\app\bin\libegl.dll
2016-03-16 18:05 - 2016-03-16 18:05 - 01681224 _____ () C:\Program Files (x86)\ContentPush\app\bin\ffmpegsumo.dll
2017-01-11 12:26 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-11 12:26 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2017-01-10 12:44 - 00003887 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
34.195.153.94 www.google-analytics.com
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com

There are 57 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jiři Zajíček\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\...\StartupApproved\Run: => "svchost0"
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{81AA39E4-5531-4401-996F-13478D43467C}] => C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe
FirewallRules: [{52AE9E0C-92F8-43DF-BCFE-84335F6BFEBF}] => C:\Program Files (x86)\vreXjvX\vreXjvX\chrome.exe
FirewallRules: [UDP Query User{DC5DDDE2-8837-4E6F-8596-A1DA21DDBCEF}D:\hry\pro evolution soccer 2016\pes2016.exe] => D:\hry\pro evolution soccer 2016\pes2016.exe
FirewallRules: [TCP Query User{5ED7B361-12FF-4360-A4AE-A94906CB7036}D:\hry\pro evolution soccer 2016\pes2016.exe] => D:\hry\pro evolution soccer 2016\pes2016.exe
FirewallRules: [{C7590B6B-C771-45AB-990D-168D0282A60D}] => C:\ProgramData\vreXjvX\protect\protect.exe
FirewallRules: [{673D7D7A-82A2-42C1-80E4-781275878A6B}] => C:\Program Files (x86)\Cupblue\Update\CupblueUpdate.exe
FirewallRules: [{9FF28AA5-8828-48D9-A89B-9DEDF7C73A7D}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C57E1837-D7F5-4C48-B365-D8095AA55984}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5B3EE59C-5FC4-4918-A909-BB288214DD35}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3D38BE97-9547-43B2-A274-E329C0B2C87D}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{06B3C824-3394-4657-9B39-59E7DA5F92E5}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{544AB245-2188-46E9-9233-0C95A40D6C14}] => C:\Users\Jiři Zajíček\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{5B527754-E950-4D2E-BA82-57F7BEF55B72}D:\programy\utorrent\utorrent.exe] => D:\programy\utorrent\utorrent.exe
FirewallRules: [UDP Query User{8AB84DFC-66E3-457D-8691-ABA12860F0D1}D:\programy\utorrent\utorrent.exe] => D:\programy\utorrent\utorrent.exe
FirewallRules: [TCP Query User{224897DE-C08F-4506-8A7F-35E4935F45FC}D:\hry\pro evolution soccer 2016\pes2016.exe] => D:\hry\pro evolution soccer 2016\pes2016.exe
FirewallRules: [UDP Query User{F9C258F2-BD90-46D9-A6CF-5C582D3B7DB6}D:\hry\pro evolution soccer 2016\pes2016.exe] => D:\hry\pro evolution soccer 2016\pes2016.exe
FirewallRules: [TCP Query User{DF3FA3D1-DF4F-43B5-9ED8-F3AF8A49A468}D:\hry\outlast\binaries\win64\olgame.exe] => D:\hry\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{F81BF86F-03BD-42FF-B406-7355BED36DBC}D:\hry\outlast\binaries\win64\olgame.exe] => D:\hry\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{6685DF93-33B0-4109-97D6-61DFC9293786}D:\hry\max payne 3\maxpayne3.exe] => D:\hry\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{C89A868C-4D69-4CEC-9158-B706A0131C75}D:\hry\max payne 3\maxpayne3.exe] => D:\hry\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{B9CFD34B-A1BC-4322-A3CC-8006693A6A78}D:\hry\max payne 3\maxpayne3.exe] => D:\hry\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{5227E2C4-8FE4-4E69-A98D-1A350D531723}D:\hry\max payne 3\maxpayne3.exe] => D:\hry\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{477C931A-E65F-4485-AB70-5289CD0695C5}D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe] => D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [UDP Query User{73E9A02C-4DDD-4ED6-8699-CC4AD1D57B6C}D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe] => D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [TCP Query User{438FA23E-77BD-4E98-A853-3F8ECB08620B}D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe] => D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [UDP Query User{8EA95353-DA7A-4DF9-B895-0B299E5F1475}D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe] => D:\hry\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [TCP Query User{81C2B45C-F918-4886-99EE-C11BE07A9786}D:\hry\far cry 3\bin\farcry3_d3d11.exe] => D:\hry\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{6A937A63-3344-42D9-9518-33F37B6EB43F}D:\hry\far cry 3\bin\farcry3_d3d11.exe] => D:\hry\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [TCP Query User{CDA2F99E-39E3-4A99-BA6E-B41FF0C0BA15}D:\hry\firewatch\firewatch.exe] => D:\hry\firewatch\firewatch.exe
FirewallRules: [UDP Query User{DA90EDA0-E079-4585-B46E-A070687F1847}D:\hry\firewatch\firewatch.exe] => D:\hry\firewatch\firewatch.exe
FirewallRules: [{9A6212AC-19BD-438B-B8EF-D1C6358ED280}] => D:\Hry\Life Is Strange\steam_api64.exe
FirewallRules: [{8A5BBEFE-5407-4EA7-BA78-AAC5972FA240}] => D:\Hry\Life Is Strange\steam_api64.exe
FirewallRules: [TCP Query User{5673DD62-7307-435B-8373-FFD6174A010C}D:\hry\counter-strike 1.6\hl.exe] => D:\hry\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{7FE1A3D1-6557-452B-944A-749159DADB44}D:\hry\counter-strike 1.6\hl.exe] => D:\hry\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{623D0A9D-452A-44D4-BF9A-E706227C170D}C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe] => C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe
FirewallRules: [UDP Query User{260AE533-FFD0-4FD3-8431-83973D743FF6}C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe] => C:\games\scrap mechanic v0.1.13\release\scrapmechanic.exe
FirewallRules: [TCP Query User{75A3A3D3-2584-48E4-884B-83177C71ACA7}C:\program files (x86)\diablo iii\diablo iii.exe] => C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{C5A7AA0E-4366-4345-BD8A-C2880968354C}C:\program files (x86)\diablo iii\diablo iii.exe] => C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{EFDA52A0-6C4E-4B6A-84F9-16EAF2BE0E14}] => C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe
FirewallRules: [{DA5E1E38-71B7-4E82-85F2-E20C6A273DEC}] => C:\Program Files (x86)\EA GAMES\Battlefield 2\BF2.exe
FirewallRules: [{D32C17F9-2344-4B4B-BA0A-D80F5789A503}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{3F46198F-5C48-4D48-AD92-800E24B4425A}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{27940AAA-CA81-42C3-B9D9-94F2969F1E2F}] => C:\Windows\System32\rundll32.exe
FirewallRules: [TCP Query User{2C892DCF-3646-4AEF-AC6F-B74FDAC168A3}C:\program files\safiplayer\safiterminal.exe] => C:\program files\safiplayer\safiterminal.exe
FirewallRules: [UDP Query User{14B0C0A8-2E84-4DF1-8809-D594FE7F1988}C:\program files\safiplayer\safiterminal.exe] => C:\program files\safiplayer\safiterminal.exe
FirewallRules: [TCP Query User{C054026F-3114-4910-9AC1-AA7183F7172C}C:\program files\safiplayer\safiplayer.exe] => C:\program files\safiplayer\safiplayer.exe
FirewallRules: [UDP Query User{B314506B-313F-4EFB-AF31-4063381A114C}C:\program files\safiplayer\safiplayer.exe] => C:\program files\safiplayer\safiplayer.exe
FirewallRules: [{2559D698-8D40-43F8-A744-E95A92884259}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AC28EC2A-58DF-4073-BD1B-2451030D4F2B}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{36BFD36E-FF35-4057-BCE7-86F8E6856232}] => C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

27-12-2016 13:10:46 Naplánovaný kontrolní bod
05-01-2017 20:49:42 Naplánovaný kontrolní bod
10-01-2017 13:04:57 ASU_MSI_TRAN

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2017 06:03:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x2048
Čas spuštění chybující aplikace: 0x01d26dbedc8f346b
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 7e7bc805-03f2-4ba9-910e-c4807de0da0a
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/13/2017 06:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x2930
Čas spuštění chybující aplikace: 0x01d26dbee763ed7e
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: c858a149-1241-425e-92c5-955e16a135eb
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/13/2017 06:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x97c
Čas spuštění chybující aplikace: 0x01d26dbee241be7b
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: a52a96de-27cb-44d9-a8c6-02267ba9050b
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/13/2017 06:03:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x2048
Čas spuštění chybující aplikace: 0x01d26dbedc8f346b
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 2ed091e8-825a-47d1-a096-44534d6584a8
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/13/2017 06:03:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x2084
Čas spuštění chybující aplikace: 0x01d26dbee5897ec2
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 1869945d-deac-4b82-9c6b-91dab4822fd8
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/13/2017 06:03:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x97c
Čas spuštění chybující aplikace: 0x01d26dbee241be7b
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 57ee62ef-c7e0-43c5-835e-2d18552ce64b
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/13/2017 06:03:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x2084
Čas spuštění chybující aplikace: 0x01d26dbee5897ec2
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 8ee74bb6-9bb8-4a5f-b771-ed66ade06c2a
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/13/2017 06:03:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x2084
Čas spuštění chybující aplikace: 0x01d26dbee5897ec2
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: b3d81635-1279-4089-9a1f-9d9dc88fe39f
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/13/2017 06:03:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x2048
Čas spuštění chybující aplikace: 0x01d26dbedc8f346b
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: d61a1a1e-2be4-4ffd-9eda-7645737f4219
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge

Error: (01/13/2017 06:02:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.14393.82, časové razítko: 0x57a55786
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000604
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x2048
Čas spuštění chybující aplikace: 0x01d26dbedc8f346b
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 99385b93-e97b-4551-933c-03921419db0b
Úplný název chybujícího balíčku: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: MicrosoftEdge


System errors:
=============
Error: (01/13/2017 12:24:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/12/2017 08:51:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.

Error: (01/12/2017 08:47:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/12/2017 08:47:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/12/2017 08:47:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_4efeb byla ukončena s následující chybou:
Nespecifikovaná chyba

Error: (01/12/2017 08:46:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba recekeru neuspěla při spuštění v důsledku následující chyby:
Aplikaci recekeru nelze spustit v režimu Win32.

Error: (01/12/2017 08:46:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba InstallerService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/12/2017 08:45:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (01/12/2017 08:38:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba ESET Service je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/12/2017 06:19:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================
Date: 2017-01-12 20:42:39.496
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mfeelamk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-12 20:42:37.271
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-04 13:40:20.016
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-25 18:07:17.554
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-15 17:26:01.190
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-12 10:37:18.682
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-10 12:44:09.259
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-08 00:39:57.374
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-06 12:44:50.317
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-04 15:57:36.859
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 46%
Total physical RAM: 8094.8 MB
Available physical RAM: 4298.07 MB
Total Virtual: 9374.8 MB
Available Virtual: 4982.22 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:322.59 GB) NTFS
Drive d: (Data) (Fixed) (Total:542.8 GB) (Free:382.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 357AB48A)

Partition: GPT.

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware a částečně nefunkční Chrome

#4 Příspěvek od Rudy »

Toto je pouze Addition. Potřebuji vidět ještě FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zajic22
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 led 2017 23:05

Re: Malware a částečně nefunkční Chrome

#5 Příspěvek od zajic22 »

Omlouvám se. Jak jsem říkal, tohle není úplně moje silná stránka.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
Ran by Jiří Zajíček (administrator) on ZAJÍCEK (13-01-2017 18:07:28)
Running from C:\Users\Jiři Zajíček\Desktop
Loaded Profiles: Jiří Zajíček (Available Profiles: Jiří Zajíček)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\ContentPush\app\bin\nw.exe
() C:\Program Files (x86)\ContentPush\app\bin\nw.exe
() C:\Program Files (x86)\ContentPush\app\bin\nw.exe
() C:\Program Files (x86)\ContentPush\app\bin\nw.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
(Disc Soft Ltd) D:\Programy\DAEMON Tools Lite\DiscSoftBusService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.10211.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microleaves LTD) C:\Program Files (x86)\Online Application\Online-Guardian.exe
(Microleaves LTD) C:\Program Files (x86)\Online Application\Online-Guardian-v2.exe
(Microleaves LTD) C:\Program Files (x86)\Online Application\Online-Guardian-v2.exe
(Microleaves LTD) C:\Program Files (x86)\Online Application\Online-Guardian-v2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(forum.viry.cz) C:\Users\Jiři Zajíček\Desktop\FRSTLauncher.exe
(Microleaves LTD) C:\Program Files (x86)\Online Application\Online-Guardian.exe
(Microsoft Corporation) C:\Windows\System32\AppHostRegistrationVerifier.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Programy\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-04] (Disc Soft Ltd)
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\...\Run: [GoogleChromeAutoLaunch_C1B61A44099873C2F857C0CB81E73618] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [] => 0
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-01-10] ()
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1a137db7-4d56-48e0-b882-a1e4247e5cba}: [DhcpNameServer] 192.168.1.20
Tcpip\..\Interfaces\{d93697b9-201e-44c4-ba06-c1cc888d12dd}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131183998834004897&GUID=83A31D52-740C-427E-B1F8-0C5C8D23D604
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=146528228 ... A4K194A4KX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WswnVChzaJ30m7u5GRdW6uWn19kIaLgN44XaQh7tudE2WYsaEru7R2fIbV1Ud7ZTJhlCoBpj-3NrjcaNcQVAwV4d8X22sVuQIAqR5nY2olpJWa_oSxaQ7Qh4O3o1Gzt9kubRfHaGwBrIc2FgkKl3b2NGUN09kKj&q={searchTerms}
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ic.loadblanks.ru/c/02037a282dd7fbaf?
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=146528228 ... A4K194A4KX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WswnVChzaJ30m7u5GRdW6uWn19kIaLgN44XaQh7tudE2WYsaEru7R2fIbV1Ud7ZTJhlCoBpj-3NrjcaNcQVAwV4d8X22sVuQIAqR5nY2olpJWa_oSxaQ7Qh4O3o1Gzt9kubRfHaGwBrIc2FgkKl3b2NGUN09kKj&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WswnVChzaJ30m7u5GRdW6uWn19kIaLgN44XaQh7tudE2WYsaEru7R2fIbV1Ud7ZTJhlCoBpj-3NrjcaNcQVAwV4d8X22sVuQIAqR5nY2olpJWa_oSxaQ7Qh4O3o1Gzt9kubRfHaGwBrIc2FgkKl3b2NGUN09kKj&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WswnVChzaJ30m7u5GRdW6uWn19kIaLgN44XaQh7tudE2WYsaEru7R2fIbV1Ud7ZTJhlCoBpj-3NrjcaNcQVAwV4d8X22sVuQIAqR5nY2olpJWa_oSxaQ7Qh4O3o1Gzt9kubRfHaGwBrIc2FgkKl3b2NGUN09kKj&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-11-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-12-10] (Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-12-10] (Intel Security)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-11-23] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-11-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Programy\VLC Media Player\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Programy\VLC Media Player\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.cz/"
CHR Profile: C:\Users\Jiři Zajíček\AppData\Local\Google\Chrome\User Data\Default [2017-01-13]
CHR Extension: (Disk Google) - C:\Users\Jiři Zajíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-14]
CHR Extension: (YouTube) - C:\Users\Jiři Zajíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Jiři Zajíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-11]
CHR Extension: (AdBlock) - C:\Users\Jiři Zajíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-03]
CHR Extension: (Top Eleven) - C:\Users\Jiři Zajíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn [2016-09-14]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Jiři Zajíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-09-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jiři Zajíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-14]
CHR Extension: (Gmail) - C:\Users\Jiři Zajíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-14]
CHR Extension: (Chrome Media Router) - C:\Users\Jiři Zajíček\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-11-01] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; D:\Programy\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2016-12-14] (ESET)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-01-10] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.)
S2 recekeru; C:\Program Files (x86)\2d58a66e-95a0-4cf1-8ce3-49cd5f4506e21484048105\knsA466.tmp [422400 2017-01-12] () [File not signed]
R2 SaFiSvc; C:\Users\Jiři Zajíček\AppData\Local\SaFiSvc\SaFiSvc.dll [324336 2017-01-03] ()
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2016-11-30] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-11-30] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-11-30] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [98296 2015-12-14] (ASUS Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [38720 2014-09-18] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [38208 2014-09-18] (Intel Corporation)
R3 dtldrvhelp; c:\users\jiři zajíček\appdata\local\safisvc\dtldrvhelp64.sys [58960 2016-12-29] ()
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-04-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-04-23] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2016-12-13] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2016-12-13] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-12-13] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2016-12-13] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2016-12-13] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2016-12-13] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2016-12-13] (ESET)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-01-10] (REALiX(tm))
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [79016 2014-08-26] (Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92832 2017-01-10] (WinMount International Inc)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2015-01-06] (Intel Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 18:07 - 2017-01-13 18:08 - 00022179 _____ C:\Users\Jiři Zajíček\Desktop\FRST.txt
2017-01-13 18:06 - 2017-01-13 18:07 - 00000000 ____D C:\FRST
2017-01-13 18:03 - 2017-01-13 18:03 - 00112640 _____ (forum.viry.cz) C:\Users\Jiři Zajíček\Desktop\FRSTLauncher.exe
2017-01-13 18:01 - 2017-01-13 18:00 - 02419200 _____ (Farbar) C:\Users\Jiři Zajíček\Desktop\FRST64.exe
2017-01-12 22:41 - 2017-01-12 22:41 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-01-12 22:41 - 2017-01-12 22:41 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-12 22:41 - 2017-01-12 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-12 22:41 - 2017-01-12 22:41 - 00000000 ____D C:\Program Files\CCleaner
2017-01-12 20:41 - 2017-01-12 20:41 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Local\ESET
2017-01-12 20:38 - 2017-01-12 20:38 - 00002102 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictvĂ­ a online plateb.lnk
2017-01-12 20:38 - 2017-01-12 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-01-12 20:38 - 2017-01-12 20:38 - 00000000 ____D C:\ProgramData\ESET
2017-01-12 20:38 - 2017-01-12 20:38 - 00000000 ____D C:\Program Files\ESET
2017-01-11 18:39 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 18:39 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 18:39 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 18:39 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 18:39 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 18:39 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 18:39 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 18:39 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 18:39 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 18:39 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 18:39 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 18:39 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 18:39 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 18:39 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 18:39 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 18:39 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 18:39 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 18:39 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 18:39 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 18:39 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 18:39 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 18:39 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 18:39 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 18:39 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 18:39 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 18:39 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 18:39 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 18:39 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 18:39 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 18:39 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 18:39 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 18:39 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 18:39 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 18:39 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 18:39 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 18:39 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 18:39 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 18:39 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 18:39 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 18:39 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 18:39 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 18:39 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 18:39 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 18:39 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 18:39 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 18:39 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 18:39 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 18:39 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 18:39 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 18:39 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 18:39 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 18:39 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 18:39 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 18:39 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 18:39 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 18:39 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 18:39 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 18:39 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 18:39 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 18:39 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 18:38 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 18:38 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 18:38 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 18:38 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 18:38 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 18:38 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 18:38 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 18:38 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 18:38 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 18:38 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 18:38 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 18:38 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 18:38 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 18:38 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 18:38 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 18:38 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 18:38 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 18:38 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 18:38 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 18:38 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 18:38 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 18:38 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 18:38 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 18:38 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 18:38 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 18:38 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 18:38 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 18:38 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 18:38 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 18:38 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 18:38 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 18:38 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 18:38 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 18:38 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 18:38 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 18:38 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 18:38 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 18:38 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 18:38 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 18:38 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 18:38 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 18:38 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 18:38 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 18:38 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 18:38 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 18:38 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 18:38 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 18:38 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 18:38 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 18:38 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 18:38 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 18:38 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 18:38 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 18:38 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 18:38 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 18:38 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 18:38 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 18:38 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 18:38 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 18:38 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 18:38 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 18:38 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 18:38 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 18:38 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 18:37 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 18:37 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 18:37 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 18:37 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 18:37 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 18:37 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 18:37 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 18:37 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 18:37 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 18:37 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 18:37 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 18:37 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 18:37 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 18:37 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 18:37 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 18:37 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 18:37 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 18:37 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 18:37 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 18:37 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 18:37 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 18:37 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 18:37 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 18:37 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 18:37 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 18:37 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 18:37 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 18:37 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 18:37 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 18:37 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 18:37 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 18:37 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 18:37 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 18:37 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 18:37 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 18:37 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 18:37 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 18:37 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 18:37 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 18:37 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 18:37 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 18:37 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 12:30 - 2017-01-11 12:30 - 00000000 ____D C:\Program Files (x86)\Online Application
2017-01-11 12:26 - 2017-01-11 12:26 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-11 12:26 - 2017-01-11 12:26 - 00002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-11 12:21 - 2017-01-11 12:22 - 00000140 _____ C:\WINDOWS\Reimage.ini
2017-01-11 12:09 - 2017-01-11 12:09 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Local\SaFiSvc
2017-01-11 12:08 - 2017-01-11 12:08 - 00000954 _____ C:\Users\Jiři Zajíček\AppData\Roaming\coreavc.ini
2017-01-11 12:08 - 2017-01-11 12:08 - 00000000 ___HD C:\Users\Public\Device
2017-01-10 13:04 - 2017-01-10 13:04 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-01-10 12:50 - 2017-01-12 20:47 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-10 12:42 - 2017-01-10 12:42 - 00002368 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-10 12:42 - 2017-01-10 12:42 - 00002368 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-10 12:42 - 2017-01-10 12:42 - 00002338 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2017-01-10 12:42 - 2017-01-10 12:42 - 00002338 _____ C:\Users\Default User\Desktop\Google Chrome.lnk
2017-01-10 12:37 - 2017-01-11 12:07 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Local\UCBrowser
2017-01-10 12:37 - 2017-01-10 12:37 - 00000000 ____D C:\Users\Default\AppData\Local\MicrosoftEdge
2017-01-10 12:37 - 2017-01-10 12:37 - 00000000 ____D C:\Users\Default User\AppData\Local\MicrosoftEdge
2017-01-10 12:37 - 2017-01-10 12:37 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2017-01-10 12:37 - 2017-01-10 12:37 - 00000000 ____D C:\%LOCALAPPDATA%
2017-01-10 12:36 - 2017-01-12 20:47 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Local\app
2017-01-10 12:36 - 2017-01-11 12:32 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\Seznam.cz
2017-01-10 12:35 - 2017-01-12 19:32 - 00000000 ____D C:\Program Files (x86)\2d58a66e-95a0-4cf1-8ce3-49cd5f4506e21484048105
2017-01-10 12:35 - 2017-01-10 13:18 - 00000000 ____D C:\Program Files (x86)\baidu
2017-01-10 12:34 - 2017-01-12 21:10 - 00000000 ____D C:\Program Files (x86)\ContentPush
2017-01-10 12:33 - 2017-01-10 12:34 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\LocalLow\IObit
2017-01-10 12:33 - 2017-01-10 12:34 - 00000000 ____D C:\ProgramData\ProductData
2017-01-10 12:33 - 2017-01-10 12:33 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-01-10 12:33 - 2017-01-10 12:33 - 00003050 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Jiří Zajíček)
2017-01-10 12:33 - 2017-01-10 12:33 - 00000000 ____D C:\WINDOWS\IObit
2017-01-10 12:33 - 2017-01-10 12:33 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\IObit
2017-01-10 12:33 - 2017-01-10 12:33 - 00000000 ____D C:\ProgramData\IObit
2017-01-10 12:32 - 2017-01-12 20:58 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\Browsers
2017-01-10 12:32 - 2017-01-12 20:45 - 00000000 ___HD C:\ProgramData\836898v6a201h23
2017-01-10 12:32 - 2017-01-10 12:32 - 00016818 _____ C:\WINDOWS\System32\Tasks\836898v6a201h23
2017-01-10 12:32 - 2017-01-10 12:32 - 00001353 ___RS C:\Users\Public\Desktop\DАEМОN Тools Lite.lnk
2017-01-10 12:32 - 2017-01-10 12:32 - 00001279 ___RS C:\Users\Jiři Zajíček\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gоoglе Chrome.lnk
2017-01-10 12:32 - 2017-01-10 12:32 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\SPI
2017-01-10 12:31 - 2017-01-11 12:09 - 00000000 ____D C:\Program Files\SaFiPlayer
2017-01-10 12:30 - 2017-01-12 22:18 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\KuaiZip
2017-01-10 12:30 - 2017-01-11 12:33 - 00000000 ____D C:\ProgramData\Microleaves
2017-01-10 12:30 - 2017-01-11 11:57 - 00000000 ____D C:\Program Files\żěŃą
2017-01-10 12:30 - 2017-01-10 12:30 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
2017-01-10 12:30 - 2017-01-10 12:30 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\Softlink
2017-01-10 12:29 - 2017-01-10 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-01-10 12:28 - 2017-01-10 13:21 - 00000000 ____D C:\ProgramData\Logic Handler
2017-01-10 12:28 - 2017-01-10 13:21 - 00000000 ____D C:\ProgramData\Hotfresh
2017-01-10 12:28 - 2017-01-10 12:28 - 07316480 _____ C:\Users\Jiři Zajíček\AppData\Roaming\agent.dat
2017-01-10 12:28 - 2017-01-10 12:28 - 01908319 _____ C:\Users\Jiři Zajíček\AppData\Roaming\Cofzap.tst
2017-01-10 12:28 - 2017-01-10 12:28 - 00126464 _____ C:\Users\Jiři Zajíček\AppData\Roaming\noah.dat
2017-01-10 12:28 - 2017-01-10 12:28 - 00070704 _____ C:\Users\Jiři Zajíček\AppData\Roaming\Config.xml
2017-01-10 12:28 - 2017-01-10 12:28 - 00018432 _____ C:\Users\Jiři Zajíček\AppData\Roaming\Main.dat
2017-01-10 12:28 - 2017-01-10 12:28 - 00002398 _____ C:\WINDOWS\SysWOW64\findit.xml
2017-01-10 12:28 - 2017-01-10 12:28 - 00000000 ____D C:\ProgramData\Hotfreshs
2017-01-10 12:28 - 2017-01-10 12:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-01-10 12:27 - 2017-01-12 06:42 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\l40kw
2017-01-10 12:27 - 2017-01-12 04:06 - 00000390 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-01-10 12:27 - 2017-01-12 04:06 - 00000340 ____H C:\WINDOWS\Tasks\Traffic Exchange v2.job
2017-01-10 12:27 - 2017-01-12 04:06 - 00000340 ____H C:\WINDOWS\Tasks\Traffic Exchange v2 Guardian.job
2017-01-10 12:27 - 2017-01-12 04:06 - 00000340 ____H C:\WINDOWS\Tasks\Traffic Exchange v2 Guard.job
2017-01-10 12:27 - 2017-01-11 12:30 - 00003754 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
2017-01-10 12:27 - 2017-01-11 12:30 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
2017-01-10 12:27 - 2017-01-11 12:30 - 00003704 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
2017-01-10 12:27 - 2017-01-11 12:30 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
2017-01-10 12:27 - 2017-01-11 12:30 - 00003698 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
2017-01-10 12:27 - 2017-01-11 12:30 - 00003692 _____ C:\WINDOWS\System32\Tasks\Online Application Guardian
2017-01-10 12:27 - 2017-01-11 12:30 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
2017-01-10 12:27 - 2017-01-11 12:30 - 00003686 _____ C:\WINDOWS\System32\Tasks\Online Application v2
2017-01-10 12:27 - 2017-01-11 12:30 - 00003686 _____ C:\WINDOWS\System32\Tasks\Online Application Guard
2017-01-10 12:27 - 2017-01-11 12:30 - 00003674 _____ C:\WINDOWS\System32\Tasks\Online Application
2017-01-10 12:27 - 2017-01-11 12:30 - 00003278 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-01-10 12:27 - 2017-01-11 12:30 - 00003236 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 Guardian
2017-01-10 12:27 - 2017-01-11 12:30 - 00003230 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 Guard
2017-01-10 12:27 - 2017-01-11 12:30 - 00003218 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2
2017-01-10 12:27 - 2017-01-11 12:30 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-10 12:27 - 2017-01-11 12:30 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-10 12:27 - 2017-01-10 13:21 - 00000000 ____D C:\ProgramData\CloudPrinter
2017-01-10 12:27 - 2017-01-10 12:28 - 00005568 _____ C:\Users\Jiři Zajíček\AppData\Roaming\md.xml
2017-01-10 12:27 - 2017-01-10 12:28 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\Microleaves
2017-01-10 12:27 - 2017-01-10 12:27 - 02473006 _____ C:\WINDOWS\chromebrowser.exe
2017-01-10 12:27 - 2017-01-10 12:27 - 00140288 _____ C:\Users\Jiři Zajíček\AppData\Roaming\Installer.dat
2017-01-10 12:27 - 2017-01-10 12:27 - 00126464 _____ C:\Users\Jiři Zajíček\AppData\Roaming\lobby.dat
2017-01-10 12:27 - 2017-01-10 12:27 - 00072787 _____ C:\Users\Jiři Zajíček\AppData\Roaming\KinRonphase.tst
2017-01-10 12:27 - 2017-01-10 12:27 - 00054272 _____ C:\Users\Jiři Zajíček\AppData\Roaming\ApplicationHosting.dat
2017-01-10 12:27 - 2017-01-10 12:27 - 00016560 _____ C:\Users\Jiři Zajíček\AppData\Roaming\InstallationConfiguration.xml
2017-01-10 12:27 - 2017-01-10 12:27 - 00000001 _____ C:\Users\Jiři Zajíček\AppData\Roaming\xqNCoT
2017-01-10 12:27 - 2017-01-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-01-07 22:15 - 2017-01-07 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Walking Dead A New Frontier Episode 1
2017-01-04 10:18 - 2017-01-04 10:18 - 00000000 ____D C:\Users\Jiři Zajíček\Desktop\Práce
2017-01-02 13:45 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-01-02 13:45 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-12-25 17:28 - 2016-12-25 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-13 18:04 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 18:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-13 18:01 - 2015-10-16 20:47 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\vlc
2017-01-13 17:53 - 2016-09-27 02:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-12 22:44 - 2016-09-27 03:29 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-12 22:44 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-12 22:44 - 2016-04-23 20:16 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\DAEMON Tools Lite
2017-01-12 22:18 - 2016-06-24 11:50 - 00000000 ____D C:\WINDOWS\SysWOW64\_TSpm
2017-01-12 20:59 - 2015-11-06 18:52 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\Steam
2017-01-12 20:52 - 2016-09-27 02:54 - 00003550 _____ C:\WINDOWS\System32\Tasks\SteamClient
2017-01-12 20:46 - 2016-09-27 02:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-12 20:46 - 2015-10-16 07:52 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-12 20:45 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-12 20:39 - 2016-07-16 12:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-12 05:32 - 2016-02-13 14:12 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-12 04:06 - 2016-09-27 02:30 - 00231816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 04:06 - 2016-09-16 10:56 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-12 04:06 - 2016-09-16 10:46 - 00000000 ____D C:\Program Files\TrueKey
2017-01-12 04:05 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 04:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 04:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 04:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 04:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-12 04:02 - 2016-09-27 02:37 - 00000000 ____D C:\Users\Jiři Zajíček
2017-01-12 00:59 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-12 00:54 - 2015-10-18 03:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-12 00:52 - 2015-10-18 03:08 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 23:52 - 2016-09-16 10:57 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-01-11 23:48 - 2016-09-16 10:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-11 23:47 - 2016-09-27 02:54 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 14:08 - 2015-11-06 18:52 - 00000000 ____D C:\Users\Jiři Zajíček\Documents\Telltale Games
2017-01-11 14:08 - 2015-10-21 14:03 - 00000000 ____D C:\Users\Jiři Zajíček\Desktop\Hry
2017-01-11 12:26 - 2016-09-14 23:41 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-10 19:18 - 2015-10-15 13:15 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Local\Packages
2017-01-10 16:38 - 2015-10-15 13:15 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Local\VirtualStore
2017-01-10 13:35 - 2015-10-15 13:15 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Roaming\Adobe
2017-01-10 13:06 - 2016-09-14 23:04 - 00000000 ____D C:\ProgramData\Skype
2017-01-10 13:05 - 2016-05-13 22:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-10 12:58 - 2016-09-12 12:59 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Local\MicrosoftEdge
2017-01-10 12:37 - 2016-11-30 00:47 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-01-10 12:37 - 2016-11-30 00:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-01-10 12:32 - 2016-11-26 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-01-04 10:22 - 2016-09-26 16:54 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-12-25 18:08 - 2016-11-23 20:52 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Local\ElevatedDiagnostics
2016-12-25 17:28 - 2016-10-08 17:25 - 00002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-12-25 17:28 - 2016-10-08 17:25 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-25 17:28 - 2016-07-16 12:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2016-12-23 00:13 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 00:13 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-20 15:52 - 2016-11-23 21:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-12-20 15:52 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-20 02:09 - 2016-11-14 21:41 - 00000000 ____D C:\Users\Jiři Zajíček\AppData\Local\Diagnostics
2016-12-17 00:46 - 2016-09-27 02:54 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 00:46 - 2016-09-27 02:54 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 19:37 - 2016-09-27 02:36 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{4a3fb119-4ba3-11e6-80cd-b8ca3aed6f7f}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 19:36 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-15 17:06 - 2016-11-30 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2017-01-10 12:28 - 2017-01-10 12:28 - 7316480 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\agent.dat
2017-01-10 12:35 - 2017-01-10 12:35 - 0023622 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\aliexpress.ico
2017-01-10 12:27 - 2017-01-10 12:27 - 0054272 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\ApplicationHosting.dat
2017-01-10 12:35 - 2017-01-10 12:35 - 0099678 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\booking.ico
2017-01-10 12:28 - 2017-01-10 12:28 - 1908319 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\Cofzap.tst
2017-01-10 12:28 - 2017-01-10 12:28 - 0070704 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\Config.xml
2017-01-11 12:08 - 2017-01-11 12:08 - 0000954 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\coreavc.ini
2017-01-10 12:27 - 2017-01-10 12:27 - 0016560 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\InstallationConfiguration.xml
2017-01-10 12:27 - 2017-01-10 12:27 - 0140288 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\Installer.dat
2017-01-10 12:27 - 2017-01-10 12:27 - 0072787 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\KinRonphase.tst
2017-01-10 12:27 - 2017-01-10 12:27 - 0126464 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\lobby.dat
2017-01-10 12:28 - 2017-01-10 12:28 - 0018432 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\Main.dat
2017-01-10 12:27 - 2017-01-10 12:28 - 0005568 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\md.xml
2017-01-10 12:28 - 2017-01-10 12:28 - 0126464 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\noah.dat
2015-10-15 13:16 - 2016-09-14 20:00 - 0000165 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\sp_data.sys
2017-01-10 12:28 - 2017-01-10 12:28 - 0032038 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\uninstall_temp.ico
2017-01-10 12:27 - 2017-01-10 12:27 - 0000001 _____ () C:\Users\Jiři Zajíček\AppData\Roaming\xqNCoT
2016-09-27 02:32 - 2016-09-27 02:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 Guard.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 Guardian.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 10.0.386.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.386.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jiýi Zajˇźek\Desktop" je 709 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware a částečně nefunkční Chrome

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
C:\Program Files (x86)\UCBrowser
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction <======= ATTENTION
C:\Program Files\McAfee Security Scan
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=d ... 194A4KX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=14 ... A4K194A4KX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=d ... 194A4KX&q={searchTerms}
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... UN09kKj&q={searchTerms}
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ic.loadblanks.ru/c/02037a282dd7fbaf?
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=14 ... A4K194A4KX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... UN09kKj&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... UN09kKj&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... UN09kKj&q={searchTerms}
U0 aswVmm; no ImagePath
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Program Files (x86)\baidu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zajic22
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 led 2017 23:05

Re: Malware a částečně nefunkční Chrome

#7 Příspěvek od zajic22 »

Restartoval se počítač, ale všechny reklamy i chrome pořád zůstávají stejné.

Log zde:
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by Jiří Zajíček (14-01-2017 09:24:18) Run:1
Running from C:\Users\Jiři Zajíček\Desktop
Loaded Profiles: Jiří Zajíček (Available Profiles: Jiří Zajíček)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
C:\Program Files (x86)\UCBrowser
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction <======= ATTENTION
C:\Program Files\McAfee Security Scan
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=d ... 194A4KX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=14 ... A4K194A4KX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=d ... 194A4KX&q={searchTerms}
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... UN09kKj&q={searchTerms}
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ic.loadblanks.ru/c/02037a282dd7fbaf?
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=14 ... A4K194A4KX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... UN09kKj&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... UN09kKj&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2412516691-3949005397-3537030179-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... UN09kKj&q={searchTerms}
U0 aswVmm; no ImagePath
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Program Files (x86)\baidu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End
*****************

HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Windows\CurrentVersion\Run\\svchost0 => value removed successfully
"C:\Program Files (x86)\UCBrowser" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe => moved successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully

"C:\Program Files\McAfee Security Scan" folder move:

Could not move "C:\Program Files\McAfee Security Scan" => Scheduled to move on reboot.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-2412516691-3949005397-3537030179-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found.
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Program Files (x86)\baidu => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33821474 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 30864670 B
Edge => 1529985 B
Chrome => 178598992 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 8729 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Jiři Zajíček => 10871364 B

RecycleBin => 0 B
EmptyTemp: => 243.9 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-01-2017 09:26:18)

C:\Program Files\McAfee Security Scan => moved successfully

==== End of Fixlog 09:26:22 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware a částečně nefunkční Chrome

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zajic22
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 led 2017 23:05

Re: Malware a částečně nefunkční Chrome

#9 Příspěvek od zajic22 »

Nenastala žádná změna. Reklamy pořád vyskakují, chrome pořád částečně nefunkční.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware a částečně nefunkční Chrome

#10 Příspěvek od Rudy »

Zkusíme tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zajic22
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 led 2017 23:05

Re: Malware a částečně nefunkční Chrome

#11 Příspěvek od zajic22 »

Výsledky ze Zoek zde:
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Jiýˇ Zajˇźek on so 14. 01. 2017 at 11:42:07,26.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\JIIZAJ~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14. 1. 2017 11:44:21 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\McAfee deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\ActiveSync deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\calibre-cache deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\NetworkTiles deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\Skype deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ce45a33-7a0a-45f7-ac0c-107cd9dc191a} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2ce45a33-7a0a-45f7-ac0c-107cd9dc191a} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\recekeru deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~2\McAfee not found
C:\PROGRA~2\R.G. Mechanics not found
C:\PROGRA~3\Hotfreshs deleted
C:\PROGRA~3\Hotfresh deleted
C:\windows\SysNative\Tasks\836898v6a201h23 deleted
C:\windows\SysNative\Tasks\ChelfNotify Task deleted
C:\PROGRA~2\Online Application deleted
C:\PROGRA~3\ProductData deleted
C:\Users\Public\Documents\dmp deleted
C:\WINDOWS\Reimage.ini deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\WINDOWS\Syswow64\tem213C.tmp deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Chrome Media Router - JIIZAJ~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Google Drive App Launcher - JIIZAJ~1\AppData\Local\UCBrowser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
UC Nexus - JIIZAJ~1\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi
Chrome Adr - JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil
DozenSearch - JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Extensions\odhjlphbhamhgplegmaamhehbhdpealn

==== Chromium Fix ======================

C:\Users\JIIZAJ~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Local Storage\http_mystart4.dealwifi.com_0.localstorage deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Local Storage\http_mystart4.dealwifi.com_0.localstorage-journal deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Local Storage\http_www.dozensearch.com_0.localstorage deleted successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Local Storage\http_www.dozensearch.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WswnVChzaJ30m7u5GRdW6uWn19kIaLgN44XaQh7tudE2WYsaEru7R2fIbV1Ud7ZTJhlCoBpj-3NrjcaNcQVAwV4d8X22sVuQIAqR5nY2olpJWa_oSxaQ7Qh4O3o1Gzt9kubRfHaGwBrIc2FgkKl3b2NGUN09kKj&q={searchTerms}"
"SearchAssistant"="https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WswnVChzaJ30m7u5GRdW6uWn19kIaLgN44XaQh7tudE2WYsaEru7R2fIbV1Ud7ZTJhlCoBpj-3NrjcaNcQVAwV4d8X22sVuQIAqR5nY2olpJWa_oSxaQ7Qh4O3o1Gzt9kubRfHaGwBrIc2FgkKl3b2NGUN09kKj&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WswnVChzaJ30m7u5GRdW6uWn19kIaLgN44XaQh7tudE2WYsaEru7R2fIbV1Ud7ZTJhlCoBpj-3NrjcaNcQVAwV4d8X22sVuQIAqR5nY2olpJWa_oSxaQ7Qh4O3o1Gzt9kubRfHaGwBrIc2FgkKl3b2NGUN09kKj&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WswnVChzaJ30m7u5GRdW6uWn19kIaLgN44XaQh7tudE2WYsaEru7R2fIbV1Ud7ZTJhlCoBpj-3NrjcaNcQVAwV4d8X22sVuQIAqR5nY2olpJWa_oSxaQ7Qh4O3o1Gzt9kubRfHaGwBrIc2FgkKl3b2NGUN09kKj&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WswnVChzaJ30m7u5GRdW6uWn19kIaLgN44XaQh7tudE2WYsaEru7R2fIbV1Ud7ZTJhlCoBpj-3NrjcaNcQVAwV4d8X22sVuQIAqR5nY2olpJWa_oSxaQ7Qh4O3o1Gzt9kubRfHaGwBrIc2FgkKl3b2NGUN09kKj&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WswnVChzaJ30m7u5GRdW6uWn19kIaLgN44XaQh7tudE2WYsaEru7R2fIbV1Ud7ZTJhlCoBpj-3NrjcaNcQVAwV4d8X22sVuQIAqR5nY2olpJWa_oSxaQ7Qh4O3o1Gzt9kubRfHaGwBrIc2FgkKl3b2NGUN09kKj&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\JIIZAJ~1\AppData\Local\Cupblue\User Data\Default\Preferences was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\Cupblue\User Data\Default\Secure Preferences was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\UCBrowser\User Data\Default\Preferences was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\UCBrowser\User Data\Default\Secure Preferences was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Preferences was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Secure Preferences was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\UCBrowser\User Data\Default\Web Data.65 was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\UCBrowser\User Data\Default\Web Data.65-journal was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Web Data was reset successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\JIIZAJ~1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\JIIZAJ~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\JIIZAJ~1\AppData\Local\Cupblue\User Data\Default\Cache emptied successfully
C:\Users\JIIZAJ~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\JIIZAJ~1\AppData\Local\UCBrowser\User Data\Default\Cache emptied successfully
C:\Users\JIIZAJ~1\AppData\Local\vreXjvX\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=47 folders=9 12275737 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\JIIZAJ~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 14. 01. 2017 at 12:03:42,41 ======================
Nahoru
zajic22
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 led 2017 23:05

Re: Malware a částečně nefunkční Chrome

#12 Příspěvek od zajic22 »

Junkware pošlu v zápětí.
Nahoru
zajic22
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 led 2017 23:05

Re: Malware a částečně nefunkční Chrome

#13 Příspěvek od zajic22 »

Junkware zde:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Jiýˇ Zajˇźek (Administrator) on so 14. 01. 2017 at 12:11:18,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 30

Failed to delete: C:\WINDOWS\Tasks\Traffic Exchange Updater.job (Task)
Failed to delete: C:\WINDOWS\Tasks\Traffic Exchange v2 Guard.job (Task)
Failed to delete: C:\WINDOWS\Tasks\Traffic Exchange v2 Guardian.job (Task)
Failed to delete: C:\WINDOWS\Tasks\Traffic Exchange v2.job (Task)
Successfully deleted: C:\ProgramData\cloudprinter (Folder)
Successfully deleted: C:\ProgramData\microleaves (Folder)
Successfully deleted: C:\Users\Jiýi Zajˇźek\AppData\Local\cupblue (Folder)
Successfully deleted: C:\Users\Jiýi Zajˇźek\AppData\Local\vrexjvx (Folder)
Successfully deleted: C:\Users\Jiýi Zajˇźek\AppData\Roaming\browsers (Folder)
Successfully deleted: C:\Users\Jiýi Zajˇźek\AppData\Roaming\microleaves (Folder)
Successfully deleted: C:\Users\Jiýi Zajˇźek\AppData\Roaming\spi (Folder)
Successfully deleted: C:\WINDOWS\chromebrowser.exe (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Jiýˇ Zajˇźek) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application Guard (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application Guardian (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application Updater (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 Guard (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 Guardian (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application v2 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Online Application (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange Guard (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange Guardian (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange Updater (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 Guard (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 Guardian (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange v2 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Traffic Exchange (Task)
Successfully deleted: C:\WINDOWS\SysWOW64\findit.xml (File)
Successfully deleted: C:\Program Files (x86)\contentpush (Folder)
Successfully deleted: C:\Program Files (x86)\microleaves (Folder)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_C1B61A44099873C2F857C0CB81E73618 (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 14. 01. 2017 at 12:13:34,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware a částečně nefunkční Chrome

#14 Příspěvek od Rudy »

Něco bylo smazáno. Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
zajic22
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 led 2017 23:05

Re: Malware a částečně nefunkční Chrome

#15 Příspěvek od zajic22 »

Ááááááááno, vše funguje jak má. Mockrát Vám děkuji!!!!!!!!!!!
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“