Dobrý den, potřeboval bych pomoct s odstraněním virů z notebooku, předem děkuji z pomoc.
Tady nálezy z WiperSoft: https://ctrlv.cz/DTYC
ComboFix:
ComboFix 17-02-24.01 - Lukáš 02.03.2017 15:29:27.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3992.2313 [GMT 1:00]
Spuštěný z: c:\users\LukßÜ\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\pthreadVC.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-02-02 do 2017-03-02 )))))))))))))))))))))))))))))))
.
.
2017-03-02 14:38 . 2017-03-02 14:38 118 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-02 14:36 . 2017-03-02 14:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-02 14:23 . 2017-03-02 14:23 -------- d-----w- c:\program files\CCleaner
2017-03-02 12:18 . 2017-03-02 12:18 23032 ----a-w- c:\windows\system32\wiperrm.exe
2017-03-02 12:18 . 2017-03-02 12:18 -------- d-----w- c:\users\Lukáš\AppData\Roaming\WiperSoft
2017-03-02 12:18 . 2017-03-02 12:18 -------- d-----w- c:\program files\WiperSoft
2017-03-02 12:07 . 2017-03-02 12:07 398408 ----a-w- c:\windows\system32\aswBoot.exe
2017-02-17 07:43 . 2017-02-17 07:43 -------- d-----w- c:\windows\system32\log
2017-02-17 07:39 . 2017-03-02 14:16 -------- d-----w- c:\program files (x86)\reports
2017-02-17 07:38 . 2017-02-17 07:38 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Mozilla
2017-02-17 07:38 . 2017-02-17 07:38 -------- d-----w- c:\users\Lukáš\AppData\Local\Firefox
2017-02-13 15:13 . 2017-02-13 15:13 459264 ----a-w- c:\program files (x86)\Common Files\Services\iThemes.dll
2017-02-09 08:13 . 2017-02-09 08:13 -------- d-----w- c:\users\Lukáš\AppData\Local\CrashRpt
2017-02-09 06:13 . 2017-02-09 06:13 -------- d-----w- C:\$AV_ASW
2017-02-08 10:57 . 2017-03-02 12:06 48528 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-02-08 10:57 . 2017-03-02 12:06 334600 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-02-08 10:57 . 2017-03-02 12:06 309272 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-02-08 10:57 . 2017-03-02 12:06 189768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-02-06 14:12 . 2017-02-06 14:18 -------- d-----w- c:\windows\system32\appmgmt
2017-02-02 22:59 . 2017-02-02 22:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2017-02-01 17:38 . 2017-02-14 08:05 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Cache
2017-02-01 17:38 . 2017-02-01 17:38 -------- d-----w- c:\users\Lukáš\AppData\Roaming\log
2017-02-01 17:14 . 2017-02-01 17:14 -------- d--h--w- c:\users\UDPdp
2017-02-01 17:13 . 2017-02-01 17:13 -------- d-----w- c:\programdata\Avira
2017-02-01 17:13 . 2017-02-01 17:13 -------- d-----w- c:\programdata\Avg
2017-02-01 17:13 . 2017-02-01 17:13 -------- d-----w- c:\users\LUK~3
2017-02-01 17:13 . 2017-02-01 17:13 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Profiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-02 12:07 . 2015-10-31 17:32 162528 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-03-02 12:07 . 2015-10-31 17:32 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-03-02 12:07 . 2015-10-31 17:32 547904 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-03-02 12:07 . 2015-10-31 17:32 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-03-02 12:07 . 2015-10-31 17:32 337592 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-03-02 12:07 . 2015-10-31 17:32 126600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-03-02 12:07 . 2015-10-31 17:32 100640 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-03-02 12:07 . 2016-06-14 16:36 32088 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-03-02 12:07 . 2015-10-31 17:32 993608 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-02-26 14:00 . 2015-11-02 01:37 138020592 -c--a-w- c:\windows\system32\MRT.exe
2017-01-05 18:55 . 2017-01-11 07:58 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-01-05 18:55 . 2017-01-11 07:58 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-01-05 18:52 . 2017-01-11 07:58 210432 ----a-w- c:\windows\system32\wdigest.dll
2017-01-05 18:52 . 2017-01-11 07:58 86528 ----a-w- c:\windows\system32\TSpkg.dll
2017-01-05 18:52 . 2017-01-11 07:58 28672 ----a-w- c:\windows\system32\sspisrv.dll
2017-01-05 18:52 . 2017-01-11 07:58 135680 ----a-w- c:\windows\system32\sspicli.dll
2017-01-05 18:52 . 2017-01-11 07:58 345600 ----a-w- c:\windows\system32\schannel.dll
2017-01-05 18:52 . 2017-01-11 07:58 28160 ----a-w- c:\windows\system32\secur32.dll
2017-01-05 18:52 . 2017-01-11 07:58 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 18:52 . 2017-01-11 07:58 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2017-01-05 18:52 . 2017-01-11 07:58 312320 ----a-w- c:\windows\system32\ncrypt.dll
2017-01-05 18:52 . 2017-01-11 07:58 316928 ----a-w- c:\windows\system32\msv1_0.dll
2017-01-05 18:52 . 2017-01-11 07:58 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-01-05 18:52 . 2017-01-11 07:58 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-01-05 18:52 . 2017-01-11 07:58 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2017-01-05 18:52 . 2017-01-11 07:58 730624 ----a-w- c:\windows\system32\kerberos.dll
2017-01-05 18:52 . 2017-01-11 07:58 43520 ----a-w- c:\windows\system32\cryptbase.dll
2017-01-05 18:52 . 2017-01-11 07:58 22016 ----a-w- c:\windows\system32\credssp.dll
2017-01-05 18:52 . 2017-01-11 07:58 463872 ----a-w- c:\windows\system32\certcli.dll
2017-01-05 18:52 . 2017-01-11 07:58 123904 ----a-w- c:\windows\system32\bcrypt.dll
2017-01-05 18:52 . 2017-01-11 07:58 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-01-05 17:43 . 2017-01-11 07:58 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2017-01-05 17:43 . 2017-01-11 07:58 82944 ----a-w- c:\windows\SysWow64\bcrypt.dll
2017-01-05 17:43 . 2017-01-11 07:58 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2017-01-05 17:43 . 2017-01-11 07:58 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2017-01-05 17:43 . 2017-01-11 07:58 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2017-01-05 17:43 . 2017-01-11 07:58 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-11 07:58 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2017-01-05 17:43 . 2017-01-11 07:58 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-01-05 17:43 . 2017-01-11 07:58 261120 ----a-w- c:\windows\SysWow64\msv1_0.dll
2017-01-05 17:43 . 2017-01-11 07:58 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2017-01-05 17:43 . 2017-01-11 07:58 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2017-01-05 17:43 . 2017-01-11 07:58 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2017-01-05 17:43 . 2017-01-11 07:58 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2017-01-05 17:43 . 2017-01-11 07:58 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2017-01-05 17:43 . 2017-01-11 07:58 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2017-01-05 17:42 . 2017-01-11 07:58 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2017-01-05 17:32 . 2017-01-11 07:58 64000 ----a-w- c:\windows\system32\auditpol.exe
2017-01-05 17:25 . 2017-01-11 07:58 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-01-05 17:24 . 2017-01-11 07:58 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-01-05 17:24 . 2017-01-11 07:58 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-01-05 17:24 . 2017-01-11 07:58 30720 ----a-w- c:\windows\system32\lsass.exe
2017-01-05 17:23 . 2017-01-11 07:58 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2017-01-05 17:19 . 2017-01-11 07:58 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2015-02-27 5583120]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2017-02-08 27427808]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-02-08 9363672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-03-02 205512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2016-12-17 1160408]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-10-01 56080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
avast! Cleanup.lnk - c:\program files\AVAST Software\Cleanup\CleanupUI.exe /nogui [2017-2-8 1608120]
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2015-12-4 163840]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2015-12-4 675840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
R1 p1486192861am;p1486192861am;c:\users\LUK~1\AppData\Local\Temp\bk7A62.tmp\p1486192861am.sys;c:\users\LUK~1\AppData\Local\Temp\bk7A62.tmp\p1486192861am.sys [x]
R1 p1486192907am;p1486192907am;c:\users\LUK~1\AppData\Local\Temp\bk2B78.tmp\p1486192907am.sys;c:\users\LUK~1\AppData\Local\Temp\bk2B78.tmp\p1486192907am.sys [x]
R1 p1486192993am;p1486192993am;c:\users\LUK~1\AppData\Local\Temp\bk7CF1.tmp\p1486192993am.sys;c:\users\LUK~1\AppData\Local\Temp\bk7CF1.tmp\p1486192993am.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CxAudMsg;CxAudMsg; [x]
R2 ed2kidle;ed2k idle service;c:\program files (x86)\amuleCe\ed2k.exe;c:\program files (x86)\amuleCe\ed2k.exe [x]
R2 FirefoxU;Update Service(FirefoxU);c:\program files (x86)\Firefox\bin\FirefoxUpdate.exe;c:\program files (x86)\Firefox\bin\FirefoxUpdate.exe [x]
R2 GubZL;GubZL;c:\windows\SysWOW64\svchost.exe;c:\windows\SysWOW64\svchost.exe [x]
R2 Kyubey;Kyubey;c:\users\Lukáš\AppData\Roaming\Kyubey\Kyubey.exe;c:\users\Lukáš\AppData\Roaming\Kyubey\Kyubey.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WinSAPSvc;WinSAPSvc;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 WinSnare;WinSnare;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 AVerIT13x;AVerMedia A835B USB DVB-T;c:\windows\system32\Drivers\AVerIT13x_x64.sys;c:\windows\SYSNATIVE\Drivers\AVerIT13x_x64.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Apple_Cfg;Apple Config Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 AVerUpdateServer;AVerUpdateServer;c:\program files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe;c:\program files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [x]
S2 CleanupSvc;Avast Cleanup;c:\program files\AVAST Software\Cleanup\CleanupSvc.exe;c:\program files\AVAST Software\Cleanup\CleanupSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 iThemes5;iThemes5;rundll32 c:\program files (x86)\Common Files\Services\iThemes.dll,fnde_svr;rundll32 c:\program files (x86)\Common Files\Services\iThemes.dll,fnde_svr [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
Nipuytersary REG_MULTI_SZ Nipuytersary
GubedZLGroupEx REG_MULTI_SZ GubedZL
ArcherGroupEx REG_MULTI_SZ Archer
GubZLGroEx REG_MULTI_SZ GubZL
apple_config REG_MULTI_SZ Apple_Cfg
WinSAPSvc REG_MULTI_SZ WinSAPSvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-02 12:07 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-02 12:07 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtsFT"="RTFTrack.exe" [2014-10-22 4060376]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2014-04-10 1830616]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2014-11-20 919768]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2015-11-01 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2015-11-01 6200368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-16 170256]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 462712]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2017-02-01 500208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
mDefault_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
mStart Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
mSearch Page = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
ShellExecuteHooks-{75D826D8-DE46-11E6-A83F-64006A5CFC23} - c:\users\Lukáš\AppData\Roaming\Arekotugoght\Atuzercult.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iThemes5]
"ImagePath"="rundll32 \"c:\program files (x86)\Common Files\Services\iThemes.dll\",fnde_svr"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files\AVAST Software\Cleanup\CleanupUI.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
.
**************************************************************************
.
Celkový čas: 2017-03-02 15:45:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-03-02 14:45
.
Před spuštěním: Volných bajtů: 422 440 325 120
Po spuštění: Volných bajtů: 422 180 892 672
.
- - End Of File - - 04EFB331EF5BA023B5279D2AAE87CFA3
A36C5E4F47E84449FF07ED3517B43A31
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Odstranění virů
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119671
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Odstranění virů
Zdravím!
Proč spuštíte ComboFix, utilitu určenou pouze profesinálům? Toužíte po poškozeném systému?
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Proč spuštíte ComboFix, utilitu určenou pouze profesinálům? Toužíte po poškozeném systému?
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Odstranění virů
Přikládám log FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Lukáš (administrator) on LUKĂĹ -PC (03-03-2017 08:44:28)
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš (Available Profiles: Lukáš)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software) C:\Program Files\AVAST Software\Cleanup\CleanupSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(WiperSoft) C:\Program Files\WiperSoft\WiperSoft.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(forum.viry.cz) C:\Users\Lukáš\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [4060376 2014-10-22] (Realtek semiconductor)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2015-11-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2015-11-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2017-02-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Providers\mwyhtxtg: C:\Program Files (x86)\Clerfghtsterfiry Monitor\local64spl.dll
ShellExecuteHooks: No Name - {75D826D8-DE46-11E6-A83F-64006A5CFC23} - C:\Users\Lukáš\AppData\Roaming\Arekotugoght\Atuzercult.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! Cleanup.lnk [2017-02-08]
ShortcutTarget: avast! Cleanup.lnk -> C:\Program Files\AVAST Software\Cleanup\CleanupUI.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2015-12-04]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2015-12-04]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7FD8F8C8-D55C-4944-964A-A88405C35632}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-02-08]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.seznam.cz/
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.seznam.cz/"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> seznam.cz
CHR DefaultSuggestURL: ChromeDefaultData -> hxxp://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-03] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Vyhledávánà Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-02]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111104 2017-02-17] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-02] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-10-27] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-02] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 CleanupSvc; C:\Program Files\AVAST Software\Cleanup\CleanupSvc.exe [2331208 2016-07-29] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S2 GubZL; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [459264 2017-02-13] () [File not signed] <==== ATTENTION
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-09-15] ()
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-10-27] (Atheros) [File not signed]
S2 CxAudMsg; no ImagePath
S2 ed2kidle; "C:\Program Files (x86)\amuleCe\ed2k.exe" -downloadwhenidle [X]
S2 FirefoxU; "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe" [X]
S2 Kyubey; C:\Users\Lukáš\AppData\Roaming\Kyubey\Kyubey.exe -s [X]
S2 WinSAPSvc; C:\Users\Lukáš\AppData\Roaming\WinSAPSvc\WinSAP.dll [X]
S2 WinSnare; C:\Users\Lukáš\AppData\Roaming\WinSnare\WinSnare.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-03-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-02] (AVAST Software)
S3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-27] (Qualcomm Atheros)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-10-31] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [2584280 2014-10-22] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S1 p1486192861am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7A62.tmp\p1486192861am.sys [X] <==== ATTENTION
S1 p1486192907am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk2B78.tmp\p1486192907am.sys [X] <==== ATTENTION
S1 p1486192993am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7CF1.tmp\p1486192993am.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 08:44 - 2017-03-03 08:45 - 00021505 _____ C:\Users\Lukáš\Desktop\FRST.txt
2017-03-03 08:43 - 2017-03-03 08:44 - 00000000 ____D C:\FRST
2017-03-03 08:42 - 2017-03-03 08:42 - 00112640 _____ (forum.viry.cz) C:\Users\Lukáš\Desktop\FRSTLauncher.exe
2017-03-03 08:41 - 2017-03-03 08:41 - 02423808 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2017-03-02 15:45 - 2017-03-02 15:45 - 00023664 _____ C:\Users\Lukáš\Desktop\ComboFix 1.txt
2017-03-02 15:45 - 2017-03-02 15:45 - 00016712 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2017-03-02 15:40 - 2017-03-02 15:40 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-02 15:38 - 2017-03-02 15:38 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-02 15:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-03-02 15:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-03-02 15:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-03-02 15:26 - 2017-03-02 15:45 - 00000000 ____D C:\Qoobox
2017-03-02 15:25 - 2017-03-02 15:42 - 00000000 ____D C:\Windows\erdnt
2017-03-02 15:23 - 2017-03-02 15:23 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-02 15:23 - 2017-03-02 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-02 15:23 - 2017-03-02 15:23 - 00000000 ____D C:\Program Files\CCleaner
2017-03-02 15:19 - 2017-03-02 15:19 - 05660168 ____R (Swearware) C:\Users\Lukáš\Desktop\ComboFix.exe
2017-03-02 15:03 - 2017-03-02 15:03 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-02 13:18 - 2017-03-02 13:18 - 00023032 _____ (Wiper Software) C:\Windows\system32\wiperrm.exe
2017-03-02 13:18 - 2017-03-02 13:18 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\WiperSoft
2017-03-02 13:18 - 2017-03-02 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiperSoft
2017-03-02 13:18 - 2017-03-02 13:18 - 00000000 ____D C:\Program Files\WiperSoft
2017-03-02 13:07 - 2017-03-02 13:07 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-28 15:32 - 2017-02-28 15:32 - 02120704 _____ C:\Users\Lukáš\Desktop\RPD.ppt
2017-02-26 14:02 - 2017-02-26 15:33 - 1632229376 _____ C:\Users\Lukáš\Desktop\Hacker.avi
2017-02-25 19:47 - 2017-02-25 20:35 - 851453952 _____ C:\Users\Lukáš\Desktop\Kód Enigmy.avi
2017-02-25 17:40 - 2017-02-25 18:57 - 1328996352 _____ C:\Users\Lukáš\Desktop\Matky na tahu.avi
2017-02-20 17:44 - 2017-02-20 18:13 - 00000000 ____D C:\Users\Lukáš\Desktop\Rust
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Windows\system32\log
2017-02-17 08:39 - 2017-03-03 08:38 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-02-17 08:39 - 2017-03-02 15:16 - 00057444 _____ C:\Program Files (x86)\metadata
2017-02-17 08:39 - 2017-03-02 15:16 - 00000000 ____D C:\Program Files (x86)\reports
2017-02-17 08:38 - 2017-03-02 15:38 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-02-17 08:38 - 2017-02-17 08:40 - 00000000 ____D C:\Users\Lukáš\AppData\LocalLow\Mozilla
2017-02-17 08:38 - 2017-02-17 08:38 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Mozilla
2017-02-17 08:38 - 2017-02-17 08:38 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Firefox
2017-02-17 08:37 - 2017-03-02 14:06 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-02-16 20:11 - 2017-02-16 20:11 - 00002948 _____ C:\Windows\System32\Tasks\{A2F8C555-A29C-45A2-9B1E-BC01362439F2}
2017-02-16 20:06 - 2017-02-16 20:06 - 00002948 _____ C:\Windows\System32\Tasks\{4F408ABF-63AF-4706-8A7F-1111ABDAA3C8}
2017-02-16 16:42 - 2017-02-16 16:42 - 00002948 _____ C:\Windows\System32\Tasks\{A90A248C-5D65-4DE9-ACBE-7B580221FC39}
2017-02-16 16:29 - 2017-02-16 16:29 - 00003200 _____ C:\Windows\System32\Tasks\{2C734814-0A86-44E1-BD23-540506060631}
2017-02-09 11:42 - 2017-02-09 11:42 - 00003138 _____ C:\Windows\System32\Tasks\{22B08A4D-BEDB-4000-AA7D-2C6F79399ED4}
2017-02-09 09:13 - 2017-02-09 09:13 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CrashRpt
2017-02-09 07:13 - 2017-02-09 07:13 - 00000000 ____D C:\$AV_ASW
2017-02-08 12:15 - 2017-02-08 12:15 - 00003924 _____ C:\Windows\System32\Tasks\avast! Cleanup Update
2017-02-08 12:00 - 2017-03-02 13:09 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1466054041
2017-02-08 11:57 - 2017-03-02 13:07 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-08 11:57 - 2017-03-02 13:06 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-06 15:12 - 2017-02-06 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-04 11:15 - 2017-02-04 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-04 08:25 - 2017-03-02 12:48 - 00003590 _____ C:\Windows\System32\Tasks\Milimili
2017-02-01 18:38 - 2017-02-14 09:05 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Cache
2017-02-01 18:38 - 2017-02-01 18:38 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\log
2017-02-01 18:14 - 2017-03-02 15:45 - 00000000 ___HD C:\Users\UDPdp
2017-02-01 18:13 - 2017-02-01 18:13 - 00006008 _____ C:\Windows\System32\Tasks\Clerfghtsterfiry Monitor
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\Users\Luk£レ\AppData\Local\Gruvph
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\Users\Luk£レ
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\ProgramData\Avira
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\ProgramData\Avg
2017-02-01 17:42 - 2017-02-01 17:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-02-01 17:42 - 2017-02-01 17:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 08:39 - 2011-04-12 09:34 - 00672084 _____ C:\Windows\system32\perfh005.dat
2017-03-03 08:39 - 2011-04-12 09:34 - 00142648 _____ C:\Windows\system32\perfc005.dat
2017-03-03 08:39 - 2009-07-14 06:13 - 01591974 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-03 08:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-03 04:32 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-03 04:32 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 22:13 - 2015-11-18 13:16 - 00000000 ____D C:\Users\Lukáš\AppData\Local\ElevatedDiagnostics
2017-03-02 15:39 - 2015-11-04 17:19 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Skype
2017-03-02 15:38 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-03-02 15:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-02 15:21 - 2015-10-31 18:39 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\DAEMON Tools Lite
2017-03-02 15:21 - 2015-10-31 18:16 - 00000000 ____D C:\Windows\Panther
2017-03-02 15:03 - 2015-10-31 18:32 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-02 13:55 - 2015-11-01 08:14 - 00000000 __SHD C:\Users\Lukáš\IntelGraphicsProfiles
2017-03-02 13:07 - 2016-06-14 17:36 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-02 12:48 - 2015-11-01 10:06 - 00000000 ____D C:\Users\Lukáš\Desktop\VĹ
2017-03-01 20:09 - 2015-11-01 10:06 - 00000731 _____ C:\Users\Lukáš\Desktop\Poznámky.txt
2017-02-27 15:23 - 2015-11-01 10:09 - 00000000 ____D C:\Users\Lukáš\Desktop\Hudba
2017-02-27 08:57 - 2009-07-14 06:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-26 15:03 - 2015-11-02 02:37 - 00000000 ____D C:\Windows\system32\MRT
2017-02-26 15:00 - 2015-11-02 02:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 22:13 - 2015-11-04 17:18 - 00000000 ____D C:\ProgramData\Skype
2017-02-20 18:13 - 2015-10-31 18:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-17 10:17 - 2016-06-28 08:37 - 00000000 ____D C:\Counter-Strike 1.6
2017-02-16 20:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-16 17:46 - 2015-11-01 00:32 - 00000000 ____D C:\Users\Lukáš\Documents\Bluetooth Folder
2017-02-16 17:15 - 2015-10-31 18:52 - 01567624 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-16 17:09 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-15 11:56 - 2015-10-31 18:28 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-14 13:28 - 2016-10-11 19:11 - 00000000 ____D C:\Users\Lukáš\Desktop\Masáže
2017-02-09 12:23 - 2017-01-24 10:57 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Rusted.cz
2017-02-08 14:41 - 2015-10-31 18:24 - 00000000 ____D C:\Users\Lukáš
2017-02-08 12:15 - 2015-10-31 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-02-08 11:55 - 2015-10-31 18:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-02 23:59 - 2015-11-04 17:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 18:47 - 2015-11-29 15:28 - 00000000 ____D C:\Windows\Minidump
2017-02-01 18:47 - 2015-11-01 18:46 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CrashDumps
2017-02-01 18:38 - 2015-10-31 18:29 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-01 18:21 - 2015-11-05 17:28 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Adobe
2017-02-01 18:13 - 2017-01-13 10:47 - 00000000 ____D C:\Autodesk
2017-02-01 18:13 - 2015-11-13 17:42 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2017-02-01 18:13 - 2015-11-01 08:22 - 00000000 ____D C:\Program Files (x86)\AMD
2017-02-01 18:13 - 2015-11-01 08:18 - 00000000 ____D C:\AMD
2017-02-01 18:13 - 2015-10-31 18:37 - 00000000 ____D C:\Program Files (x86)\Webteh
2017-02-01 18:13 - 2009-07-14 04:20 - 00000000 ____D C:\PerfLogs
2017-02-01 17:42 - 2015-10-31 18:36 - 00000000 ____D C:\ProgramData\Adobe
2017-02-01 17:41 - 2015-11-05 17:28 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Adobe
2017-02-01 17:09 - 2015-10-31 18:32 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-01 17:09 - 2015-10-31 18:32 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2017-02-17 08:39 - 2017-03-02 15:16 - 0057444 _____ () C:\Program Files (x86)\metadata
2017-02-17 08:39 - 2017-03-03 08:38 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2017-01-19 09:47 - 2017-01-19 09:47 - 0000000 ___SH () C:\Users\Lukáš\AppData\Local\LumaEmu
2015-10-31 18:43 - 2015-10-31 18:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-22 00:19
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:465.76 GB) (Free:391.78 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Available physical RAM: 1746.8 MB
Total physical RAM: 3992.36 MB
Percentage of memory in use: 56%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 531C5CC6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Luk ç\Desktop" je 11940 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Lukáš (administrator) on LUKĂĹ -PC (03-03-2017 08:44:28)
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš (Available Profiles: Lukáš)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software) C:\Program Files\AVAST Software\Cleanup\CleanupSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(WiperSoft) C:\Program Files\WiperSoft\WiperSoft.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(forum.viry.cz) C:\Users\Lukáš\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [4060376 2014-10-22] (Realtek semiconductor)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2015-11-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2015-11-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2017-02-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Providers\mwyhtxtg: C:\Program Files (x86)\Clerfghtsterfiry Monitor\local64spl.dll
ShellExecuteHooks: No Name - {75D826D8-DE46-11E6-A83F-64006A5CFC23} - C:\Users\Lukáš\AppData\Roaming\Arekotugoght\Atuzercult.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! Cleanup.lnk [2017-02-08]
ShortcutTarget: avast! Cleanup.lnk -> C:\Program Files\AVAST Software\Cleanup\CleanupUI.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2015-12-04]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2015-12-04]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7FD8F8C8-D55C-4944-964A-A88405C35632}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... XXW372T312
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
SearchScopes: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=148 ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-02-08]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.seznam.cz/
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.seznam.cz/"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> seznam.cz
CHR DefaultSuggestURL: ChromeDefaultData -> hxxp://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-03] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Vyhledávánà Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-02]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111104 2017-02-17] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-02] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-10-27] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-02] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 CleanupSvc; C:\Program Files\AVAST Software\Cleanup\CleanupSvc.exe [2331208 2016-07-29] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S2 GubZL; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [459264 2017-02-13] () [File not signed] <==== ATTENTION
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-09-15] ()
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-10-27] (Atheros) [File not signed]
S2 CxAudMsg; no ImagePath
S2 ed2kidle; "C:\Program Files (x86)\amuleCe\ed2k.exe" -downloadwhenidle [X]
S2 FirefoxU; "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe" [X]
S2 Kyubey; C:\Users\Lukáš\AppData\Roaming\Kyubey\Kyubey.exe -s [X]
S2 WinSAPSvc; C:\Users\Lukáš\AppData\Roaming\WinSAPSvc\WinSAP.dll [X]
S2 WinSnare; C:\Users\Lukáš\AppData\Roaming\WinSnare\WinSnare.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-03-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-02] (AVAST Software)
S3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-27] (Qualcomm Atheros)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-10-31] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [2584280 2014-10-22] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S1 p1486192861am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7A62.tmp\p1486192861am.sys [X] <==== ATTENTION
S1 p1486192907am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk2B78.tmp\p1486192907am.sys [X] <==== ATTENTION
S1 p1486192993am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7CF1.tmp\p1486192993am.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 08:44 - 2017-03-03 08:45 - 00021505 _____ C:\Users\Lukáš\Desktop\FRST.txt
2017-03-03 08:43 - 2017-03-03 08:44 - 00000000 ____D C:\FRST
2017-03-03 08:42 - 2017-03-03 08:42 - 00112640 _____ (forum.viry.cz) C:\Users\Lukáš\Desktop\FRSTLauncher.exe
2017-03-03 08:41 - 2017-03-03 08:41 - 02423808 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2017-03-02 15:45 - 2017-03-02 15:45 - 00023664 _____ C:\Users\Lukáš\Desktop\ComboFix 1.txt
2017-03-02 15:45 - 2017-03-02 15:45 - 00016712 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2017-03-02 15:40 - 2017-03-02 15:40 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-02 15:38 - 2017-03-02 15:38 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-02 15:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-03-02 15:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-03-02 15:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-03-02 15:26 - 2017-03-02 15:45 - 00000000 ____D C:\Qoobox
2017-03-02 15:25 - 2017-03-02 15:42 - 00000000 ____D C:\Windows\erdnt
2017-03-02 15:23 - 2017-03-02 15:23 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-02 15:23 - 2017-03-02 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-02 15:23 - 2017-03-02 15:23 - 00000000 ____D C:\Program Files\CCleaner
2017-03-02 15:19 - 2017-03-02 15:19 - 05660168 ____R (Swearware) C:\Users\Lukáš\Desktop\ComboFix.exe
2017-03-02 15:03 - 2017-03-02 15:03 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-02 13:18 - 2017-03-02 13:18 - 00023032 _____ (Wiper Software) C:\Windows\system32\wiperrm.exe
2017-03-02 13:18 - 2017-03-02 13:18 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\WiperSoft
2017-03-02 13:18 - 2017-03-02 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiperSoft
2017-03-02 13:18 - 2017-03-02 13:18 - 00000000 ____D C:\Program Files\WiperSoft
2017-03-02 13:07 - 2017-03-02 13:07 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-28 15:32 - 2017-02-28 15:32 - 02120704 _____ C:\Users\Lukáš\Desktop\RPD.ppt
2017-02-26 14:02 - 2017-02-26 15:33 - 1632229376 _____ C:\Users\Lukáš\Desktop\Hacker.avi
2017-02-25 19:47 - 2017-02-25 20:35 - 851453952 _____ C:\Users\Lukáš\Desktop\Kód Enigmy.avi
2017-02-25 17:40 - 2017-02-25 18:57 - 1328996352 _____ C:\Users\Lukáš\Desktop\Matky na tahu.avi
2017-02-20 17:44 - 2017-02-20 18:13 - 00000000 ____D C:\Users\Lukáš\Desktop\Rust
2017-02-17 08:43 - 2017-02-17 08:43 - 00000000 ____D C:\Windows\system32\log
2017-02-17 08:39 - 2017-03-03 08:38 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-02-17 08:39 - 2017-03-02 15:16 - 00057444 _____ C:\Program Files (x86)\metadata
2017-02-17 08:39 - 2017-03-02 15:16 - 00000000 ____D C:\Program Files (x86)\reports
2017-02-17 08:38 - 2017-03-02 15:38 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-02-17 08:38 - 2017-02-17 08:40 - 00000000 ____D C:\Users\Lukáš\AppData\LocalLow\Mozilla
2017-02-17 08:38 - 2017-02-17 08:38 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Mozilla
2017-02-17 08:38 - 2017-02-17 08:38 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Firefox
2017-02-17 08:37 - 2017-03-02 14:06 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-02-16 20:11 - 2017-02-16 20:11 - 00002948 _____ C:\Windows\System32\Tasks\{A2F8C555-A29C-45A2-9B1E-BC01362439F2}
2017-02-16 20:06 - 2017-02-16 20:06 - 00002948 _____ C:\Windows\System32\Tasks\{4F408ABF-63AF-4706-8A7F-1111ABDAA3C8}
2017-02-16 16:42 - 2017-02-16 16:42 - 00002948 _____ C:\Windows\System32\Tasks\{A90A248C-5D65-4DE9-ACBE-7B580221FC39}
2017-02-16 16:29 - 2017-02-16 16:29 - 00003200 _____ C:\Windows\System32\Tasks\{2C734814-0A86-44E1-BD23-540506060631}
2017-02-09 11:42 - 2017-02-09 11:42 - 00003138 _____ C:\Windows\System32\Tasks\{22B08A4D-BEDB-4000-AA7D-2C6F79399ED4}
2017-02-09 09:13 - 2017-02-09 09:13 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CrashRpt
2017-02-09 07:13 - 2017-02-09 07:13 - 00000000 ____D C:\$AV_ASW
2017-02-08 12:15 - 2017-02-08 12:15 - 00003924 _____ C:\Windows\System32\Tasks\avast! Cleanup Update
2017-02-08 12:00 - 2017-03-02 13:09 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1466054041
2017-02-08 11:57 - 2017-03-02 13:07 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-08 11:57 - 2017-03-02 13:06 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-06 15:12 - 2017-02-06 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-04 11:15 - 2017-02-04 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-04 08:25 - 2017-03-02 12:48 - 00003590 _____ C:\Windows\System32\Tasks\Milimili
2017-02-01 18:38 - 2017-02-14 09:05 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Cache
2017-02-01 18:38 - 2017-02-01 18:38 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\log
2017-02-01 18:14 - 2017-03-02 15:45 - 00000000 ___HD C:\Users\UDPdp
2017-02-01 18:13 - 2017-02-01 18:13 - 00006008 _____ C:\Windows\System32\Tasks\Clerfghtsterfiry Monitor
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\Users\Luk£レ\AppData\Local\Gruvph
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\Users\Luk£レ
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\ProgramData\Avira
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\ProgramData\Avg
2017-02-01 17:42 - 2017-02-01 17:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-02-01 17:42 - 2017-02-01 17:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 08:39 - 2011-04-12 09:34 - 00672084 _____ C:\Windows\system32\perfh005.dat
2017-03-03 08:39 - 2011-04-12 09:34 - 00142648 _____ C:\Windows\system32\perfc005.dat
2017-03-03 08:39 - 2009-07-14 06:13 - 01591974 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-03 08:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-03 04:32 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-03 04:32 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 22:13 - 2015-11-18 13:16 - 00000000 ____D C:\Users\Lukáš\AppData\Local\ElevatedDiagnostics
2017-03-02 15:39 - 2015-11-04 17:19 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Skype
2017-03-02 15:38 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-03-02 15:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-02 15:21 - 2015-10-31 18:39 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\DAEMON Tools Lite
2017-03-02 15:21 - 2015-10-31 18:16 - 00000000 ____D C:\Windows\Panther
2017-03-02 15:03 - 2015-10-31 18:32 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-02 13:55 - 2015-11-01 08:14 - 00000000 __SHD C:\Users\Lukáš\IntelGraphicsProfiles
2017-03-02 13:07 - 2016-06-14 17:36 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-02 12:48 - 2015-11-01 10:06 - 00000000 ____D C:\Users\Lukáš\Desktop\VĹ
2017-03-01 20:09 - 2015-11-01 10:06 - 00000731 _____ C:\Users\Lukáš\Desktop\Poznámky.txt
2017-02-27 15:23 - 2015-11-01 10:09 - 00000000 ____D C:\Users\Lukáš\Desktop\Hudba
2017-02-27 08:57 - 2009-07-14 06:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-26 15:03 - 2015-11-02 02:37 - 00000000 ____D C:\Windows\system32\MRT
2017-02-26 15:00 - 2015-11-02 02:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 22:13 - 2015-11-04 17:18 - 00000000 ____D C:\ProgramData\Skype
2017-02-20 18:13 - 2015-10-31 18:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-17 10:17 - 2016-06-28 08:37 - 00000000 ____D C:\Counter-Strike 1.6
2017-02-16 20:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-16 17:46 - 2015-11-01 00:32 - 00000000 ____D C:\Users\Lukáš\Documents\Bluetooth Folder
2017-02-16 17:15 - 2015-10-31 18:52 - 01567624 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-16 17:09 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-15 11:56 - 2015-10-31 18:28 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-14 13:28 - 2016-10-11 19:11 - 00000000 ____D C:\Users\Lukáš\Desktop\Masáže
2017-02-09 12:23 - 2017-01-24 10:57 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Rusted.cz
2017-02-08 14:41 - 2015-10-31 18:24 - 00000000 ____D C:\Users\Lukáš
2017-02-08 12:15 - 2015-10-31 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-02-08 11:55 - 2015-10-31 18:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-02 23:59 - 2015-11-04 17:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 18:47 - 2015-11-29 15:28 - 00000000 ____D C:\Windows\Minidump
2017-02-01 18:47 - 2015-11-01 18:46 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CrashDumps
2017-02-01 18:38 - 2015-10-31 18:29 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-01 18:21 - 2015-11-05 17:28 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Adobe
2017-02-01 18:13 - 2017-01-13 10:47 - 00000000 ____D C:\Autodesk
2017-02-01 18:13 - 2015-11-13 17:42 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2017-02-01 18:13 - 2015-11-01 08:22 - 00000000 ____D C:\Program Files (x86)\AMD
2017-02-01 18:13 - 2015-11-01 08:18 - 00000000 ____D C:\AMD
2017-02-01 18:13 - 2015-10-31 18:37 - 00000000 ____D C:\Program Files (x86)\Webteh
2017-02-01 18:13 - 2009-07-14 04:20 - 00000000 ____D C:\PerfLogs
2017-02-01 17:42 - 2015-10-31 18:36 - 00000000 ____D C:\ProgramData\Adobe
2017-02-01 17:41 - 2015-11-05 17:28 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Adobe
2017-02-01 17:09 - 2015-10-31 18:32 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-01 17:09 - 2015-10-31 18:32 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2017-02-17 08:39 - 2017-03-02 15:16 - 0057444 _____ () C:\Program Files (x86)\metadata
2017-02-17 08:39 - 2017-03-03 08:38 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2017-01-19 09:47 - 2017-01-19 09:47 - 0000000 ___SH () C:\Users\Lukáš\AppData\Local\LumaEmu
2015-10-31 18:43 - 2015-10-31 18:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-22 00:19
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:465.76 GB) (Free:391.78 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Available physical RAM: 1746.8 MB
Total physical RAM: 3992.36 MB
Percentage of memory in use: 56%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 531C5CC6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Luk ç\Desktop" je 11940 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119671
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Odstranění virů
Teď spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Odstranění virů
Přikládám log:
# AdwCleaner v6.044 - Log vytvořen 03/03/2017 v 20:28:38
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-02.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Lukáš - LUKÁŠ-PC
# Spuštěno z : C:\Users\Lukáš\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: Apple_Cfg
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Lukáš\AppData\Roaming\WiperSoft
[-] Složka smazána: C:\Program Files\WiperSoft
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiperSoft
[-] Složka smazána: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\users\UDPdp
[-] Složka smazána: C:\Program Files (x86)\reports
***** [ Soubory ] *****
[-] Soubor smazán: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán: C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL
[-] Soubor smazán: C:\Program Files (x86)\settings.dat
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
[-] Soubor smazán: C:\ProgramData\APPLE\APPLE APPLICATION SUPPORT\SUPPORT.DLL
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Milimili
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Standucksc
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Standucksc
[-] Klíč smazán: HKU\.DEFAULT\Software\jhdbca
[-] Klíč smazán: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\WiperSoft
[-] Klíč smazán: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Standuck
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\jhdbca
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\WiperSoft
[#] Klíč smazán po restartu: HKCU\Software\Standuck
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\trotuxSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: HKLM\SOFTWARE\WinArcher
[-] Klíč smazán: HKLM\SOFTWARE\amisitesSoftware
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\Standuck
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\WiperSoft
[#] Klíč smazán po restartu: [x64] HKCU\Software\Standuck
[-] Klíč smazán: [x64] HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data obnovena: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Hodnota smazána: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]
***** [ Prohlížeče ] *****
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Smazáno: hxxp://www.startpageing123.com/searchfavicon.ico
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5860 Bajty] - [03/03/2017 20:28:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [6873 Bajty] - [03/03/2017 20:26:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [6782 Bajty] - [03/03/2017 20:28:05]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6079 Bajty] ##########
# AdwCleaner v6.044 - Log vytvořen 03/03/2017 v 20:28:38
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-02.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Lukáš - LUKÁŠ-PC
# Spuštěno z : C:\Users\Lukáš\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: Apple_Cfg
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Lukáš\AppData\Roaming\WiperSoft
[-] Složka smazána: C:\Program Files\WiperSoft
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiperSoft
[-] Složka smazána: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\users\UDPdp
[-] Složka smazána: C:\Program Files (x86)\reports
***** [ Soubory ] *****
[-] Soubor smazán: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán: C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL
[-] Soubor smazán: C:\Program Files (x86)\settings.dat
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
[-] Soubor smazán: C:\ProgramData\APPLE\APPLE APPLICATION SUPPORT\SUPPORT.DLL
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: Milimili
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Standucksc
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Standucksc
[-] Klíč smazán: HKU\.DEFAULT\Software\jhdbca
[-] Klíč smazán: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\WiperSoft
[-] Klíč smazán: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Standuck
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\jhdbca
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\WiperSoft
[#] Klíč smazán po restartu: HKCU\Software\Standuck
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\trotuxSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: HKLM\SOFTWARE\WinArcher
[-] Klíč smazán: HKLM\SOFTWARE\amisitesSoftware
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\Standuck
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\WiperSoft
[#] Klíč smazán po restartu: [x64] HKCU\Software\Standuck
[-] Klíč smazán: [x64] HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data obnovena: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Hodnota smazána: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]
***** [ Prohlížeče ] *****
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Smazáno: hxxp://www.startpageing123.com/searchfavicon.ico
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [5860 Bajty] - [03/03/2017 20:28:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [6873 Bajty] - [03/03/2017 20:26:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [6782 Bajty] - [03/03/2017 20:28:05]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6079 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119671
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Odstranění virů
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Odstranění virů
Nový log FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Lukáš (administrator) on LUKĂĹ -PC (03-03-2017 22:34:08)
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš (Available Profiles: Lukáš)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(AVAST Software) C:\Program Files\AVAST Software\Cleanup\CleanupSvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Lukáš\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [4060376 2014-10-22] (Realtek semiconductor)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2015-11-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2015-11-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2017-02-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Providers\mwyhtxtg: C:\Program Files (x86)\Clerfghtsterfiry Monitor\local64spl.dll
ShellExecuteHooks: No Name - {75D826D8-DE46-11E6-A83F-64006A5CFC23} - C:\Users\Lukáš\AppData\Roaming\Arekotugoght\Atuzercult.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! Cleanup.lnk [2017-02-08]
ShortcutTarget: avast! Cleanup.lnk -> C:\Program Files\AVAST Software\Cleanup\CleanupUI.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2015-12-04]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2015-12-04]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7FD8F8C8-D55C-4944-964A-A88405C35632}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-02-08]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.seznam.cz/
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.seznam.cz/"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> seznam.cz
CHR DefaultSuggestURL: ChromeDefaultData -> hxxp://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-03] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Vyhledávánà Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-02]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-02] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-10-27] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-02] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 CleanupSvc; C:\Program Files\AVAST Software\Cleanup\CleanupSvc.exe [2331208 2016-07-29] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-09-15] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-10-27] (Atheros) [File not signed]
S2 CxAudMsg; no ImagePath
S2 Kyubey; C:\Users\Lukáš\AppData\Roaming\Kyubey\Kyubey.exe -s [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-03-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-02] (AVAST Software)
S3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-27] (Qualcomm Atheros)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-10-31] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [2584280 2014-10-22] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S1 p1486192861am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7A62.tmp\p1486192861am.sys [X] <==== ATTENTION
S1 p1486192907am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk2B78.tmp\p1486192907am.sys [X] <==== ATTENTION
S1 p1486192993am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7CF1.tmp\p1486192993am.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 22:34 - 2017-03-03 22:34 - 00017947 _____ C:\Users\Lukáš\Desktop\FRST.txt
2017-03-03 20:32 - 2017-03-03 22:30 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-03 20:32 - 2017-03-03 20:32 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-03 20:24 - 2017-03-03 20:28 - 00000000 ____D C:\AdwCleaner
2017-03-03 20:23 - 2017-03-03 20:23 - 04031440 _____ C:\Users\Lukáš\Desktop\adwcleaner_6.044.exe
2017-03-03 08:43 - 2017-03-03 22:34 - 00000000 ____D C:\FRST
2017-03-03 08:42 - 2017-03-03 08:42 - 00112640 _____ (forum.viry.cz) C:\Users\Lukáš\Desktop\FRSTLauncher.exe
2017-03-03 08:41 - 2017-03-03 08:41 - 02423808 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2017-03-02 15:45 - 2017-03-02 15:45 - 00023664 _____ C:\Users\Lukáš\Desktop\ComboFix 1.txt
2017-03-02 15:45 - 2017-03-02 15:45 - 00016712 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2017-03-02 15:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-03-02 15:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-03-02 15:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-03-02 15:26 - 2017-03-02 15:45 - 00000000 ____D C:\Qoobox
2017-03-02 15:25 - 2017-03-02 15:42 - 00000000 ____D C:\Windows\erdnt
2017-03-02 15:23 - 2017-03-02 15:23 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-02 15:23 - 2017-03-02 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-02 15:23 - 2017-03-02 15:23 - 00000000 ____D C:\Program Files\CCleaner
2017-03-02 15:19 - 2017-03-02 15:19 - 05660168 ____R (Swearware) C:\Users\Lukáš\Desktop\ComboFix.exe
2017-03-02 15:03 - 2017-03-02 15:03 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-02 13:18 - 2017-03-02 13:18 - 00023032 _____ (Wiper Software) C:\Windows\system32\wiperrm.exe
2017-03-02 13:07 - 2017-03-02 13:07 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-20 17:44 - 2017-02-20 18:13 - 00000000 ____D C:\Users\Lukáš\Desktop\Rust
2017-02-17 08:43 - 2017-03-03 20:28 - 00000000 ____D C:\Windows\system32\log
2017-02-17 08:39 - 2017-03-02 15:16 - 00057444 _____ C:\Program Files (x86)\metadata
2017-02-17 08:38 - 2017-02-17 08:40 - 00000000 ____D C:\Users\Lukáš\AppData\LocalLow\Mozilla
2017-02-17 08:38 - 2017-02-17 08:38 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Mozilla
2017-02-17 08:38 - 2017-02-17 08:38 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Firefox
2017-02-16 20:11 - 2017-02-16 20:11 - 00002948 _____ C:\Windows\System32\Tasks\{A2F8C555-A29C-45A2-9B1E-BC01362439F2}
2017-02-16 20:06 - 2017-02-16 20:06 - 00002948 _____ C:\Windows\System32\Tasks\{4F408ABF-63AF-4706-8A7F-1111ABDAA3C8}
2017-02-16 16:42 - 2017-02-16 16:42 - 00002948 _____ C:\Windows\System32\Tasks\{A90A248C-5D65-4DE9-ACBE-7B580221FC39}
2017-02-16 16:29 - 2017-02-16 16:29 - 00003200 _____ C:\Windows\System32\Tasks\{2C734814-0A86-44E1-BD23-540506060631}
2017-02-09 11:42 - 2017-02-09 11:42 - 00003138 _____ C:\Windows\System32\Tasks\{22B08A4D-BEDB-4000-AA7D-2C6F79399ED4}
2017-02-09 09:13 - 2017-02-09 09:13 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CrashRpt
2017-02-09 07:13 - 2017-02-09 07:13 - 00000000 ____D C:\$AV_ASW
2017-02-08 12:15 - 2017-02-08 12:15 - 00003924 _____ C:\Windows\System32\Tasks\avast! Cleanup Update
2017-02-08 12:00 - 2017-03-02 13:09 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1466054041
2017-02-08 11:57 - 2017-03-02 13:07 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-08 11:57 - 2017-03-02 13:06 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-06 15:12 - 2017-02-06 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-04 11:15 - 2017-02-04 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-01 18:38 - 2017-02-14 09:05 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Cache
2017-02-01 18:38 - 2017-02-01 18:38 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\log
2017-02-01 18:13 - 2017-02-01 18:13 - 00006008 _____ C:\Windows\System32\Tasks\Clerfghtsterfiry Monitor
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\Users\Luk£レ\AppData\Local\Gruvph
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\Users\Luk£レ
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\ProgramData\Avira
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\ProgramData\Avg
2017-02-01 17:42 - 2017-02-01 17:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-02-01 17:42 - 2017-02-01 17:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 20:49 - 2011-04-12 09:34 - 00672084 _____ C:\Windows\system32\perfh005.dat
2017-03-03 20:49 - 2011-04-12 09:34 - 00142648 _____ C:\Windows\system32\perfc005.dat
2017-03-03 20:49 - 2009-07-14 06:13 - 01591974 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-03 20:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-03 20:43 - 2015-11-01 10:06 - 00000692 _____ C:\Users\Lukáš\Desktop\Poznámky.txt
2017-03-03 20:41 - 2015-11-04 17:19 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Skype
2017-03-03 20:38 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-03 20:38 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-03 20:31 - 2015-11-01 08:14 - 00000000 __SHD C:\Users\Lukáš\IntelGraphicsProfiles
2017-03-03 20:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-03 20:26 - 2015-11-01 18:46 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CrashDumps
2017-03-03 19:05 - 2015-11-01 10:06 - 00000000 ____D C:\Users\Lukáš\Desktop\VĹ
2017-03-02 22:13 - 2015-11-18 13:16 - 00000000 ____D C:\Users\Lukáš\AppData\Local\ElevatedDiagnostics
2017-03-02 15:38 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-03-02 15:21 - 2015-10-31 18:39 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\DAEMON Tools Lite
2017-03-02 15:21 - 2015-10-31 18:16 - 00000000 ____D C:\Windows\Panther
2017-03-02 15:03 - 2015-10-31 18:32 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-02 13:07 - 2016-06-14 17:36 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-27 15:23 - 2015-11-01 10:09 - 00000000 ____D C:\Users\Lukáš\Desktop\Hudba
2017-02-27 08:57 - 2009-07-14 06:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-26 15:03 - 2015-11-02 02:37 - 00000000 ____D C:\Windows\system32\MRT
2017-02-26 15:00 - 2015-11-02 02:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 22:13 - 2015-11-04 17:18 - 00000000 ____D C:\ProgramData\Skype
2017-02-20 18:13 - 2015-10-31 18:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-17 10:17 - 2016-06-28 08:37 - 00000000 ____D C:\Counter-Strike 1.6
2017-02-16 20:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-16 17:46 - 2015-11-01 00:32 - 00000000 ____D C:\Users\Lukáš\Documents\Bluetooth Folder
2017-02-16 17:15 - 2015-10-31 18:52 - 01567624 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-16 17:09 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-15 11:56 - 2015-10-31 18:28 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-14 13:28 - 2016-10-11 19:11 - 00000000 ____D C:\Users\Lukáš\Desktop\Masáže
2017-02-09 12:23 - 2017-01-24 10:57 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Rusted.cz
2017-02-08 14:41 - 2015-10-31 18:24 - 00000000 ____D C:\Users\Lukáš
2017-02-08 12:15 - 2015-10-31 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-02-08 11:55 - 2015-10-31 18:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-02 23:59 - 2015-11-04 17:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 18:47 - 2015-11-29 15:28 - 00000000 ____D C:\Windows\Minidump
2017-02-01 18:38 - 2015-10-31 18:29 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-01 18:21 - 2015-11-05 17:28 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Adobe
2017-02-01 18:13 - 2017-01-13 10:47 - 00000000 ____D C:\Autodesk
2017-02-01 18:13 - 2015-11-13 17:42 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2017-02-01 18:13 - 2015-11-01 08:22 - 00000000 ____D C:\Program Files (x86)\AMD
2017-02-01 18:13 - 2015-11-01 08:18 - 00000000 ____D C:\AMD
2017-02-01 18:13 - 2015-10-31 18:37 - 00000000 ____D C:\Program Files (x86)\Webteh
2017-02-01 18:13 - 2009-07-14 04:20 - 00000000 ____D C:\PerfLogs
2017-02-01 17:42 - 2015-10-31 18:36 - 00000000 ____D C:\ProgramData\Adobe
2017-02-01 17:41 - 2015-11-05 17:28 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Adobe
2017-02-01 17:09 - 2015-10-31 18:32 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-01 17:09 - 2015-10-31 18:32 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2017-02-17 08:39 - 2017-03-02 15:16 - 0057444 _____ () C:\Program Files (x86)\metadata
2017-03-03 20:32 - 2017-03-03 22:30 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2017-01-19 09:47 - 2017-01-19 09:47 - 0000000 ___SH () C:\Users\Lukáš\AppData\Local\LumaEmu
2015-10-31 18:43 - 2015-10-31 18:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-22 00:19
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:465.76 GB) (Free:395.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Available physical RAM: 2382.98 MB
Total physical RAM: 3992.36 MB
Percentage of memory in use: 40%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 531C5CC6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Luk ç\Desktop" je 8308 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Lukáš (administrator) on LUKĂĹ -PC (03-03-2017 22:34:08)
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš (Available Profiles: Lukáš)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(AVAST Software) C:\Program Files\AVAST Software\Cleanup\CleanupSvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Lukáš\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [4060376 2014-10-22] (Realtek semiconductor)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2015-11-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2015-11-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2017-02-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-02-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Providers\mwyhtxtg: C:\Program Files (x86)\Clerfghtsterfiry Monitor\local64spl.dll
ShellExecuteHooks: No Name - {75D826D8-DE46-11E6-A83F-64006A5CFC23} - C:\Users\Lukáš\AppData\Roaming\Arekotugoght\Atuzercult.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-02] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! Cleanup.lnk [2017-02-08]
ShortcutTarget: avast! Cleanup.lnk -> C:\Program Files\AVAST Software\Cleanup\CleanupUI.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2015-12-04]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2015-12-04]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7FD8F8C8-D55C-4944-964A-A88405C35632}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-03-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-02-08]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxps://www.seznam.cz/
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.seznam.cz/"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> seznam.cz
CHR DefaultSuggestURL: ChromeDefaultData -> hxxp://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-03] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Vyhledávánà Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-02]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-02] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-10-27] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-02] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 CleanupSvc; C:\Program Files\AVAST Software\Cleanup\CleanupSvc.exe [2331208 2016-07-29] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-09-15] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-10-27] (Atheros) [File not signed]
S2 CxAudMsg; no ImagePath
S2 Kyubey; C:\Users\Lukáš\AppData\Roaming\Kyubey\Kyubey.exe -s [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-03-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-03-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-03-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-03-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-03-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-03-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-03-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-03-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-03-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-03-02] (AVAST Software)
S3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (AVerMedia TECHNOLOGIES, Inc.)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-10-27] (Qualcomm Atheros)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-10-31] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [2584280 2014-10-22] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S1 p1486192861am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7A62.tmp\p1486192861am.sys [X] <==== ATTENTION
S1 p1486192907am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk2B78.tmp\p1486192907am.sys [X] <==== ATTENTION
S1 p1486192993am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7CF1.tmp\p1486192993am.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 22:34 - 2017-03-03 22:34 - 00017947 _____ C:\Users\Lukáš\Desktop\FRST.txt
2017-03-03 20:32 - 2017-03-03 22:30 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-03 20:32 - 2017-03-03 20:32 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-03 20:24 - 2017-03-03 20:28 - 00000000 ____D C:\AdwCleaner
2017-03-03 20:23 - 2017-03-03 20:23 - 04031440 _____ C:\Users\Lukáš\Desktop\adwcleaner_6.044.exe
2017-03-03 08:43 - 2017-03-03 22:34 - 00000000 ____D C:\FRST
2017-03-03 08:42 - 2017-03-03 08:42 - 00112640 _____ (forum.viry.cz) C:\Users\Lukáš\Desktop\FRSTLauncher.exe
2017-03-03 08:41 - 2017-03-03 08:41 - 02423808 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2017-03-02 15:45 - 2017-03-02 15:45 - 00023664 _____ C:\Users\Lukáš\Desktop\ComboFix 1.txt
2017-03-02 15:45 - 2017-03-02 15:45 - 00016712 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP113.SYS
2017-03-02 15:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-03-02 15:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-03-02 15:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-03-02 15:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2017-03-02 15:26 - 2017-03-02 15:45 - 00000000 ____D C:\Qoobox
2017-03-02 15:25 - 2017-03-02 15:42 - 00000000 ____D C:\Windows\erdnt
2017-03-02 15:23 - 2017-03-02 15:23 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-03-02 15:23 - 2017-03-02 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-02 15:23 - 2017-03-02 15:23 - 00000000 ____D C:\Program Files\CCleaner
2017-03-02 15:19 - 2017-03-02 15:19 - 05660168 ____R (Swearware) C:\Users\Lukáš\Desktop\ComboFix.exe
2017-03-02 15:03 - 2017-03-02 15:03 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-02 13:18 - 2017-03-02 13:18 - 00023032 _____ (Wiper Software) C:\Windows\system32\wiperrm.exe
2017-03-02 13:07 - 2017-03-02 13:07 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-20 17:44 - 2017-02-20 18:13 - 00000000 ____D C:\Users\Lukáš\Desktop\Rust
2017-02-17 08:43 - 2017-03-03 20:28 - 00000000 ____D C:\Windows\system32\log
2017-02-17 08:39 - 2017-03-02 15:16 - 00057444 _____ C:\Program Files (x86)\metadata
2017-02-17 08:38 - 2017-02-17 08:40 - 00000000 ____D C:\Users\Lukáš\AppData\LocalLow\Mozilla
2017-02-17 08:38 - 2017-02-17 08:38 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Mozilla
2017-02-17 08:38 - 2017-02-17 08:38 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Firefox
2017-02-16 20:11 - 2017-02-16 20:11 - 00002948 _____ C:\Windows\System32\Tasks\{A2F8C555-A29C-45A2-9B1E-BC01362439F2}
2017-02-16 20:06 - 2017-02-16 20:06 - 00002948 _____ C:\Windows\System32\Tasks\{4F408ABF-63AF-4706-8A7F-1111ABDAA3C8}
2017-02-16 16:42 - 2017-02-16 16:42 - 00002948 _____ C:\Windows\System32\Tasks\{A90A248C-5D65-4DE9-ACBE-7B580221FC39}
2017-02-16 16:29 - 2017-02-16 16:29 - 00003200 _____ C:\Windows\System32\Tasks\{2C734814-0A86-44E1-BD23-540506060631}
2017-02-09 11:42 - 2017-02-09 11:42 - 00003138 _____ C:\Windows\System32\Tasks\{22B08A4D-BEDB-4000-AA7D-2C6F79399ED4}
2017-02-09 09:13 - 2017-02-09 09:13 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CrashRpt
2017-02-09 07:13 - 2017-02-09 07:13 - 00000000 ____D C:\$AV_ASW
2017-02-08 12:15 - 2017-02-08 12:15 - 00003924 _____ C:\Windows\System32\Tasks\avast! Cleanup Update
2017-02-08 12:00 - 2017-03-02 13:09 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1466054041
2017-02-08 11:57 - 2017-03-02 13:07 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-08 11:57 - 2017-03-02 13:06 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-08 11:57 - 2017-03-02 13:06 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-06 15:12 - 2017-02-06 15:18 - 00000000 ____D C:\Windows\system32\appmgmt
2017-02-04 11:15 - 2017-02-04 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-01 18:38 - 2017-02-14 09:05 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Cache
2017-02-01 18:38 - 2017-02-01 18:38 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\log
2017-02-01 18:13 - 2017-02-01 18:13 - 00006008 _____ C:\Windows\System32\Tasks\Clerfghtsterfiry Monitor
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\Users\Luk£レ\AppData\Local\Gruvph
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\Users\Luk£レ
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\ProgramData\Avira
2017-02-01 18:13 - 2017-02-01 18:13 - 00000000 ____D C:\ProgramData\Avg
2017-02-01 17:42 - 2017-02-01 17:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-02-01 17:42 - 2017-02-01 17:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-03 20:49 - 2011-04-12 09:34 - 00672084 _____ C:\Windows\system32\perfh005.dat
2017-03-03 20:49 - 2011-04-12 09:34 - 00142648 _____ C:\Windows\system32\perfc005.dat
2017-03-03 20:49 - 2009-07-14 06:13 - 01591974 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-03 20:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-03 20:43 - 2015-11-01 10:06 - 00000692 _____ C:\Users\Lukáš\Desktop\Poznámky.txt
2017-03-03 20:41 - 2015-11-04 17:19 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Skype
2017-03-03 20:38 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-03 20:38 - 2009-07-14 05:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-03 20:31 - 2015-11-01 08:14 - 00000000 __SHD C:\Users\Lukáš\IntelGraphicsProfiles
2017-03-03 20:30 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-03 20:26 - 2015-11-01 18:46 - 00000000 ____D C:\Users\Lukáš\AppData\Local\CrashDumps
2017-03-03 19:05 - 2015-11-01 10:06 - 00000000 ____D C:\Users\Lukáš\Desktop\VĹ
2017-03-02 22:13 - 2015-11-18 13:16 - 00000000 ____D C:\Users\Lukáš\AppData\Local\ElevatedDiagnostics
2017-03-02 15:38 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2017-03-02 15:21 - 2015-10-31 18:39 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\DAEMON Tools Lite
2017-03-02 15:21 - 2015-10-31 18:16 - 00000000 ____D C:\Windows\Panther
2017-03-02 15:03 - 2015-10-31 18:32 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-02 13:07 - 2016-06-14 17:36 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-02 13:07 - 2015-10-31 18:32 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-27 15:23 - 2015-11-01 10:09 - 00000000 ____D C:\Users\Lukáš\Desktop\Hudba
2017-02-27 08:57 - 2009-07-14 06:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-26 15:03 - 2015-11-02 02:37 - 00000000 ____D C:\Windows\system32\MRT
2017-02-26 15:00 - 2015-11-02 02:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 22:13 - 2015-11-04 17:18 - 00000000 ____D C:\ProgramData\Skype
2017-02-20 18:13 - 2015-10-31 18:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-17 10:17 - 2016-06-28 08:37 - 00000000 ____D C:\Counter-Strike 1.6
2017-02-16 20:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-16 17:46 - 2015-11-01 00:32 - 00000000 ____D C:\Users\Lukáš\Documents\Bluetooth Folder
2017-02-16 17:15 - 2015-10-31 18:52 - 01567624 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-16 17:09 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-15 11:56 - 2015-10-31 18:28 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-14 13:28 - 2016-10-11 19:11 - 00000000 ____D C:\Users\Lukáš\Desktop\Masáže
2017-02-09 12:23 - 2017-01-24 10:57 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Rusted.cz
2017-02-08 14:41 - 2015-10-31 18:24 - 00000000 ____D C:\Users\Lukáš
2017-02-08 12:15 - 2015-10-31 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-02-08 11:55 - 2015-10-31 18:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-02 23:59 - 2015-11-04 17:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-01 18:47 - 2015-11-29 15:28 - 00000000 ____D C:\Windows\Minidump
2017-02-01 18:38 - 2015-10-31 18:29 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-01 18:21 - 2015-11-05 17:28 - 00000000 ____D C:\Users\Lukáš\AppData\Local\Adobe
2017-02-01 18:13 - 2017-01-13 10:47 - 00000000 ____D C:\Autodesk
2017-02-01 18:13 - 2015-11-13 17:42 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2017-02-01 18:13 - 2015-11-01 08:22 - 00000000 ____D C:\Program Files (x86)\AMD
2017-02-01 18:13 - 2015-11-01 08:18 - 00000000 ____D C:\AMD
2017-02-01 18:13 - 2015-10-31 18:37 - 00000000 ____D C:\Program Files (x86)\Webteh
2017-02-01 18:13 - 2009-07-14 04:20 - 00000000 ____D C:\PerfLogs
2017-02-01 17:42 - 2015-10-31 18:36 - 00000000 ____D C:\ProgramData\Adobe
2017-02-01 17:41 - 2015-11-05 17:28 - 00000000 ____D C:\Users\Lukáš\AppData\Roaming\Adobe
2017-02-01 17:09 - 2015-10-31 18:32 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-01 17:09 - 2015-10-31 18:32 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2017-02-17 08:39 - 2017-03-02 15:16 - 0057444 _____ () C:\Program Files (x86)\metadata
2017-03-03 20:32 - 2017-03-03 22:30 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2017-01-19 09:47 - 2017-01-19 09:47 - 0000000 ___SH () C:\Users\Lukáš\AppData\Local\LumaEmu
2015-10-31 18:43 - 2015-10-31 18:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-22 00:19
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:465.76 GB) (Free:395.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Available physical RAM: 2382.98 MB
Total physical RAM: 3992.36 MB
Percentage of memory in use: 40%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 531C5CC6)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Luk ç\Desktop" je 8308 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119671
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Odstranění virů
Otevřte poznámkový blok a zkopírujte do něj:
Z logu:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Profile: C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-03] <==== ATTENTION
S2 CxAudMsg; no ImagePath
S1 p1486192861am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7A62.tmp\p1486192861am.sys [X] <==== ATTENTION
S1 p1486192907am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk2B78.tmp\p1486192907am.sys [X] <==== ATTENTION
S1 p1486192993am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7CF1.tmp\p1486192993am.sys [X] <==== ATTENTION
C:\ProgramData\DP45977C.lfl
EmptyTemp:
End
Z logu:
To je příliš mnoho a může to způsobovat pomalý start systému. Vytvořte v C:\Users\Luk ç novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.Velikost slozky "C:\Users\Luk ç\Desktop" je 8308 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Odstranění virů
Přikládám Fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Lukáš (04-03-2017 11:44:15) Run:1
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš (Available Profiles: Lukáš)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Profile: C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-03] <==== ATTENTION
S2 CxAudMsg; no ImagePath
S1 p1486192861am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7A62.tmp\p1486192861am.sys [X] <==== ATTENTION
S1 p1486192907am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk2B78.tmp\p1486192907am.sys [X] <==== ATTENTION
S1 p1486192993am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7CF1.tmp\p1486192993am.sys [X] <==== ATTENTION
C:\ProgramData\DP45977C.lfl
EmptyTemp:
End
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\CxAudMsg => key removed successfully
CxAudMsg => service removed successfully
HKLM\System\CurrentControlSet\Services\p1486192861am => key removed successfully
p1486192861am => service removed successfully
HKLM\System\CurrentControlSet\Services\p1486192907am => key removed successfully
p1486192907am => service removed successfully
HKLM\System\CurrentControlSet\Services\p1486192993am => key removed successfully
p1486192993am => service removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9344677 B
Java, Flash, Steam htmlcache => 577 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 43382349 B
systemprofile32 => 55307642 B
LocalService => 66228 B
NetworkService => 66228 B
Lukáš => 3022278 B
RecycleBin => 0 B
EmptyTemp: => 114.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 11:44:21 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Lukáš (04-03-2017 11:44:15) Run:1
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš (Available Profiles: Lukáš)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Profile: C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-03] <==== ATTENTION
S2 CxAudMsg; no ImagePath
S1 p1486192861am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7A62.tmp\p1486192861am.sys [X] <==== ATTENTION
S1 p1486192907am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk2B78.tmp\p1486192907am.sys [X] <==== ATTENTION
S1 p1486192993am; \??\C:\Users\LUK~1\AppData\Local\Temp\bk7CF1.tmp\p1486192993am.sys [X] <==== ATTENTION
C:\ProgramData\DP45977C.lfl
EmptyTemp:
End
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\CxAudMsg => key removed successfully
CxAudMsg => service removed successfully
HKLM\System\CurrentControlSet\Services\p1486192861am => key removed successfully
p1486192861am => service removed successfully
HKLM\System\CurrentControlSet\Services\p1486192907am => key removed successfully
p1486192907am => service removed successfully
HKLM\System\CurrentControlSet\Services\p1486192993am => key removed successfully
p1486192993am => service removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9344677 B
Java, Flash, Steam htmlcache => 577 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 43382349 B
systemprofile32 => 55307642 B
LocalService => 66228 B
NetworkService => 66228 B
Lukáš => 3022278 B
RecycleBin => 0 B
EmptyTemp: => 114.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 11:44:21 ====
-
Rudy
- Site Admin
- Příspěvky: 119671
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Odstranění virů
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Odstranění virů
Rychlejší výkon notebooku a smazání záznamů z prohlížeče.
-
Rudy
- Site Admin
- Příspěvky: 119671
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Odstranění virů
Ještě pro jistotu proveďte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Odstranění virů
https://ctrlv.cz/dwOV
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 04.03.17
Čas skenování: 12:27
Logovací soubor: test.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1424
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Luk\u00c3\u00a1\u00c5\u00a1-PC\Luk\u00c3\u00a1\u00c5\u00a1
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 389194
Uplynulý čas: 2 min, 40 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 3
PUP.Optional.AshampooRegistryCleaner, HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\AML\Registry Cleaner, Smazání při restartu, [2972], [354941],1.0.1424
Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\{84416237-6490-494D-9AD6-4994DD978971}, Smazání při restartu, [305], [375406],1.0.1424
Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\mwyhtxtg, Smazání při restartu, [2098], [339986],1.0.1424
Hodnota v registru: 1
Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\mwyhtxtg|NAME, Smazání při restartu, [2098], [339986],1.0.1424
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 04.03.17
Čas skenování: 12:27
Logovací soubor: test.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1424
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Luk\u00c3\u00a1\u00c5\u00a1-PC\Luk\u00c3\u00a1\u00c5\u00a1
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 389194
Uplynulý čas: 2 min, 40 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 3
PUP.Optional.AshampooRegistryCleaner, HKU\S-1-5-21-2564799030-1136092162-2998420998-1000\SOFTWARE\AML\Registry Cleaner, Smazání při restartu, [2972], [354941],1.0.1424
Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\{84416237-6490-494D-9AD6-4994DD978971}, Smazání při restartu, [305], [375406],1.0.1424
Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\mwyhtxtg, Smazání při restartu, [2098], [339986],1.0.1424
Hodnota v registru: 1
Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\mwyhtxtg|NAME, Smazání při restartu, [2098], [339986],1.0.1424
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119671
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Odstranění virů
Všechny nálezy MBAM smažte a tím by měl být PC čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Odstranění virů
Děkuji za pomoc. Mohl byste mi prosím doporučit antivirus popřípadě jiný program, který by předcházel těmto problémům? Děkuji
Přispějete na provoz fóra?