Finanční malware

Zpráva

Lukyman · #1 Příspěvek od **Lukyman** » 13 čer 2017 15:17

Dobrý den, z KB mi volali, že detekovali při přihlášení do internetového bankovnictví finanční malware na mém počítači. Prosím o kontrolu. Ještě jsem pro jistotu dal plný scan na aviře, našlo mi to akorát Hisuite (systém od Huawei - přijde mi to jako nesmysl, tak jsem o zatím nemazal).

Děkuji
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2017
Ran by Balda (administrator) on BALDUVKOMP (13-06-2017 16:12:06)
Running from C:\Users\Balda\Desktop\Plocha
Loaded Profiles: Balda (Available Profiles: Balda)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
() C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files (x86)\ATK Hotkey\MsgTranAgt64.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD radeon\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD radeon\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5641728 2017-02-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2017-02-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-18] (Logitech Inc.)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-03-13] (Motorola Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD radeon\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2017-02-22] ()
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DriverPack Notifier] => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [258560 2015-12-18] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [25256 2016-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831576 2016-08-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BAMDAPP] => C:\ProgramData\AMD APP\BAMDAPP.exe [289280 2017-06-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-11-16] (AMD)
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\MountPoints2: {a8f0d074-3bb9-11e7-8c2c-001fc6782e9b} - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\MountPoints2: {c21d2053-fa32-11e6-95d5-001fc6782e9b} - F:\HiSuiteDownLoader.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files (x86)\Avira\Antivirus\avsda.dll [507984 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog5-x64 02 C:\Windows\system32\napinsp.dll [62976 2008-01-21] (Společnost Microsoft)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-08-18] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 20 C:\Program Files (x86)\Avira\Antivirus\avsda64.dll [523344 2016-08-18] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{11F51D6B-3852-4C13-9609-7753551F9A79}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

FireFox:
========
FF DefaultProfile: m30yb66e.default
FF ProfilePath: C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default [2017-06-13]
FF Homepage: Mozilla\Firefox\Profiles\m30yb66e.default -> http://www.seznam.cz
FF Extension: (Avira Browser Safety) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\abs@avira.com [2017-06-13]
FF Extension: (YouTube mp3) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\info@youtube-mp3.org.xpi [2017-02-24]
FF Extension: (Dark YouTube Theme) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2017-04-16]
FF Extension: (Personas Plus) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\personas@christopher.beard.xpi [2017-05-18]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\safesearchplus2@avira.com [2017-06-13]
FF Extension: (Adblock Plus) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-05-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default [2017-05-08]
CHR Extension: (Prezentace Google) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-02]
CHR Extension: (Dokumenty Google) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-02]
CHR Extension: (Disk Google) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-02]
CHR Extension: (YouTube) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-02]
CHR Extension: (Tabulky Google) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-26]
CHR Extension: (Gmail) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-02]
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc.exe [970632 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-08-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\AVWEBGRD.EXE [1253352 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] () [File not signed]
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] ()
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-18] (Logitech Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-08-18] (Avira Operations GmbH & Co. KG)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [275432 2009-04-11] (Společnost Microsoft)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R0 iaNvStor; C:\Windows\System32\drivers\ianvstor.sys [332824 2008-07-21] (Intel Corporation)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [8704 2017-02-22] (JMicron )
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2008-01-21] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1515496 2009-04-11] (Společnost Microsoft)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-03-13] (Motorola Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-13 16:11 - 2017-06-13 16:12 - 00000000 ____D C:\FRST
2017-06-13 14:23 - 2017-06-13 15:57 - 00000000 ____D C:\ProgramData\AMD APP
2017-06-13 14:13 - 2017-06-13 14:13 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Avira
2017-06-13 14:11 - 2016-08-18 15:52 - 00171752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-06-13 14:11 - 2016-08-18 15:52 - 00145984 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-06-13 14:11 - 2016-08-18 15:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-06-13 14:09 - 2017-06-13 14:09 - 00003364 _____ C:\Windows\System32\Tasks\Avira System Speedup Tray
2017-06-13 14:09 - 2017-06-13 14:09 - 00001050 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2017-06-13 14:09 - 2017-06-13 14:09 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-13 14:08 - 2017-06-13 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-13 14:08 - 2017-06-13 14:12 - 00000000 ____D C:\ProgramData\Avira
2017-06-13 14:08 - 2017-06-13 14:11 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-13 14:08 - 2017-06-13 14:08 - 00001041 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2017-06-13 13:55 - 2017-06-13 13:55 - 00096123 _____ C:\ProgramData\1497354801.bdinstall.bin
2017-06-13 13:53 - 2017-06-13 13:53 - 00036495 _____ C:\ProgramData\1497354800.bdinstall.bin
2017-06-13 11:39 - 2017-06-13 11:39 - 00200880 _____ C:\ProgramData\1497346609.bdinstall.bin
2017-06-13 11:36 - 2017-06-13 11:37 - 00000000 ____D C:\Users\Balda\AppData\Roaming\QuickScan
2017-06-13 11:34 - 2017-06-13 11:34 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-06-13 11:32 - 2017-06-13 11:32 - 00013339 _____ C:\ProgramData\agent.1497346363.bdinstall.bin
2017-06-13 11:32 - 2017-06-13 11:32 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-06-12 22:54 - 2017-06-13 16:12 - 00000000 ____D C:\Users\Balda\Desktop\Plocha
2017-06-12 21:50 - 2017-06-13 14:22 - 00000000 ____D C:\ProgramData\HiSuite
2017-06-08 15:05 - 2017-06-08 15:05 - 00000000 ____D C:\Users\Balda\AppData\Roaming\WinRAR
2017-06-05 20:15 - 2017-06-05 20:15 - 00000830 _____ C:\Users\Public\Desktop\HiSuite.lnk
2017-06-05 20:15 - 2017-06-05 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2017-06-05 20:15 - 2017-04-11 04:17 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
2017-06-05 20:15 - 2017-04-11 04:17 - 00226560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys
2017-06-05 20:15 - 2017-04-11 04:17 - 00127360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys
2017-06-05 20:15 - 2017-04-11 04:17 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys
2017-06-05 20:15 - 2017-04-11 04:17 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2017-06-05 20:15 - 2017-04-11 04:17 - 00018944 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys
2017-06-05 20:14 - 2017-06-05 20:15 - 00000000 ____D C:\Program Files (x86)\HiSuite
2017-06-05 20:13 - 2017-06-05 20:15 - 00000000 ____D C:\Users\Balda\AppData\Local\Hisuite
2017-06-05 20:13 - 2017-06-05 20:13 - 00000000 ____D C:\Users\Balda\Documents\HiSuite
2017-06-05 20:13 - 2017-04-11 04:17 - 02152176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll
2017-06-05 20:13 - 2017-04-11 04:17 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2017-06-05 20:13 - 2017-04-11 04:17 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll
2017-06-05 20:13 - 2009-07-15 00:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2017-06-05 15:29 - 2017-06-05 17:22 - 00000000 ____D C:\Users\Balda\AppData\Roaming\vlc
2017-06-05 15:28 - 2017-06-05 15:28 - 00000901 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-01 18:04 - 2017-06-02 20:13 - 00000000 ____D C:\Users\Balda\Desktop\basket

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-13 16:01 - 2017-02-22 08:50 - 00000000 ____D C:\Users\Balda\AppData\LocalLow\Mozilla
2017-06-13 16:01 - 2009-04-13 18:07 - 01530430 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-13 16:01 - 2009-04-13 18:06 - 00644548 _____ C:\Windows\system32\perfh005.dat
2017-06-13 16:01 - 2009-04-13 18:06 - 00137186 _____ C:\Windows\system32\perfc005.dat
2017-06-13 16:01 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\inf
2017-06-13 15:57 - 2006-11-02 17:22 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-13 15:57 - 2006-11-02 17:22 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-13 15:56 - 2017-02-22 12:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-13 15:56 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-13 15:56 - 2006-11-02 17:21 - 00300752 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-13 15:50 - 2017-02-22 08:51 - 00000012 _____ C:\Windows\bthservsdp.dat
2017-06-13 15:50 - 2006-11-02 17:42 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-13 15:17 - 2017-02-22 08:47 - 00068160 _____ C:\Users\Balda\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-13 15:00 - 2017-02-22 09:26 - 00000000 ____D C:\Users\Balda\AppData\Roaming\uTorrent
2017-06-13 14:08 - 2017-02-22 12:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-13 13:58 - 2017-03-08 01:38 - 00000000 ____D C:\Users\Balda\Desktop\seriály
2017-06-13 13:35 - 2017-02-22 19:39 - 01508278 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-13 11:43 - 2017-02-23 03:59 - 00000000 ____D C:\Users\Balda\Desktop\wsusoffline
2017-06-13 11:38 - 2017-02-22 08:46 - 00000000 ____D C:\Users\Balda
2017-06-13 01:40 - 2017-02-22 23:00 - 00028249 _____ C:\Users\Balda\Desktop\Saab 9-5 aero.ods
2017-06-12 19:53 - 2017-03-09 03:32 - 00000000 ____D C:\Users\Balda\Desktop\hudba
2017-06-09 01:42 - 2017-03-08 01:41 - 00000000 ____D C:\Users\Balda\Desktop\filmy
2017-06-08 15:04 - 2017-02-22 09:23 - 00000000 ____D C:\Program Files (x86)\programy
2017-06-05 20:19 - 2017-02-22 10:12 - 00001912 _____ C:\Windows\epplauncher.mif
2017-05-30 20:17 - 2017-02-24 03:42 - 00000000 ___SD C:\Users\Balda\AppData\LocalLow\Temp
2017-05-23 18:26 - 2017-02-22 12:05 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-23 18:26 - 2017-02-22 12:05 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-23 18:26 - 2017-02-22 12:05 - 00004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-23 18:26 - 2017-02-22 12:05 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-23 18:26 - 2017-02-22 12:04 - 00000000 ____D C:\Users\Balda\AppData\Local\Adobe
2017-05-22 11:49 - 2017-02-22 08:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-21 21:18 - 2017-02-22 08:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Files in the root of some directories =======

2017-02-22 10:59 - 2017-02-25 04:14 - 0000624 _____ () C:\Users\Balda\AppData\Roaming\All CPU MeterV3_Settings.ini
2017-02-22 08:47 - 2017-02-22 09:41 - 0000732 _____ () C:\Users\Balda\AppData\Local\d3d9caps64.dat
2017-02-22 09:07 - 2017-02-22 09:08 - 0230168 _____ () C:\Users\Balda\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2017-02-22 09:07 - 2017-02-22 09:07 - 0000002 _____ () C:\Users\Balda\AppData\Local\dd_dotnetfx35error.txt
2017-02-22 09:08 - 2017-02-22 09:08 - 0000002 _____ () C:\Users\Balda\AppData\Local\dd_dotnetfx35error_lp.txt
2017-02-22 09:07 - 2017-02-22 09:09 - 0231912 _____ () C:\Users\Balda\AppData\Local\dd_dotnetfx35install.txt
2017-02-22 09:08 - 2017-02-22 09:08 - 0077624 _____ () C:\Users\Balda\AppData\Local\dd_dotnetfx35install_lp.txt
2017-02-22 09:08 - 2017-02-22 09:08 - 0624052 _____ () C:\Users\Balda\AppData\Local\dd_NET_Framework35_LangPack_MSI2435.txt
2017-02-22 09:08 - 2017-02-22 09:08 - 1927726 _____ () C:\Users\Balda\AppData\Local\dd_NET_Framework35_x64_MSI23F1.txt
2017-02-22 09:07 - 2017-02-22 09:09 - 0006172 _____ () C:\Users\Balda\AppData\Local\uxeventlog.txt
2017-06-13 11:39 - 2017-06-13 11:39 - 0200880 _____ () C:\ProgramData\1497346609.bdinstall.bin
2017-06-13 13:53 - 2017-06-13 13:53 - 0036495 _____ () C:\ProgramData\1497354800.bdinstall.bin
2017-06-13 13:55 - 2017-06-13 13:55 - 0096123 _____ () C:\ProgramData\1497354801.bdinstall.bin
2017-06-13 11:32 - 2017-06-13 11:32 - 0013339 _____ () C:\ProgramData\agent.1497346363.bdinstall.bin

Some files in TEMP:
====================
2017-06-13 14:12 - 2017-06-13 14:12 - 0000000 ____D () C:\Users\Balda\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-13 16:02

==================== End of FRST.txt ============================

#2 Příspěvek od **Rudy** » 13 čer 2017 16:10

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Lukyman · #3 Příspěvek od **Lukyman** » 13 čer 2017 17:09

# AdwCleaner v6.047 - Log vytvořen 13/06/2017 v 18:05:34
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-06-13.2 [Místní]
# Operační systém : Windows (TM) Vista Home Premium Service Pack 2 (X64)
# Uživatelské jméno : Balda - BALDUVKOMP
# Spuštěno z : C:\Users\Balda\Desktop\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

[#] Složka smazána po restartu: C:\Users\Balda\AppData\Roaming\DriverPack Notifier
[#] Složka smazána po restartu: C:\Users\Balda\AppData\Roaming\DRPSu
[#] Složka smazána po restartu: C:\Program Files (x86)\DriverPack Notifier
[#] Složka smazána po restartu: C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\extensions\safesearchplus2@avira.com

***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Balda\AppData\Local\Microsoft\Internet Explorer\DOMStore\TZO02JNZ\gamingwonderland.dl.tb.ask[1].xml
[-] Soubor smazán: C:\Users\Balda\AppData\Local\Microsoft\Internet Explorer\DOMStore\CI1XS2E4\translationbuddy.dl.tb.ask[1].xml
[-] Soubor smazán: C:\Users\Balda\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE6D2OOV\translationbuddy.dl.myway[1].xml
[-] Soubor smazán: C:\Users\Balda\AppData\Local\Microsoft\Internet Explorer\DOMStore\A5ELF0YP\gamingwonderland.dl.myway[1].xml

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

[-] Úloha smazána: DriverPack Notifier

***** [ Registry ] *****

[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Klíč smazán: HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\Software\csastats
[-] Klíč smazán: HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\Software\ICSW1.23
[-] Klíč smazán: HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\Software\drpsu
[-] Klíč smazán: HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DriverPack Notifier
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\csastats
[#] Klíč smazán po restartu: HKCU\Software\ICSW1.23
[#] Klíč smazán po restartu: HKCU\Software\drpsu
[-] Klíč smazán: HKLM\SOFTWARE\drpsu
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverPack Notifier
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DriverPack Notifier
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\csastats
[#] Klíč smazán po restartu: [x64] HKCU\Software\ICSW1.23
[#] Klíč smazán po restartu: [x64] HKCU\Software\drpsu
[-] Klíč smazán: [x64] HKLM\SOFTWARE\drpsu
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DriverPack Notifier
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3809 Bajty] - [13/06/2017 18:05:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [3912 Bajty] - [13/06/2017 18:01:55]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3955 Bajty] ##########

#4 Příspěvek od **Rudy** » 13 čer 2017 17:15

Dejte nový log FRST.

Lukyman · #5 Příspěvek od **Lukyman** » 13 čer 2017 17:39

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2017
Ran by Balda (administrator) on BALDUVKOMP (13-06-2017 18:37:56)
Running from C:\Users\Balda\Desktop\Plocha
Loaded Profiles: Balda (Available Profiles: Balda)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files (x86)\ATK Hotkey\AsLdrSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe
() C:\Program Files (x86)\ATK Hotkey\MsgTranAgt64.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD radeon\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD radeon\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5641728 2017-02-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2017-02-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-18] (Logitech Inc.)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-03-13] (Motorola Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD radeon\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2017-02-22] ()
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [25256 2016-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831576 2016-08-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BAMDAPP] => C:\ProgramData\AMD APP\BAMDAPP.exe [289280 2017-06-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\MountPoints2: {a8f0d074-3bb9-11e7-8c2c-001fc6782e9b} - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\MountPoints2: {c21d2053-fa32-11e6-95d5-001fc6782e9b} - F:\HiSuiteDownLoader.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Winsock: Catalog5-x64 02 C:\Windows\system32\napinsp.dll [62976 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{11F51D6B-3852-4C13-9609-7753551F9A79}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3583218983-2488410347-4032658646-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF DefaultProfile: m30yb66e.default
FF ProfilePath: C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default [2017-06-13]
FF Homepage: Mozilla\Firefox\Profiles\m30yb66e.default -> www.seznam.cz
FF Extension: (Avira Browser Safety) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\abs@avira.com [2017-06-13]
FF Extension: (YouTube mp3) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\info@youtube-mp3.org.xpi [2017-02-24]
FF Extension: (Dark YouTube Theme) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2017-04-16]
FF Extension: (Personas Plus) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\personas@christopher.beard.xpi [2017-05-18]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\safesearchplus2@avira.com [2017-06-13]
FF Extension: (Adblock Plus) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\Balda\AppData\Roaming\Mozilla\Firefox\Profiles\m30yb66e.default\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-05-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2007-11-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default [2017-05-08]
CHR Extension: (Prezentace Google) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-02]
CHR Extension: (Dokumenty Google) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-02]
CHR Extension: (Disk Google) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-02]
CHR Extension: (YouTube) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-02]
CHR Extension: (Tabulky Google) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-26]
CHR Extension: (Gmail) - C:\Users\Balda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-06-13] (Adobe Systems Incorporated) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc.exe [970632 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-08-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\AVWEBGRD.EXE [1253352 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] () [File not signed]
S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] ()
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-18] (Logitech Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-08-18] (Avira Operations GmbH & Co. KG)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [275432 2009-04-11] (Společnost Microsoft)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.)
R0 iaNvStor; C:\Windows\System32\drivers\ianvstor.sys [332824 2008-07-21] (Intel Corporation)
R0 JGOGO; C:\Windows\System32\DRIVERS\JGOGO.sys [8704 2017-02-22] (JMicron )
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2008-01-21] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1515496 2009-04-11] (Společnost Microsoft)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-03-13] (Motorola Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-13 18:00 - 2017-06-13 18:05 - 00000000 ____D C:\AdwCleaner
2017-06-13 17:59 - 2017-06-13 17:59 - 04110280 _____ C:\Users\Balda\Desktop\adwcleaner_6.047.exe
2017-06-13 16:19 - 2017-06-13 16:19 - 00000000 ____D C:\Users\Balda\AppData\Local\ESET
2017-06-13 16:11 - 2017-06-13 18:37 - 00000000 ____D C:\FRST
2017-06-13 14:23 - 2017-06-13 17:59 - 00000000 ____D C:\ProgramData\AMD APP
2017-06-13 14:13 - 2017-06-13 14:13 - 00000000 ____D C:\Users\Balda\AppData\Roaming\Avira
2017-06-13 14:11 - 2016-08-18 15:52 - 00171752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-06-13 14:11 - 2016-08-18 15:52 - 00145984 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-06-13 14:11 - 2016-08-18 15:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-06-13 14:09 - 2017-06-13 14:09 - 00003364 _____ C:\Windows\System32\Tasks\Avira System Speedup Tray
2017-06-13 14:09 - 2017-06-13 14:09 - 00001050 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2017-06-13 14:09 - 2017-06-13 14:09 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-13 14:08 - 2017-06-13 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-13 14:08 - 2017-06-13 14:12 - 00000000 ____D C:\ProgramData\Avira
2017-06-13 14:08 - 2017-06-13 14:11 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-13 14:08 - 2017-06-13 14:08 - 00001041 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2017-06-13 13:55 - 2017-06-13 13:55 - 00096123 _____ C:\ProgramData\1497354801.bdinstall.bin
2017-06-13 13:53 - 2017-06-13 13:53 - 00036495 _____ C:\ProgramData\1497354800.bdinstall.bin
2017-06-13 11:39 - 2017-06-13 11:39 - 00200880 _____ C:\ProgramData\1497346609.bdinstall.bin
2017-06-13 11:36 - 2017-06-13 11:37 - 00000000 ____D C:\Users\Balda\AppData\Roaming\QuickScan
2017-06-13 11:34 - 2017-06-13 11:34 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-06-13 11:32 - 2017-06-13 11:32 - 00013339 _____ C:\ProgramData\agent.1497346363.bdinstall.bin
2017-06-13 11:32 - 2017-06-13 11:32 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-06-12 22:54 - 2017-06-13 18:00 - 00000000 ____D C:\Users\Balda\Desktop\Plocha
2017-06-12 21:50 - 2017-06-13 16:29 - 00000000 ____D C:\ProgramData\HiSuite
2017-06-08 15:05 - 2017-06-08 15:05 - 00000000 ____D C:\Users\Balda\AppData\Roaming\WinRAR
2017-06-05 20:15 - 2017-06-05 20:15 - 00000830 _____ C:\Users\Public\Desktop\HiSuite.lnk
2017-06-05 20:15 - 2017-06-05 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2017-06-05 20:15 - 2017-04-11 04:17 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
2017-06-05 20:15 - 2017-04-11 04:17 - 00226560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys
2017-06-05 20:15 - 2017-04-11 04:17 - 00127360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys
2017-06-05 20:15 - 2017-04-11 04:17 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys
2017-06-05 20:15 - 2017-04-11 04:17 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2017-06-05 20:15 - 2017-04-11 04:17 - 00018944 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys
2017-06-05 20:14 - 2017-06-05 20:15 - 00000000 ____D C:\Program Files (x86)\HiSuite
2017-06-05 20:13 - 2017-06-05 20:15 - 00000000 ____D C:\Users\Balda\AppData\Local\Hisuite
2017-06-05 20:13 - 2017-06-05 20:13 - 00000000 ____D C:\Users\Balda\Documents\HiSuite
2017-06-05 20:13 - 2017-04-11 04:17 - 02152176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll
2017-06-05 20:13 - 2017-04-11 04:17 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2017-06-05 20:13 - 2017-04-11 04:17 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll
2017-06-05 20:13 - 2009-07-15 00:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2017-06-05 15:29 - 2017-06-05 17:22 - 00000000 ____D C:\Users\Balda\AppData\Roaming\vlc
2017-06-05 15:28 - 2017-06-05 15:28 - 00000901 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-06-01 18:04 - 2017-06-02 20:13 - 00000000 ____D C:\Users\Balda\Desktop\basket

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-13 18:11 - 2009-04-13 18:07 - 01530430 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-13 18:11 - 2009-04-13 18:06 - 00644548 _____ C:\Windows\system32\perfh005.dat
2017-06-13 18:11 - 2009-04-13 18:06 - 00137186 _____ C:\Windows\system32\perfc005.dat
2017-06-13 18:11 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\inf
2017-06-13 18:07 - 2017-02-22 08:50 - 00000000 ____D C:\Users\Balda\AppData\LocalLow\Mozilla
2017-06-13 18:07 - 2006-11-02 17:22 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-13 18:07 - 2006-11-02 17:22 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-13 18:06 - 2017-02-22 08:51 - 00000012 _____ C:\Windows\bthservsdp.dat
2017-06-13 18:06 - 2006-11-02 17:42 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-13 18:06 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-13 18:02 - 2017-02-22 12:05 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-13 18:02 - 2017-02-22 12:05 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-13 18:02 - 2017-02-22 12:05 - 00004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-13 18:02 - 2017-02-22 12:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-13 18:02 - 2017-02-22 12:05 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-13 17:59 - 2017-03-08 01:38 - 00000000 ____D C:\Users\Balda\Desktop\seriály
2017-06-13 15:56 - 2006-11-02 17:21 - 00300752 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-13 15:17 - 2017-02-22 08:47 - 00068160 _____ C:\Users\Balda\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-13 15:00 - 2017-02-22 09:26 - 00000000 ____D C:\Users\Balda\AppData\Roaming\uTorrent
2017-06-13 14:08 - 2017-02-22 12:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-13 13:35 - 2017-02-22 19:39 - 01508278 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-13 11:43 - 2017-02-23 03:59 - 00000000 ____D C:\Users\Balda\Desktop\wsusoffline
2017-06-13 11:38 - 2017-02-22 08:46 - 00000000 ____D C:\Users\Balda
2017-06-13 01:40 - 2017-02-22 23:00 - 00028249 _____ C:\Users\Balda\Desktop\Saab 9-5 aero.ods
2017-06-12 19:53 - 2017-03-09 03:32 - 00000000 ____D C:\Users\Balda\Desktop\hudba
2017-06-09 01:42 - 2017-03-08 01:41 - 00000000 ____D C:\Users\Balda\Desktop\filmy
2017-06-08 15:04 - 2017-02-22 09:23 - 00000000 ____D C:\Program Files (x86)\programy
2017-06-05 20:19 - 2017-02-22 10:12 - 00001912 _____ C:\Windows\epplauncher.mif
2017-05-30 20:17 - 2017-02-24 03:42 - 00000000 ___SD C:\Users\Balda\AppData\LocalLow\Temp
2017-05-23 18:26 - 2017-02-22 12:04 - 00000000 ____D C:\Users\Balda\AppData\Local\Adobe
2017-05-22 11:49 - 2017-02-22 08:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-21 21:18 - 2017-02-22 08:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Files in the root of some directories =======

2017-02-22 10:59 - 2017-02-25 04:14 - 0000624 _____ () C:\Users\Balda\AppData\Roaming\All CPU MeterV3_Settings.ini
2017-02-22 08:47 - 2017-02-22 09:41 - 0000732 _____ () C:\Users\Balda\AppData\Local\d3d9caps64.dat
2017-02-22 09:07 - 2017-02-22 09:08 - 0230168 _____ () C:\Users\Balda\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2017-02-22 09:07 - 2017-02-22 09:07 - 0000002 _____ () C:\Users\Balda\AppData\Local\dd_dotnetfx35error.txt
2017-02-22 09:08 - 2017-02-22 09:08 - 0000002 _____ () C:\Users\Balda\AppData\Local\dd_dotnetfx35error_lp.txt
2017-02-22 09:07 - 2017-02-22 09:09 - 0231912 _____ () C:\Users\Balda\AppData\Local\dd_dotnetfx35install.txt
2017-02-22 09:08 - 2017-02-22 09:08 - 0077624 _____ () C:\Users\Balda\AppData\Local\dd_dotnetfx35install_lp.txt
2017-02-22 09:08 - 2017-02-22 09:08 - 0624052 _____ () C:\Users\Balda\AppData\Local\dd_NET_Framework35_LangPack_MSI2435.txt
2017-02-22 09:08 - 2017-02-22 09:08 - 1927726 _____ () C:\Users\Balda\AppData\Local\dd_NET_Framework35_x64_MSI23F1.txt
2017-02-22 09:07 - 2017-02-22 09:09 - 0006172 _____ () C:\Users\Balda\AppData\Local\uxeventlog.txt
2017-06-13 11:39 - 2017-06-13 11:39 - 0200880 _____ () C:\ProgramData\1497346609.bdinstall.bin
2017-06-13 13:53 - 2017-06-13 13:53 - 0036495 _____ () C:\ProgramData\1497354800.bdinstall.bin
2017-06-13 13:55 - 2017-06-13 13:55 - 0096123 _____ () C:\ProgramData\1497354801.bdinstall.bin
2017-06-13 11:32 - 2017-06-13 11:32 - 0013339 _____ () C:\ProgramData\agent.1497346363.bdinstall.bin

Some files in TEMP:
====================
2017-06-13 14:12 - 2017-06-13 14:12 - 0000000 ____D () C:\Users\Balda\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-13 18:12

==================== End of FRST.txt ============================

#6 Příspěvek od **Rudy** » 13 čer 2017 17:54

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\MountPoints2: {a8f0d074-3bb9-11e7-8c2c-001fc6782e9b} - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\MountPoints2: {c21d2053-fa32-11e6-95d5-001fc6782e9b} - F:\HiSuiteDownLoader.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3583218983-2488410347-4032658646-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Balda\AppData\Local\Temp
Task: {E2628E36-A4C2-43A3-AC71-8695B2995518} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-02] (Google Inc.)
Task: {EC43045A-6E99-45D9-98A1-4A57EA77ACA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-02] (Google Inc.)
Task: {D868438D-F2E8-4845-947C-D745EA8A8534} - System32\Tasks\{376901E9-648A-4600-9CD4-8FF29D772F91} => pcalua.exe -a C:\Users\Balda\Desktop\Plocha\LAN_Marvell_VT\LAN_Marvell_VT\2KSETUP.EXE -d C:\Users\Balda\Desktop\Plocha\LAN_Marvell_VT\LAN_Marvell_VT
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153

EmptyTemp:
End

Uložte do C:\Users\Balda\Desktop\Plocha jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Lukyman · #7 Příspěvek od **Lukyman** » 13 čer 2017 18:05

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017
Ran by Balda (13-06-2017 19:00:05) Run:1
Running from C:\Users\Balda\Desktop\Plocha
Loaded Profiles: Balda (Available Profiles: Balda)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\MountPoints2: {a8f0d074-3bb9-11e7-8c2c-001fc6782e9b} - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\...\MountPoints2: {c21d2053-fa32-11e6-95d5-001fc6782e9b} - F:\HiSuiteDownLoader.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3583218983-2488410347-4032658646-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Balda\AppData\Local\Temp
Task: {E2628E36-A4C2-43A3-AC71-8695B2995518} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-02] (Google Inc.)
Task: {EC43045A-6E99-45D9-98A1-4A57EA77ACA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-02] (Google Inc.)
Task: {D868438D-F2E8-4845-947C-D745EA8A8534} - System32\Tasks\{376901E9-648A-4600-9CD4-8FF29D772F91} => pcalua.exe -a C:\Users\Balda\Desktop\Plocha\LAN_Marvell_VT\LAN_Marvell_VT\2KSETUP.EXE -d C:\Users\Balda\Desktop\Plocha\LAN_Marvell_VT\LAN_Marvell_VT
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153

EmptyTemp:
End
*****************

HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8f0d074-3bb9-11e7-8c2c-001fc6782e9b} => key removed successfully
HKLM\Software\Classes\CLSID\{a8f0d074-3bb9-11e7-8c2c-001fc6782e9b} => key not found.
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c21d2053-fa32-11e6-95d5-001fc6782e9b} => key removed successfully
HKLM\Software\Classes\CLSID\{c21d2053-fa32-11e6-95d5-001fc6782e9b} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3583218983-2488410347-4032658646-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Balda\AppData\Local\Temp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2628E36-A4C2-43A3-AC71-8695B2995518} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2628E36-A4C2-43A3-AC71-8695B2995518} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC43045A-6E99-45D9-98A1-4A57EA77ACA0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC43045A-6E99-45D9-98A1-4A57EA77ACA0} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D868438D-F2E8-4845-947C-D745EA8A8534} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D868438D-F2E8-4845-947C-D745EA8A8534} => key removed successfully
C:\Windows\System32\Tasks\{376901E9-648A-4600-9CD4-8FF29D772F91} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{376901E9-648A-4600-9CD4-8FF29D772F91} => key removed successfully
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78235958 B
Java, Flash, Steam htmlcache => 12605 B
Windows/system/drivers => 790634188 B
Edge => 0 B
Chrome => 18958946 B
Firefox => 380577344 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 1764135 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 602546 B
NetworkService => 0 B
Balda => 160111798 B

RecycleBin => 4679750657 B
EmptyTemp: => 5.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:00:33 ====

#8 Příspěvek od **Rudy** » 13 čer 2017 19:03

Smazáno. Nastala nějaká změna?

Lukyman · #9 Příspěvek od **Lukyman** » 13 čer 2017 19:19

Počítač se chová standartně, což se choval i před tím. Jen mi volali z KB, že mám v počítači malware, který zjstili po přihlášení do internetovýho bankovnictví. Já jsem nic nezjistil, ani se mi nezaznamenal nic nestandartního. I když jedna věc ano, ale nevím jestli s tím souvisí. Samovolně se mi vypíná firewall, a když ho zapnu, tak se po nějaké době opět vypne.

#10 Příspěvek od **Rudy** » 13 čer 2017 20:08

Může i nemusí. Zkuste ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte. Vypínání fw ale může způsobovat i systém sám.

Lukyman · #11 Příspěvek od **Lukyman** » 13 čer 2017 21:14

Tady nastává problém. Mám totiž problém s Net frameworkem. Nefunguje asi správně. Mám nainstalovaný 3.5 a 4.6.2 přesto mi píše, že nemám verzi 4.0 a vyšší. Reinstalace nepomohla. Takže se mi nespustí malwerbytes.

#12 Příspěvek od **Rudy** » 14 čer 2017 12:27

Toto spíše bude systémová chyba, než chyba instalace Framework. Knihovny registruje systém, nikoli program. Možná by to spravila obnova systému k datu, kdy korketně fungoval. Zkuste tedy skaen AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Bude trvat déle, ale je dokonce lepší než MBAM. Stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co nalezl.

Lukyman · #13 Příspěvek od **Lukyman** » 14 čer 2017 15:16

Tak netframework už mi funguje. Malware se stejnak nespustil - enable to connect the service. No spustil jsem Kasperskyho, trvalo to jen půl hodiny. Našlo to něco - ten Hisuite byl asi opravdu vadný, tak jsem ho smazal a odinstaloval. Nic jiného to nenašlo.

#14 Příspěvek od **Rudy** » 14 čer 2017 15:27

To by mělo být vše, pokud nemáte jiný problém.

Lukyman · #15 Příspěvek od **Lukyman** » 14 čer 2017 15:58

Mělo by to být vše, děkuji za pomoc.

VIRY.CZ

Finanční malware

Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware

Re: Finanční malware