Počítač sa seká, spúšťa prehliadač s reklamami

[il.mateji]

Dobrý deň,
už druhý deň bojujem s počítačom, ktorý sa občas sekne a následne na to spustí prehliadač s kdejakými pochybnými stránkami. Antivir pri každom reštarte nájde trojany, ktoré hneď odstráni, ADW cleaner nič nenachádza.
Nakoľko nie som jediný užívateľ tohoto PC a nemám tušenie ako sa to sem dostalo, braciam sa o pomoc k Vám.


Log FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-03-2020
Ran by Alternativa (administrator) on PC-PC (ASUSTeK COMPUTER INC. K55VM) (22-03-2020 10:03:37)
Running from C:\Users\Alternativa\Desktop\viry.cz
Loaded Profiles: Alternativa (Available Profiles: PC & Alternativa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

( ) [File not signed] C:\Users\Alternativa\AppData\Roaming\1xwuqifw2td\ldxqhs3u3lv.exe
( ) [File not signed] C:\Users\Alternativa\AppData\Roaming\cjfkobcip43\4an1dufhclc.exe
( ) [File not signed] C:\Users\Alternativa\AppData\Roaming\qnyif0llmvx\bbx3m1hvb2d.exe
() [File not signed] C:\Users\Alternativa\AppData\Local\Temp\is-1DFDV.tmp\4an1dufhclc.tmp
() [File not signed] C:\Users\Alternativa\AppData\Local\Temp\is-HA135.tmp\ldxqhs3u3lv.tmp
() [File not signed] C:\Users\Alternativa\AppData\Local\Temp\is-PPIRV.tmp\bbx3m1hvb2d.tmp
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ASUS) [File not signed] C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation - Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation - Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation -> ) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera.exe
(Opera Software AS -> Opera Software) C:\Users\Alternativa\AppData\Local\Programs\Opera\67.0.3575.79\opera_crashreporter.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2015-01-14] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\nvspcap64.dll [1283136 2018-03-30] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation - Mobile Wireless Group -> Intel Corporation)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-19] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Limited -> Power Software Ltd)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-26] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
HKLM\...\RunOnce: [uzl5kps2ap5] => C:\Program Files (x86)\aFsq\59843047.exe [456192 2020-03-21] () [File not signed]
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22256824 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2417528 2020-03-13] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [Opera Browser Assistant] => C:\Users\Alternativa\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3024408 2020-02-24] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [1610444] => C:\Users\Alternativa\AppData\Roaming\qnyif0llmvx\bbx3m1hvb2d.exe [513069 2020-03-21] ( ) [File not signed]
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [2639867] => C:\Users\Alternativa\AppData\Roaming\cjfkobcip43\4an1dufhclc.exe [513069 2020-03-22] ( ) [File not signed]
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [711788] => C:\Users\Alternativa\AppData\Roaming\1xwuqifw2td\ldxqhs3u3lv.exe [513069 2020-03-22] ( ) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-18] (Microsoft Corporation -> Microsoft Corp.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177952 2016-05-20] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation)
AppInit_DLLs: ,C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177952 2016-05-20] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155768 2016-05-20] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [155768 2016-05-20] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation)
IFEO\lotrbfme.exe: [Debugger]
IFEO\lotrbfme2.exe: [Debugger]
IFEO\lotrbfme2ep1.exe: [Debugger]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AB7E4FE-8828-463C-9AFB-67A7E95346B3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {0BE0771D-D86B-43EA-91FE-6364B3C20647} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18233016 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0F0AFFC4-B7CF-4A8A-BE4D-846C79F8A72B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {221FF07F-FC0A-4F47-9436-E5D8C05324F4} - System32\Tasks\{8965F50F-F111-4493-85B8-1F629BEEBB4E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.0.0.102/cs/abandoninstall?source=lightinstaller&page=tsInstall
Task: {27A110AE-78AD-4C5D-975C-7C6E69D0E153} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1120936 2012-01-30] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {363E3EC7-7573-4DEF-8020-9DACAB3E7CEA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {56DA73ED-5383-4CBD-A600-FFC1B3F9330C} - System32\Tasks\RunGadgetController => C:\Program Files (x86)\ASUS\InstantOn for NB\GadgetController.exe [2470528 2012-02-04] (ASUSTeK Computer Inc. -> ASUS)
Task: {7FC120C6-3DD4-4FAA-990E-4EB506943276} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {876F1F9D-E2A9-47DB-8D6B-037FCAA5EDA4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {955FE69C-3556-4A72-8C48-40DFBAA0A539} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-26] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {B772473F-58C8-4553-8C7E-7403347B6063} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {D5BD7C55-0DED-47BA-A0F8-0B80506ECD24} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_Plugin.exe [1458232 2020-03-11] (Adobe Inc. -> Adobe)
Task: {D7B96F7F-E609-4E56-8E9C-5E5C107681E9} - System32\Tasks\{3309225A-269D-400C-8F46-37EC3EC93056} => C:\windows\system32\pcalua.exe -a "C:\Users\Alternativa\Desktop\ROME TOTAL WAR - install\RTW cestina\RomeTotalWar_CZ.exe" -d "C:\Users\Alternativa\Desktop\ROME TOTAL WAR - install\RTW cestina"
Task: {E6C5EEA8-FE76-4623-BFE5-8AE50BBCDA7F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [1004464 2012-02-16] (ASUSTeK Computer Inc. -> ASUS) [File not signed]
Task: {FF3F5193-94E0-4EEE-BD84-E9848FA4290C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-18] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-18] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{1C2FA7DC-D0A1-419A-89B8-A04D279CF579}: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{580F81EA-D1D4-42B1-A5E4-DB4FB76F1B37}: [DhcpNameServer] 10.255.255.10 10.255.255.20

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-720473701-4286339666-290851041-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-720473701-4286339666-290851041-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
SearchScopes: HKU\S-1-5-21-720473701-4286339666-290851041-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {78234974-0C4B-4111-BDEB-D9A104418772} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-18] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {78234974-0C4B-4111-BDEB-D9A104418771} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: dskwqqrf.default-1452523124673-1535376006759
FF ProfilePath: C:\Users\Alternativa\AppData\Roaming\Mozilla\Firefox\Profiles\dskwqqrf.default-1452523124673-1535376006759 [2020-03-22]
FF Extension: (Telemetry coverage) - C:\Users\Alternativa\AppData\Roaming\Mozilla\Firefox\Profiles\dskwqqrf.default-1452523124673-1535376006759\features\{03c2325d-62fd-4a10-b824-18d1b59bb92b}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-10] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKU\S-1-5-21-720473701-4286339666-290851041-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd]
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd]

Opera:
=======
OPR Notifications: hxxps://www.youtube.com

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUSTeK Computer Inc. -> ASUS)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [383016 2018-03-22] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 FlexGridService; C:\ProgramData\FlexGridService\FlexGridService.exe [1254912 2020-03-21] (Genie-Soft) [File not signed] <==== ATTENTION
S3 GSService; C:\windows\SysWOW64\GSService.exe [444640 2014-07-28] (cyan soft ltd -> )
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-03-28] (Hi-Rez Studios) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-05-10] (Intel Corporation -> )
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-11] (Intel Corporation -> Intel Corporation)
S3 mracsvc; C:\windows\System32\mracsvc.exe [19136152 2020-03-16] (Mail.Ru LLC -> LLC Mail.Ru)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] (Intel Corporation - Mobile Wireless Group -> )
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-18] (Microsoft Corporation -> Microsoft Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel Corporation - Mobile Wireless Group -> Intel® Corporation)
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AgereSoftModem; C:\windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] (Microsoft Windows -> LSI Corp)
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R3 AMPPAL; C:\windows\System32\DRIVERS\AMPPAL.sys [195584 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 AMPPALP; C:\windows\System32\DRIVERS\amppal.sys [195584 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2016-03-25] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 AsusVBus; C:\windows\System32\DRIVERS\AsusVBus.sys [35968 2012-07-14] (ASUSTeK Computer Inc. -> Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\windows\System32\DRIVERS\AsusVTouch.sys [19104 2012-07-14] (ASUSTeK Computer Inc. -> ASUS)
S3 athr; C:\windows\System32\DRIVERS\athrx.sys [1394688 2009-06-20] (Microsoft Windows -> Atheros Communications, Inc.)
R3 ATP; C:\windows\System32\DRIVERS\AsusTP.sys [49824 2012-07-14] (ASUSTeK Computer Inc. -> ASUS Corporation)
S3 FTDIBUS; C:\windows\System32\drivers\ftdibus.sys [69320 2009-10-22] (Future Technology Devices International Ltd -> FTDI Ltd.)
S3 FTSER2K; C:\windows\System32\drivers\ftser2k.sys [84808 2009-10-22] (Future Technology Devices International Ltd -> FTDI Ltd.)
S3 intaud_WaveExtensible; C:\windows\System32\drivers\intelaud.sys [34200 2011-12-21] (Wireless Display -> Intel Corporation)
R3 iwdbus; C:\windows\System32\DRIVERS\iwdbus.sys [25496 2011-12-21] (Wireless Display -> Intel Corporation)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] (ASUSTeK Computer Inc. -> )
S3 L1C; C:\windows\System32\DRIVERS\L1C62x64.sys [57344 2009-06-10] (Microsoft Windows -> Atheros Communications, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 mracdrv; C:\windows\System32\drivers\mracdrv.sys [18367968 2020-03-16] (Mail.Ru LLC -> LLC Mail.Ru)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 SiSGbeLH; C:\windows\System32\DRIVERS\SiSG664.sys [56832 2009-06-10] (Microsoft Windows -> Silicon Integrated Systems Corp.)
U3 aswbdisk; no ImagePath
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-22 09:47 - 2020-03-22 09:47 - 000001308 _____ C:\Users\Public\Desktop\Skype.lnk
2020-03-22 09:47 - 2020-03-22 09:47 - 000001308 _____ C:\ProgramData\Desktop\Skype.lnk
2020-03-22 09:43 - 2020-03-22 09:43 - 022195200 _____ (Piriform Software Ltd) C:\Users\Alternativa\Desktop\cctrialsetup.exe
2020-03-22 09:37 - 2020-03-22 09:37 - 000000000 ____D C:\Users\Alternativa\AppData\Roaming\1xwuqifw2td
2020-03-22 09:31 - 2020-03-22 09:34 - 000000004 _____ C:\ProgramData\rc.dat
2020-03-22 09:30 - 2020-03-22 09:34 - 000000004 _____ C:\ProgramData\lock.dat
2020-03-22 09:30 - 2020-03-22 09:30 - 000000008 _____ C:\ProgramData\ts.dat
2020-03-22 09:30 - 2020-03-22 09:30 - 000000004 _____ C:\ProgramData\irw.atsd
2020-03-22 09:30 - 2020-03-22 09:30 - 000000000 ____D C:\Users\Alternativa\AppData\Roaming\cjfkobcip43
2020-03-21 17:51 - 2020-03-21 17:51 - 000000000 ____D C:\Users\Alternativa\AppData\Roaming\qnyif0llmvx
2020-03-21 17:50 - 2020-03-21 17:52 - 000000000 ____D C:\Program Files (x86)\aFsq
2020-03-21 17:50 - 2020-03-21 17:50 - 000000000 ____D C:\ProgramData\FlexGridService
2020-03-21 17:50 - 2020-03-21 17:50 - 000000000 ____D C:\Program Files (x86)\MediaHuman
2020-03-18 19:24 - 2020-03-22 09:40 - 000000000 ____D C:\Users\Alternativa\AppData\Roaming\uTorrent
2020-03-16 19:32 - 2020-03-16 19:32 - 000000000 ____D C:\Users\Alternativa\AppData\Local\NVIDIA Corporation

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-22 10:04 - 2018-03-28 13:14 - 000000000 ____D C:\FRST
2020-03-22 10:03 - 2018-03-28 14:08 - 000000000 ____D C:\Users\Alternativa\Desktop\viry.cz
2020-03-22 09:49 - 2015-02-09 18:51 - 000000000 ____D C:\Program Files\WinRAR
2020-03-22 09:47 - 2018-01-06 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-03-22 09:45 - 2017-10-13 19:05 - 000000000 ____D C:\Users\Alternativa\AppData\Local\CrashDumps
2020-03-22 09:45 - 2016-10-07 17:12 - 000000000 ____D C:\Program Files (x86)\Steam
2020-03-22 09:45 - 2009-07-14 05:45 - 000018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-03-22 09:45 - 2009-07-14 05:45 - 000018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-03-22 09:45 - 2009-07-14 04:20 - 000000000 ____D C:\windows\inf
2020-03-22 09:44 - 2018-10-13 18:09 - 000000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-03-22 09:44 - 2018-10-13 18:09 - 000000824 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-03-22 09:44 - 2018-08-01 15:22 - 000000000 ____D C:\Program Files\CCleaner
2020-03-22 09:36 - 2016-10-07 20:31 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2020-03-22 09:36 - 2015-06-27 13:31 - 000000000 ____D C:\ProgramData\NVIDIA
2020-03-22 09:36 - 2015-01-07 20:01 - 000002270 _____ C:\windows\system32\AutoRunFilter.ini
2020-03-22 09:35 - 2009-07-14 06:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-03-22 09:34 - 2015-01-07 11:15 - 000000000 ____D C:\Program Files (x86)\CyberLink
2020-03-22 09:34 - 2013-02-23 08:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2020-03-22 09:34 - 2013-02-23 08:45 - 000000000 ____D C:\Program Files (x86)\ASUS
2020-03-22 09:34 - 2011-02-19 06:36 - 000669164 _____ C:\windows\system32\perfh005.dat
2020-03-22 09:34 - 2011-02-19 06:36 - 000141790 _____ C:\windows\system32\perfc005.dat
2020-03-22 09:34 - 2009-07-14 06:13 - 001584756 _____ C:\windows\system32\PerfStringBackup.INI
2020-03-22 09:29 - 2015-03-06 21:28 - 000000380 _____ C:\Users\Alternativa\AppData\Roaming\sp_data.sys
2020-03-22 09:29 - 2015-01-07 20:01 - 000002106 _____ C:\windows\system32\ServiceFilter.ini
2020-03-20 19:17 - 2020-01-04 19:52 - 000041099 _____ C:\Users\Alternativa\Desktop\epd2020.xlsx
2020-03-19 14:02 - 2015-06-23 08:43 - 000004476 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-03-19 14:01 - 2015-11-06 19:21 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-03-17 18:43 - 2019-03-14 22:42 - 000000000 ____D C:\Users\Alternativa\AppData\Roaming\Stellarium
2020-03-16 19:31 - 2017-11-12 14:12 - 019136152 _____ (LLC Mail.Ru) C:\windows\system32\mracsvc.exe
2020-03-16 19:31 - 2017-11-12 14:12 - 018367968 _____ (LLC Mail.Ru) C:\windows\system32\Drivers\mracdrv.sys
2020-03-14 22:09 - 2017-12-02 10:13 - 000000000 ____D C:\Users\Alternativa\AppData\Roaming\discord
2020-03-11 23:53 - 2019-09-11 19:14 - 000000000 ____D C:\Users\Alternativa\Desktop\World of Warcraft Cataclysm 4.3.4
2020-03-11 18:36 - 2018-03-13 17:36 - 000004534 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-03-11 18:36 - 2013-02-23 08:37 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2020-03-11 18:36 - 2013-02-23 08:37 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-03-11 18:36 - 2013-02-23 08:37 - 000004312 _____ C:\windows\system32\Tasks\Adobe Flash Player Updater
2020-03-11 18:36 - 2013-02-23 08:37 - 000000000 ____D C:\windows\SysWOW64\Macromed
2020-03-11 18:36 - 2013-02-23 08:37 - 000000000 ____D C:\windows\system32\Macromed
2020-03-09 10:07 - 2017-09-20 20:07 - 000000000 ____D C:\Users\Alternativa\AppData\Roaming\MPC-HC
2020-02-28 20:39 - 2017-08-17 19:01 - 000002191 _____ C:\Users\Alternativa\Desktop\Discord.lnk
2020-02-28 20:39 - 2017-08-17 19:01 - 000000000 ____D C:\Users\Alternativa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-02-28 20:39 - 2017-08-17 19:00 - 000000000 ____D C:\Users\Alternativa\AppData\Local\Discord
2020-02-25 17:53 - 2019-07-21 15:25 - 000000000 ____D C:\Users\Alternativa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2020-02-25 17:47 - 2015-01-07 19:45 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-02-25 17:39 - 2015-03-06 21:28 - 000000000 ____D C:\Users\Alternativa

==================== Files in the root of some directories ========

2020-03-22 09:30 - 2020-03-22 09:34 - 000000004 _____ () C:\ProgramData\lock.dat
2020-03-22 09:31 - 2020-03-22 09:34 - 000000004 _____ () C:\ProgramData\rc.dat
2009-07-29 06:21 - 2009-07-28 19:31 - 000000223 _____ () C:\ProgramData\setwallpaper.cmd
2020-03-22 09:30 - 2020-03-22 09:30 - 000000008 _____ () C:\ProgramData\ts.dat
2017-03-19 01:28 - 2017-09-03 07:50 - 000000097 _____ () C:\Users\Alternativa\AppData\Roaming\LauncherSettings_live.cfg
2015-03-06 21:28 - 2020-03-22 09:29 - 000000380 _____ () C:\Users\Alternativa\AppData\Roaming\sp_data.sys
2017-03-19 01:43 - 2017-08-06 07:35 - 000000042 _____ () C:\Users\Alternativa\AppData\Roaming\TheHunterSettings_steam_live.cfg
2016-12-10 16:05 - 2018-04-28 10:56 - 000007602 _____ () C:\Users\Alternativa\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-03-18 12:35
==================== End of FRST.txt ========================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[il.mateji]

# -------------------------------
# Malwarebytes AdwCleaner 8.0.3.0
# -------------------------------
# Build: 03-03-2020
# Database: 2020-03-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-22-2020
# Duration: 00:00:03
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1375 octets] - [06/12/2018 11:38:04]
AdwCleaner[C00].txt - [1521 octets] - [06/12/2018 11:38:53]
AdwCleaner[S01].txt - [1379 octets] - [14/03/2019 21:25:20]
AdwCleaner[S02].txt - [1529 octets] - [23/05/2019 15:21:29]
AdwCleaner[C02].txt - [1695 octets] - [23/05/2019 15:21:39]
AdwCleaner[S03].txt - [1562 octets] - [26/09/2019 18:24:09]
AdwCleaner[C03].txt - [1748 octets] - [26/09/2019 18:24:38]
AdwCleaner[S04].txt - [1847 octets] - [22/03/2020 09:27:15]
AdwCleaner[C04].txt - [1955 octets] - [22/03/2020 09:27:51]
AdwCleaner[S05].txt - [4178 octets] - [22/03/2020 09:33:25]
AdwCleaner[C05].txt - [4600 octets] - [22/03/2020 09:34:57]
AdwCleaner[S06].txt - [2084 octets] - [22/03/2020 09:53:05]
AdwCleaner[S07].txt - [2145 octets] - [22/03/2020 12:17:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C07].txt ##########

[Rudy]

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\...\RunOnce: [uzl5kps2ap5] => C:\Program Files (x86)\aFsq\59843047.exe [456192 2020-03-21] () [File not signed]
C:\Program Files (x86)\aFsq
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [1610444] => C:\Users\Alternativa\AppData\Roaming\qnyif0llmvx\bbx3m1hvb2d.exe [513069 2020-03-21] ( ) [File not signed]
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [2639867] => C:\Users\Alternativa\AppData\Roaming\cjfkobcip43\4an1dufhclc.exe [513069 2020-03-22] ( ) [File not signed]
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [711788] => C:\Users\Alternativa\AppData\Roaming\1xwuqifw2td\ldxqhs3u3lv.exe [513069 2020-03-22] ( ) [File not signed]
C:\Users\Alternativa\AppData\Roaming\qnyif0llmvx
C:\Users\Alternativa\AppData\Roaming\cjfkobcip43
C:\Users\Alternativa\AppData\Roaming\1xwuqifw2td
IFEO\lotrbfme.exe: [Debugger]
IFEO\lotrbfme2.exe: [Debugger]
IFEO\lotrbfme2ep1.exe: [Debugger]
ask: {D7B96F7F-E609-4E56-8E9C-5E5C107681E9} - System32\Tasks\{3309225A-269D-400C-8F46-37EC3EC93056} => C:\windows\system32\pcalua.exe -a "C:\Users\Alternativa\Desktop\ROME TOTAL WAR - install\RTW cestina\RomeTotalWar_CZ.exe" -d "C:\Users\Alternativa\Desktop\ROME TOTAL WAR - install\RTW cestina"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: No Name -> {78234974-0C4B-4111-BDEB-D9A104418772} -> No File
BHO-x32: No Name -> {78234974-0C4B-4111-BDEB-D9A104418771} -> No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
S2 FlexGridService; C:\ProgramData\FlexGridService\FlexGridService.exe [1254912 2020-03-21] (Genie-Soft) [File not signed] <==== ATTENTION
S3 mracsvc; C:\windows\System32\mracsvc.exe [19136152 2020-03-16] (Mail.Ru LLC -> LLC Mail.Ru)
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2016-03-25] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 mracdrv; C:\windows\System32\drivers\mracdrv.sys [18367968 2020-03-16] (Mail.Ru LLC -> LLC Mail.Ru)
U3 aswbdisk; no ImagePath
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => -> No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[il.mateji]

Po fixu a reštarte PC som zase dostal "neodolateľnú ponuku v prehliadači" a antivir hlási znovu v karanténe tri kone...
V "Správci úloh" a "procesoch" som si všimol procesu, ktorý už podľa názvu vypadá podozrivo.
Cesta k nemu je popísaná ako:
C:\Users\Alternativa\AppData\Local\Temp\is-JT2KF.tmp
a popis je Setup/uninstall
(screen)

podozrivy_proces.jpg (127.24 KiB) Zobrazeno 1453 x

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-03-2020
Ran by Alternativa (22-03-2020 13:29:13) Run:1
Running from C:\Users\Alternativa\Desktop\viry.cz
Loaded Profiles: Alternativa (Available Profiles: PC & Alternativa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\...\RunOnce: [uzl5kps2ap5] => C:\Program Files (x86)\aFsq\59843047.exe [456192 2020-03-21] () [File not signed]
C:\Program Files (x86)\aFsq
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [1610444] => C:\Users\Alternativa\AppData\Roaming\qnyif0llmvx\bbx3m1hvb2d.exe [513069 2020-03-21] ( ) [File not signed]
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [2639867] => C:\Users\Alternativa\AppData\Roaming\cjfkobcip43\4an1dufhclc.exe [513069 2020-03-22] ( ) [File not signed]
HKU\S-1-5-21-720473701-4286339666-290851041-1002\...\Run: [711788] => C:\Users\Alternativa\AppData\Roaming\1xwuqifw2td\ldxqhs3u3lv.exe [513069 2020-03-22] ( ) [File not signed]
C:\Users\Alternativa\AppData\Roaming\qnyif0llmvx
C:\Users\Alternativa\AppData\Roaming\cjfkobcip43
C:\Users\Alternativa\AppData\Roaming\1xwuqifw2td
IFEO\lotrbfme.exe: [Debugger]
IFEO\lotrbfme2.exe: [Debugger]
IFEO\lotrbfme2ep1.exe: [Debugger]
ask: {D7B96F7F-E609-4E56-8E9C-5E5C107681E9} - System32\Tasks\{3309225A-269D-400C-8F46-37EC3EC93056} => C:\windows\system32\pcalua.exe -a "C:\Users\Alternativa\Desktop\ROME TOTAL WAR - install\RTW cestina\RomeTotalWar_CZ.exe" -d "C:\Users\Alternativa\Desktop\ROME TOTAL WAR - install\RTW cestina"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: No Name -> {78234974-0C4B-4111-BDEB-D9A104418772} -> No File
BHO-x32: No Name -> {78234974-0C4B-4111-BDEB-D9A104418771} -> No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
S2 FlexGridService; C:\ProgramData\FlexGridService\FlexGridService.exe [1254912 2020-03-21] (Genie-Soft) [File not signed] <==== ATTENTION
S3 mracsvc; C:\windows\System32\mracsvc.exe [19136152 2020-03-16] (Mail.Ru LLC -> LLC Mail.Ru)
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2016-03-25] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 mracdrv; C:\windows\System32\drivers\mracdrv.sys [18367968 2020-03-16] (Mail.Ru LLC -> LLC Mail.Ru)
U3 aswbdisk; no ImagePath
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => -> No File

EmptyTemp:
End

*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\uzl5kps2ap5" => not found
C:\Program Files (x86)\aFsq => moved successfully
"HKU\S-1-5-21-720473701-4286339666-290851041-1002\Software\Microsoft\Windows\CurrentVersion\Run\\1610444" => removed successfully
"HKU\S-1-5-21-720473701-4286339666-290851041-1002\Software\Microsoft\Windows\CurrentVersion\Run\\2639867" => removed successfully
"HKU\S-1-5-21-720473701-4286339666-290851041-1002\Software\Microsoft\Windows\CurrentVersion\Run\\711788" => removed successfully
C:\Users\Alternativa\AppData\Roaming\qnyif0llmvx => moved successfully
C:\Users\Alternativa\AppData\Roaming\cjfkobcip43 => moved successfully
C:\Users\Alternativa\AppData\Roaming\1xwuqifw2td => moved successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lotrbfme.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lotrbfme2.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\lotrbfme2ep1.exe => removed successfully
ask: {D7B96F7F-E609-4E56-8E9C-5E5C107681E9} - System32\Tasks\{3309225A-269D-400C-8F46-37EC3EC93056} => C:\windows\system32\pcalua.exe -a "C:\Users\Alternativa\Desktop\ROME TOTAL WAR - install\RTW cestina\RomeTotalWar_CZ.exe" -d "C:\Users\Alternativa\Desktop\ROME TOTAL WAR - install\RTW cestina" => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78234974-0C4B-4111-BDEB-D9A104418772} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78234974-0C4B-4111-BDEB-D9A104418771} => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1 => removed successfully
HKLM\System\CurrentControlSet\Services\FlexGridService => removed successfully
FlexGridService => service removed successfully
HKLM\System\CurrentControlSet\Services\mracsvc => removed successfully
mracsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully
AppMgmt => service removed successfully
HKLM\System\CurrentControlSet\Services\mracdrv => removed successfully
mracdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_B => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_O => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_U => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\BackupContextMenuExtension => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14724126 B
Java, Flash, Steam htmlcache => 458558583 B
Windows/system/drivers => 666108 B
Edge => 0 B
Chrome => 0 B
Firefox => 17690026 B
Opera => 357365254 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 256 B
LocalService => 256 B
NetworkService => 30129806 B
UpdatusUser => 30129806 B
PC => 964510723 B
Alternativa => 1058836495 B

RecycleBin => 0 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:30:46 ====

[Rudy]

PC je celkem dost zaneřáděna ne všechno zobrazí FRST. Spusťte AVPtool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilita v odkazu je niovější verze, takže popis nebude přesně sedět. Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde.

[il.mateji]

Hotovo. AVP po asi dvoch hodinách našiel 11 podozrivých súborov, medzi nimi podľa popisu boli dva ďalšie kone, ktoré sa vyhli antivíru.
Žiaľ nemôžem nikde nájsť log, ktorý by mal byť podľa návodu...

[Rudy]

Utilita v odkazu je novější verze, takže popis nebude přesně sedět. Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde.

Log utilita už nedává. Důležité je smazání. Pokud jste to provedl, PC bude čisté.

[il.mateji]

Určite. Ja som si len naivne myslel, že by tam log niekde mohol byť, tak som sa o tom len zmienil.

Od rána to vypadá s PC v poriadku, zatiaľ som žiadnu neodmietnuteľnú ponuku nedostal a antivir nič nehlási.
Ozvem sa večer.

[Rudy]

OK, budu nejspíše tady.

[il.mateji]

Tak ani behom dňa sa nič nečakané nestalo, myslím že je to v poriadku.

Veľmi pekne Vám ďakujem za pomoc.

[Rudy]

To jsem rád. Nemáte zač!