VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Malware na facebooku

https://forum.viry.cz:443/viewtopic.php?t=149857

Stránka 1 z 3

Malware na facebooku

Napsal: 29 srp 2016 16:21
od Filis
Vyskočilo mi okno s textem, že jsem stal obětí malware a zároveň nabídka od (údajně) facebooku, že se proklikám k odstranění.

"Stáhněte si software pro vyhledávání malwaru
Abychom vám pomohli zbavit se malwaru, uzavřeli jsme partnerství se společností F-Secure Online Scanner, která nabízí bezplatný antivirový produkt. Tento software zkontroluje váš počítač a odstraní případný malware."

Mám toto použít? Není to právě nějaký vir?

Díky!

Re: Malware na facebooku

Napsal: 29 srp 2016 17:17
od Rudy
Zdravím!
Určitě nestahujte, může to být kdovíco. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: Malware na facebooku

Napsal: 29 srp 2016 17:34
od Filis
Odkaz toho Launcheru mi ukazuje stránku s varováním, že se jedná o stránku se škodlivými programi...

Re: Malware na facebooku

Napsal: 29 srp 2016 17:36
od Rudy
Některý prohlížeč se brání. Stáhněte to přes IE, vir to není, běžně ho tu používáme. :)

Re: Malware na facebooku

Napsal: 29 srp 2016 17:42
od Filis
IE mi zase vyhazuje: "Tato stránka se nedá zobrazit" :?:

Re: Malware na facebooku

Napsal: 29 srp 2016 19:01
od Rudy
Zkuste tento:
Downloads.rar
(2.95 MiB) Staženo 64 x
Jsou tam oba 32/64bit, nevím, jaký máte systém. A nevím, co tam máte za ochranu, mě to stáhne Firefox bez keců.

Re: Malware na facebooku

Napsal: 29 srp 2016 21:47
od Filis
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2016
Ran by User (administrator) on LENOVO-PC (29-08-2016 22:28:20)
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & User (Available Profiles: UpdatusUser & User)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Pokki) C:\Users\User\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
() C:\Users\User\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Program Files (x86)\Lenovo\onelinkpromgn.exe
() C:\Users\User\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
() C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Pokki) C:\Users\User\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\User\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\User\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ricardo Villalba) C:\Program Files\SMPlayer\smplayer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_6.3.9600.20278_x64__8wekyb3d8bbwe\numbers.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(The MPlayer Project) C:\Program Files\SMPlayer\mplayer\mplayer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-21] (Lenovo Group Limited)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-10-21] (Realtek Semiconductor Corporation)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [670960 2013-08-15] (Synaptics)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [939976 2015-02-20] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART2] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (Lenovo Corporation)
HKLM\...\Run: [LMCSSTART3] => C:\Program Files\Lenovo\Communications Utility\lmcsctrl.exe [35856 2016-04-12] (Lenovo Corporation)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1720184 2013-07-26] ()
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [750320 2014-08-19] (Lenovo)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-08] (AVAST Software)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\...\Run: [cz.seznam.software.autoupdate] => C:\Users\User\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\...\Run: [cz.seznam.software.szndesktop] => C:\Users\User\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\...\MountPoints2: {f3a48b8a-475a-11e5-8258-18cf5eba54cd} - "E:\HPLauncher.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-11-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [156256 2013-11-01] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ThinkPad OneLink Dock Management.lnk [2014-08-19]
ShortcutTarget: ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\onelinkpromgn.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{54AB972E-F1C1-4346-880E-E1B244775729}: [DhcpNameServer] 10.255.255.10 10.255.255.20

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3609408744-3582206182-4132503271-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> DefaultScope {CE0E361A-27C5-4D65-A083-2E6E12C40620} URL =
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {5F473DAE-A01D-4FF3-BEB4-740045698054} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {6CF4E95A-626B-4775-8B4B-0AF902E85FB4} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {6F3BF307-C878-4488-B6D7-851C6F59D41E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {A21F809A-A1C2-40CC-943B-5B2F15DC5D6A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {AB3D1C86-8BBE-4171-8AAE-17C554D18743} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {BAFF78DC-8E31-4236-BE97-943B1C1FC067} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {CE0E361A-27C5-4D65-A083-2E6E12C40620} URL =
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {E0D8AEFE-70B5-4D6A-AD85-E0822DA4C4C6} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {E7D97217-D658-466F-B2BC-B4FE52DE6705} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {F3A847F4-660C-4343-84B3-1827DFA28303} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-03] (AVAST Software)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-03] (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=0.9.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-19]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.cz/
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-22]
CHR Extension: (Dokumenty Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-22]
CHR Extension: (Disk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Seznam Lištička - Email) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-06-24]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-06-24]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Tabulky Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome to Mobile) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2016-01-14]
CHR Extension: (Click by Voice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnogpkbdogcgciecomlojjoapemfgei [2016-08-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-01-14]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-06-24]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-03] (AVAST Software)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [566288 2016-04-12] (Lenovo Corporation)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [66560 2013-11-07] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2014-08-19] (Lenovo)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-23] (Lenovo)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2023592 2015-09-25] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [631312 2016-04-12] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-11] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [480712 2015-03-23] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-05-12] ()
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2014-02-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [322608 2014-02-12] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-05-25] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [88400 2015-12-06] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHdsKe; C:\windows\system32\drivers\aswHdsKe.sys [83312 2016-07-21] (AVAST Software)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [65928 2014-08-19] (Windows (R) Win 7 DDK provider)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-07] (Lenovo)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [555224 2013-11-19] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-15] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19664 2015-12-02] (Windows (R) Win 7 DDK provider)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1509880 2013-09-05] (Sunplus)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-29 22:28 - 2016-08-29 22:29 - 00028878 _____ C:\Users\User\Desktop\FRST.txt
2016-08-29 22:27 - 2016-08-29 22:28 - 00000000 ____D C:\FRST
2016-08-29 22:26 - 2016-08-29 22:26 - 00002109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2016-08-29 22:26 - 2016-08-29 22:26 - 00001345 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-08-29 22:26 - 2016-08-29 22:26 - 00001211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
2016-08-29 22:26 - 2016-08-29 22:26 - 00001199 _____ C:\Users\Public\Desktop\Express Zip File Compression.lnk
2016-08-29 22:25 - 2016-08-29 22:25 - 03097246 _____ C:\Users\User\Desktop\Downloads.rar
2016-08-29 18:26 - 2016-08-29 18:26 - 02396672 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2016-08-25 20:25 - 2016-08-25 20:25 - 00003228 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task
2016-08-25 20:24 - 2016-08-25 20:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-08-23 18:58 - 2016-08-23 18:59 - 00298280 _____ C:\windows\Minidump\082316-39609-01.dmp
2016-08-23 18:58 - 2016-08-23 18:58 - 799798395 _____ C:\windows\MEMORY.DMP
2016-08-16 23:17 - 2016-08-16 23:30 - 106153897 _____ C:\Users\User\Downloads\Teorie-velkého-třesku-S09E19-Zmaření-plánované-pomsty-[HD-720p-CZ].mkv.crdownload
2016-08-15 21:43 - 2016-08-15 21:43 - 00063426 _____ C:\Users\User\Desktop\data.pdf
2016-08-06 10:37 - 2016-08-06 10:37 - 00000835 _____ C:\Users\Public\Desktop\SMPlayer.lnk
2016-08-06 10:34 - 2016-08-06 10:35 - 32909264 _____ C:\Users\User\smplayer-16.8.0-x64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-29 22:32 - 2015-08-15 00:19 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3609408744-3582206182-4132503271-1002
2016-08-29 22:29 - 2016-01-22 22:20 - 00000000 ____D C:\ProgramData\Synaptics
2016-08-29 22:26 - 2016-01-29 19:57 - 00000000 ____D C:\windows\System32\Tasks\NCH Software
2016-08-29 22:26 - 2016-01-29 19:57 - 00000000 ____D C:\ProgramData\NCH Software
2016-08-29 22:26 - 2016-01-29 19:57 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-08-29 22:20 - 2015-08-22 17:41 - 00000980 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-29 18:33 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\NDF
2016-08-29 15:44 - 2016-06-23 16:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Seznam.cz
2016-08-29 15:40 - 2015-08-15 00:13 - 00000000 ____D C:\Users\User\AppData\Local\SweetLabs App Platform
2016-08-29 15:39 - 2016-05-24 19:14 - 00000000 ___DO C:\Users\User\OneDrive
2016-08-29 05:59 - 2015-09-01 20:44 - 00535552 ___SH C:\Users\User\Desktop\Thumbs.db
2016-08-28 22:29 - 2016-04-11 21:43 - 00000000 ____D C:\Users\User\.smplayer
2016-08-28 22:00 - 2015-08-17 18:22 - 00003970 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A1D85DC5-5426-4C3B-81C1-FC98C450B7D6}
2016-08-28 21:27 - 2016-01-03 17:58 - 00011181 _____ C:\Users\User\Desktop\Akce.xlsx
2016-08-25 22:34 - 2014-08-19 07:37 - 00739924 _____ C:\windows\system32\perfh005.dat
2016-08-25 22:34 - 2014-08-19 07:37 - 00151610 _____ C:\windows\system32\perfc005.dat
2016-08-25 22:34 - 2013-10-07 20:27 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-25 22:34 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-08-25 20:25 - 2016-04-26 15:38 - 00002374 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2016-08-25 20:25 - 2015-08-31 12:43 - 00003180 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3609408744-3582206182-4132503271-1002
2016-08-24 05:53 - 2014-08-19 07:29 - 00000000 ____D C:\windows\SysWOW64\NV
2016-08-24 05:53 - 2014-08-19 07:29 - 00000000 ____D C:\windows\system32\NV
2016-08-24 05:53 - 2014-08-19 07:29 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-24 05:53 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-23 19:01 - 2014-08-19 07:30 - 00000000 ____D C:\Users\UpdatusUser
2016-08-23 18:58 - 2015-08-22 05:57 - 00000000 ____D C:\windows\Minidump
2016-08-23 05:59 - 2014-08-19 08:04 - 839323648 ___SH C:\windows\lenovo_fastboot.img
2016-08-22 22:21 - 2015-08-15 00:15 - 00000000 ____D C:\Users\User\AppData\Local\Lenovo
2016-08-17 21:06 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2016-08-16 15:46 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-16 15:44 - 2015-08-31 12:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-11 15:47 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-11 15:47 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-08-10 23:23 - 2016-01-16 16:00 - 00011539 _____ C:\Users\User\Desktop\udělat.xlsx
2016-08-08 22:21 - 2015-08-22 17:41 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 12:00 - 2015-08-24 21:02 - 00000000 ___RD C:\Users\User\Documents\Scanned Documents
2016-08-06 11:18 - 2015-11-21 09:42 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-08-06 10:37 - 2016-04-11 21:42 - 00000000 ____D C:\Program Files\SMPlayer
2016-08-05 17:01 - 2015-11-21 09:42 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-07-30 22:31 - 2016-02-11 16:33 - 00002467 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2016-07-30 22:29 - 2015-10-31 11:00 - 00003304 _____ C:\windows\System32\Tasks\SweetLabs App Platform
2016-07-30 22:15 - 2015-08-22 17:41 - 00003952 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 22:15 - 2015-08-22 17:41 - 00003716 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-30 22:15 - 2015-08-22 17:41 - 00000976 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2015-08-17 18:23 - 2015-08-17 18:23 - 0000041 _____ () C:\Program Files\smaple.txt
2015-08-15 00:14 - 2016-08-29 18:08 - 1802663 _____ () C:\Users\User\AppData\Local\BTServer.log
2016-01-29 21:36 - 2016-01-29 21:56 - 0000026 _____ () C:\Users\User\AppData\Local\isoworkshop.ini
2015-08-15 00:15 - 2015-08-21 23:19 - 0000193 _____ () C:\Users\User\AppData\Local\RegisteredPackageInformation.xml
2014-08-19 07:32 - 2014-08-19 07:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-19 08:08 - 2014-08-19 08:08 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-08-19 08:05 - 2014-08-19 08:06 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-08-19 08:06 - 2014-08-19 08:07 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-08-19 08:07 - 2014-08-19 08:08 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Files to move or delete:
====================
C:\Users\User\avast_internet_security_setup_online.exe
C:\Users\User\HPSupportSolutionsFramework-12.0.30.219.exe
C:\Users\User\smplayer-16.8.0-x64.exe
C:\Users\User\vlc-0.9.9-win32.exe
C:\Users\User\XnView-win-full.exe


Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\obexpf.dll
C:\Users\User\AppData\Local\Temp\oct7A29.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-17 21:47

==================== End of FRST.txt ============================

Re: Malware na facebooku

Napsal: 30 srp 2016 16:27
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\...\MountPoints2: {f3a48b8a-475a-11e5-8258-18cf5eba54cd} - "E:\HPLauncher.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> DefaultScope {CE0E361A-27C5-4D65-A083-2E6E12C40620} URL =
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {CE0E361A-27C5-4D65-A083-2E6E12C40620} URL =
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Users\User\avast_internet_security_setup_online.exe
C:\Users\User\HPSupportSolutionsFramework-12.0.30.219.exe
C:\Users\User\smplayer-16.8.0-x64.exe
C:\Users\User\vlc-0.9.9-win32.exe
C:\Users\User\XnView-win-full.exe
C:\Users\User\AppData\Local\Temp
AlternateDataStreams: C:\Users\User\Desktop\Kropík 10.6.2016.png:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\User\Desktop\Kropík 10.6.2016.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Malware na facebooku

Napsal: 30 srp 2016 20:02
od Filis
Soubor fixlist.txt. mám na ploše, pokud pouze otevřu (nespouštím scan) FRST a kliknu "FIX" vyskočí mi fixlist.txt. nenalezen.

Re: Malware na facebooku

Napsal: 30 srp 2016 20:41
od Rudy
Fixlist musí být ve stejném adresáři, jako FRST, tzn v C:\Users\User\Desktop. Ještě zkontrolujte, jestli nemáte v názvu překlep (fixlist.txt).

Re: Malware na facebooku

Napsal: 30 srp 2016 20:50
od Filis
Omlouvám se, moje chyba. Špatně jsem ten název zkopíroval.

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by User (30-08-2016 21:40:52) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & User (Available Profiles: UpdatusUser & User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\...\MountPoints2: {f3a48b8a-475a-11e5-8258-18cf5eba54cd} - "E:\HPLauncher.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> DefaultScope {CE0E361A-27C5-4D65-A083-2E6E12C40620} URL =
SearchScopes: HKU\S-1-5-21-3609408744-3582206182-4132503271-1002 -> {CE0E361A-27C5-4D65-A083-2E6E12C40620} URL =
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Users\User\avast_internet_security_setup_online.exe
C:\Users\User\HPSupportSolutionsFramework-12.0.30.219.exe
C:\Users\User\smplayer-16.8.0-x64.exe
C:\Users\User\vlc-0.9.9-win32.exe
C:\Users\User\XnView-win-full.exe
C:\Users\User\AppData\Local\Temp
AlternateDataStreams: C:\Users\User\Desktop\Kropík 10.6.2016.png:3or4kl4x13tuuug3Byamue2s4b [79]
AlternateDataStreams: C:\Users\User\Desktop\Kropík 10.6.2016.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
End
*****************

"HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3a48b8a-475a-11e5-8258-18cf5eba54cd}" => key removed successfully
HKCR\CLSID\{f3a48b8a-475a-11e5-8258-18cf5eba54cd} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3609408744-3582206182-4132503271-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE0E361A-27C5-4D65-A083-2E6E12C40620}" => key removed successfully
HKCR\CLSID\{CE0E361A-27C5-4D65-A083-2E6E12C40620} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
C:\Users\User\avast_internet_security_setup_online.exe => moved successfully
C:\Users\User\HPSupportSolutionsFramework-12.0.30.219.exe => moved successfully
C:\Users\User\smplayer-16.8.0-x64.exe => moved successfully
C:\Users\User\vlc-0.9.9-win32.exe => moved successfully
C:\Users\User\XnView-win-full.exe => moved successfully

"C:\Users\User\AppData\Local\Temp" folder move:

Could not move "C:\Users\User\AppData\Local\Temp" => Scheduled to move on reboot.

C:\Users\User\Desktop\Kropík 10.6.2016.png => ":3or4kl4x13tuuug3Byamue2s4b" ADS removed successfully.
C:\Users\User\Desktop\Kropík 10.6.2016.png => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-08-2016 21:42:44)

"C:\ProgramData\DP45977C.lfl" => Could not move
C:\Users\User\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:42:44 ====

Re: Malware na facebooku

Napsal: 30 srp 2016 21:22
od Rudy
Smazáno. Nastala nějaká změna?

Re: Malware na facebooku

Napsal: 30 srp 2016 21:26
od Filis
Když se pokusím přihlásit na fb, tak se objevuje stále toto:

Zabezpečení účtu
Zdravíme, Filip, domníváme se, že je váš počítač nakažený malwarem a prostřednictvím vašeho Facebook účtu šíří spam. Provedeme vás několika kroky, v kterých vám to podrobněji vysvětlíme a budeme ve vašem počítači hledat malware.
1
Informace o malwaru
2
Stáhnout software pro vyhledávání malwaru
3
Spustit skenování
4
Přihlášení

Re: Malware na facebooku

Napsal: 30 srp 2016 21:32
od Rudy
OK. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Malware na facebooku

Napsal: 30 srp 2016 21:54
od Filis
Scan hotov, nalezeny 3 hrozby, ale nevím kde je log.
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz