VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vir po stažení programu na snímaní plochy

https://forum.viry.cz:443/viewtopic.php?t=151427

Stránka 1 z 1

Vir po stažení programu na snímaní plochy

Napsal: 15 úno 2017 17:18
od Volny256
Dobrý den,

Po stažení programu a následné instalaci mi automaticky program začal stahovat spoustu souborů (aliexpres...) a podobně. V systému je nainstalováno spousta zbytečností, pravděpodobně různé malwary.
Mohli byste se na to kouknout?
Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 01
Ran by Marťas (administrator) on DESKTOP-IMU1TCG (15-02-2017 17:14:03)
Running from C:\Users\Marťas\Desktop
Loaded Profiles: Marťas (Available Profiles: defaultuser0 & Marťas)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\ProgramData\NetworkPacketManitor\Nettrans.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-12-17] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-10] (ELAN Microelectronics Corp.)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [OneDrive] => C:\Users\Marťas\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1517280 2017-01-13] (Microsoft Corporation) <===== ATTENTION
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [GoogleChromeAutoLaunch_F2169D7533533C5932816DA6EE4B0D3B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [MyComGames] => C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe [5013392 2017-02-14] (MY.COM B.V.) <===== ATTENTION
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [produpd] => "C:\Users\Marťas\AppData\Roaming\VDI\Shared\Product Updater\produpd.exe" /20506 <===== ATTENTION
HKLM\...\Providers\qs4j0wbq: C:\Program Files (x86)\Coitoy Manager\local64spl.dll [307200 2017-02-14] ()
AppInit_DLLs: C:\ProgramData\Ronzap\Stockin.dll => C:\ProgramData\Ronzap\Stockin.dll [358912 2017-02-15] ()
AppInit_DLLs-x32: C:\ProgramData\Ronzap\U-Zumstrong.dll => C:\ProgramData\Ronzap\U-Zumstrong.dll [248320 2017-02-15] ()
ShellExecuteHooks: No Name - {8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} - C:\Users\Marťas\AppData\Roaming\Grjelyckojule\Coosak.dll -> No File
Startup: C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monhost.lnk [2017-02-15] <===== ATTENTION
ShortcutTarget: monhost.lnk -> C:\Users\Marťas\AppData\Roaming\VDI\Shared\Product Updater\monhost.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{02c273f3-199c-452b-9e83-6cf7b4ac56ca}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{03d29909-5cf5-4c48-9d1c-6d0c9b13c62d}: [DhcpNameServer] 10.0.0.1 10.0.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXNK-9KXdsNt4TNE5gx242qujwVNkv7VFQPatKgidUULgpokjiR3t_QNSkGSP9oKoVCfMXQBx0uNbS8L36e0FA8kWLIom
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}

FireFox:
========
FF DefaultProfile: pjvuic15.default
FF ProfilePath: C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\pjvuic15.default\Profiles\pjvuic15.default [not found]
FF ProfilePath: C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\pjvuic15.default [2017-02-15]
FF NewTab: Mozilla\Firefox\Profiles\pjvuic15.default -> C:\\ProgramData\\Ronzaps\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\pjvuic15.default -> C:\\ProgramData\\Ronzaps\\ff.HP
FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2017-02-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1626131941-1098701557-2232362238-1001: @my.com/Games -> C:\Users\Marťas\AppData\Local\MyComGames\NPMyComDetector.dll [2017-02-12] (MY.COM B.V.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}& ... UH&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-15] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-08]
CHR Extension: (Dokumenty Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-08]
CHR Extension: (Disk Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-08]
CHR Extension: (YouTube) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08]
CHR Extension: (Steam Inventory Helper) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-02-14]
CHR Extension: (Tabulky Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-08]
CHR Extension: (Splinter Search) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho [2017-02-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gndgngmogcnpkcbknmcgpnooljecgadk [2017-02-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-08]
CHR Extension: (Gmail) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation)
R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [43520 2017-02-15] () [File not signed]
S2 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [983040 2017-02-15] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Marťas\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-15] (TODO: <Company name>) [File not signed]
S2 WinSnare; C:\Users\Marťas\AppData\Roaming\WinSnare\WinSnare.dll [779776 2017-02-08] (InterSect Alliance Pty Ltd) [File not signed]
S2 serverss; C:\WINDOWS\Temp\E12D.tmp [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FreshIO; C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [59840 2015-11-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410848 2015-08-13] (Realsil Semiconductor Corporation)
S1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-15 17:14 - 2017-02-15 17:14 - 00014491 _____ C:\Users\Marťas\Desktop\FRST.txt
2017-02-15 17:13 - 2017-02-15 17:14 - 00000000 ____D C:\FRST
2017-02-15 17:13 - 2017-02-15 17:13 - 02422272 _____ (Farbar) C:\Users\Marťas\Desktop\FRST64.exe
2017-02-15 17:13 - 2017-02-15 17:13 - 00112640 _____ (forum.viry.cz) C:\Users\Marťas\Desktop\FRSTLauncher.exe
2017-02-15 14:47 - 2017-02-15 14:47 - 00003744 _____ C:\WINDOWS\System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5}
2017-02-15 14:16 - 2017-02-15 14:16 - 00000000 ___HD C:\$AV_ASW
2017-02-15 14:16 - 2017-02-15 14:16 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG\AppData\Roaming\AVAST Software
2017-02-15 14:15 - 2017-02-15 14:20 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG\AppData\Local\Packages
2017-02-15 14:15 - 2017-02-15 14:20 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG
2017-02-15 14:15 - 2017-02-15 14:15 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVAST Software
2017-02-15 14:11 - 2017-02-15 14:11 - 00000000 ____D C:\Users\Default\AppData\Local\NetworkTiles
2017-02-15 14:11 - 2017-02-15 14:11 - 00000000 ____D C:\Users\Default User\AppData\Local\NetworkTiles
2017-02-15 14:10 - 2017-02-15 14:15 - 00000000 ____D C:\Users\TEMP
2017-02-15 14:08 - 2017-02-15 14:08 - 00000000 ____D C:\Users\Default\winhttp
2017-02-15 13:34 - 2017-02-15 13:34 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\AVAST Software
2017-02-15 13:33 - 2017-02-15 13:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-15 13:22 - 2017-02-15 13:22 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\SMRecorder
2017-02-15 13:21 - 2017-02-15 13:21 - 00000000 ____D C:\Users\Marťas\Documents\SMRecorder
2017-02-15 13:16 - 2017-02-15 13:38 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-15 13:16 - 2017-02-15 13:38 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-15 13:09 - 2017-02-15 13:09 - 00000000 ____D C:\Program Files (x86)\qs4j0wbq
2017-02-15 12:28 - 2017-02-15 12:28 - 00003334 _____ C:\WINDOWS\System32\Tasks\psv_Dentola
2017-02-15 12:27 - 2017-02-15 14:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-15 11:38 - 2017-02-15 11:38 - 00003306 _____ C:\WINDOWS\System32\Tasks\psv_S-it
2017-02-15 11:35 - 2017-02-15 12:31 - 00003658 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-15 11:33 - 2017-02-15 11:33 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Zaamtax
2017-02-15 11:28 - 2017-02-15 11:28 - 00003692 _____ C:\WINDOWS\System32\Tasks\WinTOOL
2017-02-15 11:27 - 2017-02-15 14:45 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0)
2017-02-15 11:27 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\WinSnare
2017-02-15 11:27 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\WinSAPSvc
2017-02-15 11:27 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\wintools
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\MIO
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
2017-02-15 11:26 - 2017-02-15 11:26 - 00003668 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-02-15 11:26 - 2017-02-15 11:26 - 00003354 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-02-15 11:25 - 2017-02-15 13:04 - 00000000 ____D C:\Program Files\qs4j0wbq
2017-02-15 11:25 - 2017-02-15 11:25 - 00034328 _____ (Sysinternals - http://www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-15 11:24 - 2017-02-15 11:24 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Unilax
2017-02-15 08:15 - 2017-02-15 08:15 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-02-15 08:11 - 2017-02-15 14:24 - 00000000 ____D C:\Users\Marťas\AppData\Local\UCBrowser
2017-02-15 08:11 - 2017-02-15 08:11 - 00000000 ____D C:\Users\Marťas\AppData\Local\NoxInsPackFileder
2017-02-15 08:11 - 2017-02-15 08:11 - 00000000 ____D C:\Users\Marťas\AppData\Local\Nox
2017-02-15 08:02 - 2017-02-15 14:46 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-15 07:52 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\xxx
2017-02-15 07:51 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\gplyra
2017-02-15 07:49 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Seznam.cz
2017-02-15 07:48 - 2017-02-15 14:23 - 00000000 ____D C:\Program Files (x86)\ContentPush
2017-02-15 07:47 - 2017-02-15 07:47 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\VDI
2017-02-15 07:45 - 2017-02-15 07:45 - 00000000 ____D C:\ProgramData\078aa905-6553-1
2017-02-15 07:45 - 2017-02-15 07:45 - 00000000 ____D C:\ProgramData\078aa905-0147-0
2017-02-15 07:41 - 2017-02-15 08:17 - 00000000 ____D C:\ProgramData\Logic Handler
2017-02-15 07:41 - 2017-02-15 07:41 - 01938536 _____ C:\Users\Marťas\AppData\Roaming\Y-zap.bin
2017-02-15 07:41 - 2017-02-15 07:41 - 00136827 _____ () C:\Users\Marťas\AppData\Roaming\Dongnix.bin
2017-02-15 07:41 - 2017-02-15 07:41 - 00002398 _____ C:\WINDOWS\SysWOW64\findit.xml
2017-02-15 07:41 - 2017-02-15 07:41 - 00000000 ____D C:\ProgramData\Ronzaps
2017-02-15 07:40 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\Ronzap
2017-02-15 07:40 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-02-15 07:40 - 2017-02-15 07:40 - 07319040 _____ C:\Users\Marťas\AppData\Roaming\agent.dat
2017-02-15 07:40 - 2017-02-15 07:40 - 01908169 _____ C:\Users\Marťas\AppData\Roaming\Mathbam.tst
2017-02-15 07:40 - 2017-02-15 07:40 - 00278518 _____ C:\Users\Marťas\AppData\Roaming\Inch-Lab.bin
2017-02-15 07:40 - 2017-02-15 07:40 - 00126464 _____ C:\Users\Marťas\AppData\Roaming\noah.dat
2017-02-15 07:40 - 2017-02-15 07:40 - 00070752 _____ C:\Users\Marťas\AppData\Roaming\Config.xml
2017-02-15 07:40 - 2017-02-15 07:40 - 00018432 _____ C:\Users\Marťas\AppData\Roaming\Main.dat
2017-02-15 07:40 - 2017-02-15 07:40 - 00005568 _____ C:\Users\Marťas\AppData\Roaming\md.xml
2017-02-15 07:40 - 2017-02-15 07:39 - 00983040 _____ C:\Users\Marťas\AppData\Roaming\Mathbam.exe
2017-02-15 07:39 - 2017-02-15 07:40 - 00019056 _____ C:\Users\Marťas\AppData\Roaming\InstallationConfiguration.xml
2017-02-15 07:39 - 2017-02-15 07:39 - 00140288 _____ C:\Users\Marťas\AppData\Roaming\Installer.dat
2017-02-15 07:39 - 2017-02-15 07:39 - 00001194 _____ C:\Users\Public\Desktop\SMRecorder.lnk
2017-02-15 07:39 - 2017-02-15 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMRecorder
2017-02-15 07:39 - 2017-02-15 07:39 - 00000000 ____D C:\Program Files (x86)\SMRecorder
2017-02-14 22:17 - 2017-02-14 22:18 - 00000270 __RSH C:\Users\Marťas\ntuser.pol
2017-02-14 22:16 - 2017-02-14 22:16 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-14 22:16 - 2017-02-14 22:16 - 00003396 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-02-14 22:16 - 2017-02-14 22:16 - 00003076 _____ C:\WINDOWS\System32\Tasks\Update Service for Youtube AdBlock2
2017-02-14 22:16 - 2017-02-14 22:16 - 00003042 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Marťas)
2017-02-14 22:16 - 2017-02-14 22:16 - 00000368 _____ C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Marťas\AppData\LocalLow\IObit
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Marťas\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\ProgramData\IObit
2017-02-14 22:15 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Public\Thunder Network
2017-02-14 22:15 - 2017-02-14 22:15 - 00000000 ____D C:\ProgramData\Thunder Network
2017-02-14 22:15 - 2017-02-14 22:15 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-14 22:14 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlock
2017-02-14 22:14 - 2017-02-15 11:32 - 00000000 ____D C:\Program Files (x86)\Buluwardatacack
2017-02-14 22:14 - 2017-02-15 08:14 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Grjelyckojule
2017-02-14 22:14 - 2017-02-14 22:15 - 00000000 ____D C:\Users\Marンas\AppData\Local\Ghezeent
2017-02-14 22:14 - 2017-02-14 22:14 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marンas
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\IObit
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marťas\AppData\Local\Ghezeent
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\Coitoy Manager
2017-02-14 22:07 - 2017-02-14 22:26 - 00000000 ____D C:\Users\Marťas\AppData\Local\Dxtory Software
2017-02-14 22:07 - 2017-02-14 22:07 - 00001198 _____ C:\Users\Marťas\Desktop\Dxtory.lnk
2017-02-14 22:07 - 2017-02-14 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2017-02-14 22:07 - 2017-02-14 22:07 - 00000000 ____D C:\Program Files (x86)\ExKode
2017-02-14 22:07 - 2015-08-10 16:00 - 02606144 _____ (ExKode Co. Ltd.) C:\WINDOWS\system32\DxtoryCodec.dll
2017-02-14 22:07 - 2015-08-10 16:00 - 02499648 _____ (ExKode Co. Ltd.) C:\WINDOWS\SysWOW64\DxtoryCodec.dll
2017-02-12 08:16 - 2017-02-12 08:16 - 00002098 _____ C:\Users\Marťas\Desktop\My.com Game Center.lnk
2017-02-12 07:13 - 2017-02-12 07:13 - 00000000 ____D C:\Users\Marťas\AppData\Local\CrashRpt
2017-02-12 06:55 - 2017-02-12 07:12 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-02-12 06:54 - 2017-02-15 15:50 - 00000000 ____D C:\Users\Marťas\AppData\Local\MyComGames
2017-02-11 21:08 - 2017-02-11 21:08 - 00000222 _____ C:\Users\Marťas\Desktop\Warface.url
2017-02-08 17:48 - 2017-02-15 17:14 - 00002556 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-08 17:48 - 2017-02-15 17:14 - 00002544 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 17:46 - 2017-02-08 17:55 - 00000000 ____D C:\Users\Marťas\AppData\Local\Google
2017-02-08 17:46 - 2017-02-08 17:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-06 16:14 - 2017-02-06 16:14 - 00000000 ____D C:\Users\Marťas\AppData\Local\Macromedia
2017-02-06 13:35 - 2017-02-06 13:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-05 00:17 - 2017-02-05 00:19 - 00000000 ____D C:\Users\Marťas\AppData\Local\Adobe
2017-01-25 14:42 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:42 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 14:35 - 2017-01-24 14:35 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\BANDISOFT
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\Users\Marťas\Documents\Bandicam
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\Program Files (x86)\Bandicam
2017-01-23 16:47 - 2017-02-13 08:40 - 00000000 ____D C:\Users\Marťas\Desktop\Plocha
2017-01-18 21:51 - 2017-02-13 08:40 - 00000000 ____D C:\Users\Marťas\Desktop\Lyže

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-15 17:14 - 2016-12-17 16:19 - 00001260 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-15 17:10 - 2016-12-17 16:19 - 00000000 ____D C:\Users\Marťas\AppData\LocalLow\Mozilla
2017-02-15 15:50 - 2016-12-17 16:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-15 14:50 - 2016-12-17 15:55 - 01867170 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-15 14:50 - 2016-07-16 23:25 - 00677242 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-15 14:50 - 2016-07-16 23:25 - 00153510 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-15 14:44 - 2016-12-17 19:46 - 00000000 __SHD C:\Users\Marťas\IntelGraphicsProfiles
2017-02-15 14:44 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-15 14:43 - 2016-12-17 19:50 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-15 14:43 - 2016-12-17 15:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-15 14:40 - 2017-01-09 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreshDevices
2017-02-15 14:40 - 2017-01-09 18:21 - 00000000 ____D C:\Program Files (x86)\FreshDevices
2017-02-15 14:40 - 2016-12-17 16:26 - 00000000 ____D C:\Program Files\Intel
2017-02-15 14:40 - 2016-12-17 16:00 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Skype
2017-02-15 14:40 - 2016-12-17 15:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-15 14:40 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-15 14:37 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-15 14:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-15 14:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 14:24 - 2016-12-17 15:55 - 00000000 ____D C:\Users\Marťas
2017-02-15 14:24 - 2016-12-17 15:51 - 00000000 ____D C:\Users\defaultuser0
2017-02-15 14:15 - 2016-12-17 15:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-15 13:44 - 2016-12-17 15:59 - 00000000 ___RD C:\Users\Marťas\OneDrive
2017-02-15 12:25 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-02-15 12:23 - 2016-12-17 16:28 - 00000436 _____ C:\Users\Marťas\Desktop\Tento počítač.lnk
2017-02-15 07:52 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-14 22:14 - 2016-12-17 15:56 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Adobe
2017-02-14 22:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Škola
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Reniny dorty
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Fotečky
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Epic moments
2017-02-12 22:37 - 2016-11-23 13:59 - 00000000 ____D C:\Games
2017-02-09 14:20 - 2016-12-17 15:56 - 00000000 ____D C:\Users\Marťas\AppData\Local\VirtualStore
2017-02-09 12:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 19:45 - 2016-12-25 09:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-06 15:59 - 2016-12-24 22:46 - 00000222 _____ C:\Users\Marťas\Desktop\Rebel Galaxy.url
2017-02-05 00:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-31 16:34 - 2016-12-17 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-31 16:34 - 2016-12-17 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 15:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2017-02-15 07:40 - 2017-02-15 07:40 - 7319040 _____ () C:\Users\Marťas\AppData\Roaming\agent.dat
2017-02-15 07:51 - 2017-02-15 07:51 - 0023622 _____ () C:\Users\Marťas\AppData\Roaming\aliexpress.ico
2017-02-15 07:50 - 2017-02-15 07:51 - 0099678 _____ () C:\Users\Marťas\AppData\Roaming\booking.ico
2017-02-15 07:40 - 2017-02-15 07:40 - 0070752 _____ () C:\Users\Marťas\AppData\Roaming\Config.xml
2017-02-15 07:41 - 2017-02-15 07:41 - 0136827 _____ () C:\Users\Marťas\AppData\Roaming\Dongnix.bin
2017-02-15 07:40 - 2017-02-15 07:40 - 0278518 _____ () C:\Users\Marťas\AppData\Roaming\Inch-Lab.bin
2017-02-15 07:39 - 2017-02-15 07:40 - 0019056 _____ () C:\Users\Marťas\AppData\Roaming\InstallationConfiguration.xml
2017-02-15 07:39 - 2017-02-15 07:39 - 0140288 _____ () C:\Users\Marťas\AppData\Roaming\Installer.dat
2017-02-15 07:40 - 2017-02-15 07:40 - 0018432 _____ () C:\Users\Marťas\AppData\Roaming\Main.dat
2017-02-15 07:40 - 2017-02-15 07:39 - 0983040 _____ () C:\Users\Marťas\AppData\Roaming\Mathbam.exe
2017-02-15 07:40 - 2017-02-15 07:40 - 1908169 _____ () C:\Users\Marťas\AppData\Roaming\Mathbam.tst
2017-02-15 07:40 - 2017-02-15 07:40 - 0005568 _____ () C:\Users\Marťas\AppData\Roaming\md.xml
2017-02-15 07:40 - 2017-02-15 07:40 - 0126464 _____ () C:\Users\Marťas\AppData\Roaming\noah.dat
2017-02-15 07:42 - 2017-02-15 07:42 - 0001150 _____ () C:\Users\Marťas\AppData\Roaming\uninstall_temp.ico
2017-02-15 07:41 - 2017-02-15 07:41 - 1938536 _____ () C:\Users\Marťas\AppData\Roaming\Y-zap.bin
2016-12-17 16:01 - 2016-12-17 16:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Marťas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe


Some files in TEMP:
====================
2017-02-14 22:14 - 2017-02-14 22:14 - 17628560 _____ (IObit ) C:\Users\Marťas\AppData\Local\Temp\5CCE.tmp.exe
2017-02-15 07:50 - 2017-02-15 07:50 - 1171283 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\8766.tmp.exe
2017-02-14 22:14 - 2017-02-14 22:14 - 2315388 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\AutoTime51495.exe
2013-08-05 07:15 - 2013-08-05 07:15 - 4292136 _____ (http://www.Bandisoft.com) C:\Users\Marťas\AppData\Local\Temp\bdfilters.dll
2017-02-15 07:58 - 2017-02-15 08:00 - 51198352 _____ (UCWeb Inc.) C:\Users\Marťas\AppData\Local\Temp\Browser_V6.0.1121.13_r_4727_(Build1612191708).exe
2017-02-15 08:11 - 2017-02-15 08:11 - 1171283 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\C713.tmp.exe
2017-02-15 07:48 - 2017-02-15 07:48 - 0237624 _____ () C:\Users\Marťas\AppData\Local\Temp\ContentPushSetup.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0550404 _____ () C:\Users\Marťas\AppData\Local\Temp\DBUpdater.exe
2017-02-14 22:14 - 2017-02-14 22:14 - 0075264 _____ () C:\Users\Marťas\AppData\Local\Temp\DriverBoosterSetup.exe
2017-02-14 22:19 - 2003-02-25 13:44 - 0021019 _____ () C:\Users\Marťas\AppData\Local\Temp\guninst.exe
2017-02-15 11:27 - 2017-02-15 11:27 - 26964688 _____ () C:\Users\Marťas\AppData\Local\Temp\inst12.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0983040 _____ () C:\Users\Marťas\AppData\Local\Temp\linker.exe
2017-02-15 07:49 - 2017-02-15 07:49 - 8585520 _____ () C:\Users\Marťas\AppData\Local\Temp\listicka-partner-16194-1.1.8-offline.exe
2017-02-15 08:11 - 2017-02-15 08:11 - 1575048 _____ (Duodian Technology Co. Ltd.) C:\Users\Marťas\AppData\Local\Temp\nox_setup_v3.8.0.0_dl_intl.exe
2016-11-06 09:21 - 2016-11-06 09:21 - 0109568 _____ () C:\Users\Marťas\AppData\Local\Temp\nsu2EFD.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0351232 _____ () C:\Users\Marťas\AppData\Local\Temp\prepreinstaller_win.exe
2007-11-07 15:15 - 2007-11-07 15:15 - 1821192 _____ (Microsoft Corporation) C:\Users\Marťas\AppData\Local\Temp\smd_runtime.exe
2017-02-14 22:13 - 2017-02-14 22:14 - 2984392 _____ () C:\Users\Marťas\AppData\Local\Temp\sys32.exe
2017-02-15 07:42 - 2017-02-15 07:44 - 4446120 _____ () C:\Users\Marťas\AppData\Local\Temp\SystemHealer.exe
2017-02-15 07:48 - 2017-02-15 07:49 - 1821696 _____ () C:\Users\Marťas\AppData\Local\Temp\WindowsUpdateKB12695__7428_il1.exe
2017-02-14 22:13 - 2017-02-14 22:13 - 2560943 _____ () C:\Users\Marťas\AppData\Local\Temp\yt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-14 22:33

==================== End of FRST.txt ============================

Re: Vir po stažení programu na snímaní plochy

Napsal: 15 úno 2017 17:19
od Volny256
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 01
Ran by Marťas (15-02-2017 17:16:04)
Running from C:\Users\Marťas\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-17 14:52:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1626131941-1098701557-2232362238-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1626131941-1098701557-2232362238-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1626131941-1098701557-2232362238-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1626131941-1098701557-2232362238-501 - Limited - Disabled)
Marťas (S-1-5-21-1626131941-1098701557-2232362238-1001 - Administrator - Enabled) => C:\Users\Marťas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.0.1175 - Bandisoft.com)
BikaQ Rss Reader (HKLM-x32\...\{56B2B28A-E663-4D28-84A3-3846068A7D63}) (Version: 1.0.0 - BikaQ)
ContentPush (HKLM-x32\...\ContentPush) (Version: - ) <==== ATTENTION
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Dxtory version 2.0.136 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.136 - ExKode Co. Ltd.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
My.com Game Center (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\MyComGames) (Version: 3.195 - My.com B.V.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
Rebel Galaxy (HKLM\...\Steam App 290300) (Version: - Double Damage Games)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SMRecorder 1.1.9 (HKLM-x32\...\SMRecorder) (Version: 1.1.9 - SMRecorder)
SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Warface (HKLM\...\Steam App 291480) (Version: - Crytek)
Warface My.Com (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Warface My.Com) (Version: 1.27 - My.com B.V.)
World of Tanks (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {110CF65E-5C9E-421F-A2B1-6D2FD30C5C8D} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRssReader\BikaQ.exe [2016-12-06] (IEC)
Task: {2175FBEE-1BBC-4F8B-A98C-1A7AFC6D54A6} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-15] (UC Web Inc.) <==== ATTENTION
Task: {2606F025-A048-4A83-9287-83B63090DFD1} - System32\Tasks\psv_S-it => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Trioflex.reg" & del "C:\ProgramData\Ronzap\Trioflex.reg" & SCHTASKS /Delete /TN "psv_S-it" /F <==== ATTENTION
Task: {8251CAD0-20A2-4770-A0F5-59C63329B24A} - System32\Tasks\psv_Unilax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Volt-Dex.reg" & del "C:\ProgramData\Ronzap\Volt-Dex.reg" & SCHTASKS /Delete /TN "psv_Unilax" /F <==== ATTENTION
Task: {987166B1-06D4-4A3E-996C-1BB63F776906} - System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ronphase\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Ronphase\uninstall.dat" -a uninstallme 525A3CDD-2E1E-455A-AC13-6451B14AD793 DeviceId=bb66f1ad-b56f-4fb3-3283-85b1ecb12e29 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {9D41798C-EF5E-421C-B8A0-64DDA3841A78} - System32\Tasks\psv_Dentola => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\SoftKeytouch.reg" & del "C:\ProgramData\Ronzap\SoftKeytouch.reg" & SCHTASKS /Delete /TN "psv_Dentola" /F <==== ATTENTION
Task: {A06BDBB7-C19F-46CF-8F95-4694D7430CE3} - System32\Tasks\psv_Zaamtax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Xxx-eco.reg" & del "C:\ProgramData\Ronzap\Xxx-eco.reg" & SCHTASKS /Delete /TN "psv_Zaamtax" /F <==== ATTENTION
Task: {B74CD506-C19A-4886-A7A2-D405417E2663} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe [2017-02-15] ()
Task: {CFF66CC4-368E-4675-89E8-7E853157DFE8} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Marťas\AppData\Roaming\Adobe\Manager.exe [2017-02-14] ()
Task: {D91394DA-3B21-4832-9EB2-604E7A03E4D6} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-15] ()
Task: {DD3E22CA-0EA0-41A0-A16D-F31AD7C8CFED} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job =>

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-14 22:14 - 2017-02-14 22:14 - 00307200 _____ () C:\Program Files (x86)\Coitoy Manager\local64spl.dll
2017-02-15 07:40 - 2017-02-15 08:35 - 00043520 _____ () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:21 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:20 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:20 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 13:35 - 2017-02-06 13:35 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-12-17 18:38 - 2016-12-17 18:44 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-02-01 13:16 - 2017-02-01 13:16 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2017-01-25 14:08 - 2017-01-25 14:08 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-17 16:09 - 2016-12-23 19:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-17 16:09 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-17 16:15 - 2017-01-05 04:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-12-17 16:09 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [371912]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2017-02-15 08:05 - 00008603 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.1 - 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5DE2EBB5-5B1A-4CAB-AA4B-5807BAA907E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08A22725-E8AF-421A-9FE2-04C81CD6AC0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9FC27A19-7CCD-4EFB-8E2B-2168212510CC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{676DFBE9-39F6-436A-B555-095CFC2FBDE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F64412CF-C484-47BD-919D-8D41325C2591}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3DEAA16-2D88-469E-A4EA-2499A1AF734B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F17C0C64-452D-439B-B046-160144278057}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3CC2C7B6-47CB-4A89-BE19-38ED8A339FE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6019CAFA-C564-44D9-AFC0-2A9C208E5813}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A9767C93-CEA0-4FC2-B682-1B5F97D29232}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AE095E22-8C5C-46E1-B14D-68D4A2498A12}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{269E2527-3FBC-4DA5-826F-0D2E07228E9B}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1DF0FB93-51A4-459B-BD23-C9748CDFB29C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{03A197A2-CF15-4BAD-ADA1-DAE87D88345D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{7D5EA29D-17FD-477D-A5E5-E98BC0CBE50B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{9A25E597-E220-4FFB-8E26-1C6C758D9FC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F330A79B-523F-4B99-AF25-BA38E8BC48E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{5B93A760-1409-4A6D-842D-EFEE01F6D8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [TCP Query User{246F3508-79FE-4F62-BA3E-BB8266005F7A}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{C6613F0F-3F9F-4008-B787-5FED8B3E6081}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe

==================== Restore Points =========================

31-01-2017 15:10:32 Windows Update
06-02-2017 13:33:54 Windows Update
15-02-2017 07:50:34 Instalační služba modulů systému Windows
15-02-2017 07:51:47 Instalační služba modulů systému Windows
15-02-2017 12:33:30 Operace obnovení

==================== Faulty Device Manager Devices =============

Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2017 02:20:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP.DESKTOP-IMU1TCG>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.

PODROBNOSTI – Adresář není prázdný.

Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.

Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.

Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.

PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.

PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat

Error: (02/15/2017 02:15:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.

PODROBNOSTI – Adresář není prázdný.

Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.

Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.

Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.

PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.

PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat


System errors:
=============
Error: (02/15/2017 03:40:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba WinSnare byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 21600000 milisekund: Restartovat službu.

Error: (02/15/2017 02:47:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IMU1TCG)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli DESKTOP-IMU1TCG\Marťas (SID: S-1-5-21-1626131941-1098701557-2232362238-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2017 02:46:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IMU1TCG)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli DESKTOP-IMU1TCG\Marťas (SID: S-1-5-21-1626131941-1098701557-2232362238-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2017 02:46:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IMU1TCG)
Description: Nastavení oprávnění výchozí pro počítač neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
a APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
uživateli DESKTOP-IMU1TCG\Marťas (SID: S-1-5-21-1626131941-1098701557-2232362238-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy – SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2017 02:44:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2017 02:43:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_39b87 byla ukončena s následující chybou:
Nespecifikovaná chyba

Error: (02/15/2017 02:43:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Intel(R) Content Protection HECI Service byla ukončena s následující chybou:
%%2147942659 = Žádná další data nejsou k dispozici.

Error: (02/15/2017 02:43:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Ronzap neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/15/2017 02:43:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Ronzap bylo dosaženo časového limitu (30000 ms).

Error: (02/15/2017 02:43:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================
Date: 2017-02-15 16:06:06.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 14:44:19.485
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 14:43:08.213
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 14:42:11.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 13:10:31.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 13:10:30.983
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 13:10:30.860
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 13:10:30.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 13:10:30.705
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\wcwfnsjvghnrfrjyu.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 13:10:30.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\wcwfnsjvghnrfrjyu.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 38%
Total physical RAM: 3977.98 MB
Available physical RAM: 2462.03 MB
Total Virtual: 4681.98 MB
Available Virtual: 2573.56 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:449.63 GB) (Free:367.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 042A475B)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Vir po stažení programu na snímaní plochy

Napsal: 15 úno 2017 18:04
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Vir po stažení programu na snímaní plochy

Napsal: 15 úno 2017 20:02
od Volny256
Provedl jsem vše podle Vašeho návodu.
Log:

# AdwCleaner v6.043 - Log vytvořen 15/02/2017 v 19:56:52
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-13.1 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Marťas - DESKTOP-IMU1TCG
# Spuštěno z : C:\Users\Marťas\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: Ronzap
[-] Služba smazána: Nettrans
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ucdrv
[-] Služba smazána: WinSnare


***** [ Složky ] *****

[-] Složka smazána: C:\Program Files (x86)\WinSnare(4.1.0)
[-] Složka smazána: C:\Program Files (x86)\Youtube AdBlock
[-] Složka smazána: C:\ProgramData\078aa905-0147-0
[-] Složka smazána: C:\ProgramData\078aa905-6553-1
[-] Složka smazána: C:\Users\Marťas\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\gplyra
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\VDI
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\WinSAPSvc
[#] Složka smazána po restartu: C:\Users\Marťas\AppData\Roaming\VDI\Shared\Product Updater
[#] Složka smazána po restartu: C:\Users\Marťas\AppData\Roaming\winsapsvc
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\WinSnare
[#] Složka smazána po restartu: C:\ProgramData\Ronzap
[-] Složka smazána: C:\ProgramData\Ronzaps
[-] Složka smazána: C:\ProgramData\Logic Handler
[-] Složka smazána: C:\ProgramData\NetworkPacketManitor
[-] Složka smazána: C:\Program Files (x86)\ContentPush
[#] Složka smazána po restartu: C:\Program Files (x86)\Youtube AdBlock
[-] Složka smazána: C:\Program Files (x86)\MIO
[-] Složka smazána: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Solvusoft
[-] Složka smazána: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
[-] Složka smazána: C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[-] Složka smazána: C:\ProgramData\WinTools
[#] Složka smazána po restartu: C:\Users\Marťas\AppData\Roaming\WinSnare
[#] Složka smazána po restartu: C:\Program Files (x86)\MIO


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\booking.ico
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\aliexpress.ico
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monhost.lnk
[-] Soubor smazán: C:\WINDOWS\SysWoW64\findit.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Adobe\Manager.exe
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\md.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Config.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\noah.dat
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Installer.dat
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\InstallationConfiguration.xml
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\Main.dat
[-] Soubor smazán: C:\Users\Marťas\AppData\Roaming\agent.dat


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****

[-] Úloha smazána: Update Service for Youtube AdBlock2
[-] Úloha smazána: WinTOOL
[-] Úloha smazána: Microsoft\Windows\Multimedia\Manager
[-] Úloha smazána: UCBrowserSecureUpdater
[-] Úloha smazána: Milimili


***** [ Registry ] *****

[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKU\.DEFAULT\Software\jhdbca
[-] Klíč smazán: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Installer
[-] Klíč smazán: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\AutoTime
[-] Klíč smazán: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\dlr
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\jhdbca
[#] Klíč smazán po restartu: HKCU\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\AutoTime
[#] Klíč smazán po restartu: HKCU\Software\dlr
[-] Klíč smazán: HKLM\SOFTWARE\mtRonzap
[-] Klíč smazán: HKLM\SOFTWARE\trotuxSoftware
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentPush
[#] Klíč smazán po restartu: [x64] HKCU\Software\Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\AutoTime
[#] Klíč smazán po restartu: [x64] HKCU\Software\dlr
[-] Klíč smazán: [x64] HKLM\SOFTWARE\jhdbca
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] C:\WINDOWS\system32\userinit.exe,
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] C:\WINDOWS\system32\userinit.exe,
[-] Hodnota smazána: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Windows\CurrentVersion\Run [produpd]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [produpd]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [produpd]
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Klíč smazán: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Hodnota smazána: HKCU\Environment [SNF]
[-] Hodnota smazána: HKCU\Environment [SNP]
[#] Klíč smazán po restartu: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
[-] Klíč smazán: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
[#] Klíč smazán po restartu: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Klíč smazán po restartu: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Klíč smazán po restartu: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7387 Bajty] - [15/02/2017 19:56:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [7255 Bajty] - [15/02/2017 19:47:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [7330 Bajty] - [15/02/2017 19:51:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7606 Bajty] ##########

Re: Vir po stažení programu na snímaní plochy

Napsal: 15 úno 2017 20:26
od Rudy
Dejte nový log FRST.

Re: Vir po stažení programu na snímaní plochy

Napsal: 16 úno 2017 16:13
od Volny256
Log-FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Marťas (administrator) on DESKTOP-IMU1TCG (16-02-2017 13:58:47)
Running from C:\Users\Marťas\Desktop
Loaded Profiles: Marťas (Available Profiles: defaultuser0 & Marťas)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-12-17] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-10] (ELAN Microelectronics Corp.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [GoogleChromeAutoLaunch_F2169D7533533C5932816DA6EE4B0D3B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [MyComGames] => C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe [5013392 2017-02-14] (MY.COM B.V.) <===== ATTENTION
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKLM\...\Providers\qs4j0wbq: C:\Program Files (x86)\Coitoy Manager\local64spl.dll [307200 2017-02-14] ()
ShellExecuteHooks: No Name - {8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} - C:\Users\Marťas\AppData\Roaming\Grjelyckojule\Coosak.dll -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{02c273f3-199c-452b-9e83-6cf7b4ac56ca}: [DhcpNameServer] 10.0.0.1 10.0.1.1
Tcpip\..\Interfaces\{03d29909-5cf5-4c48-9d1c-6d0c9b13c62d}: [DhcpNameServer] 10.0.0.1 10.0.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXN4MEBW77F2Ugl1z3UZCMgBCEU8cegflI9J2ph4-6lx77xh9b13Cx9zjSzaujmqg3qN89znXixBXCRYlNoNaPJzhF3kt&q={searchTerms}
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2IWFP54W9OijJ_IQ1WqfBrLNdF4ChiGQISBE4zK4ob06DMOLaW1-CfbQjUZHr7oXNK-9KXdsNt4TNE5gx242qujwVNkv7VFQPatKgidUULgpokjiR3t_QNSkGSP9oKoVCfMXQBx0uNbS8L36e0FA8kWLIom
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001 -> DefaultScope {ielnksrch} URL =

FireFox:
========
FF DefaultProfile: pjvuic15.default
FF ProfilePath: C:\Users\Marťas\AppData\Roaming\Mozilla\Firefox\Profiles\pjvuic15.default [2017-02-16]
FF NewTab: Mozilla\Firefox\Profiles\pjvuic15.default -> C:\\ProgramData\\Ronzaps\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\pjvuic15.default -> hxxps://www.seznam.cz/
FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2017-02-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-1626131941-1098701557-2232362238-1001: @my.com/Games -> C:\Users\Marťas\AppData\Local\MyComGames\NPMyComDetector.dll [2017-02-12] (MY.COM B.V.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}& ... UH&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-16] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-08]
CHR Extension: (Dokumenty Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-08]
CHR Extension: (Disk Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-08]
CHR Extension: (YouTube) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08]
CHR Extension: (Steam Inventory Helper) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-02-14]
CHR Extension: (Tabulky Google) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-08]
CHR Extension: (Splinter Search) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho [2017-02-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gndgngmogcnpkcbknmcgpnooljecgadk [2017-02-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-08]
CHR Extension: (Gmail) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 serverss; C:\WINDOWS\Temp\E12D.tmp [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FreshIO; C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [59840 2015-11-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410848 2015-08-13] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 13:58 - 2017-02-16 14:00 - 00012281 _____ C:\Users\Marťas\Desktop\FRST.txt
2017-02-16 13:58 - 2017-02-16 13:58 - 00000000 ____D C:\Users\Marťas\Desktop\FRST-OlderVersion
2017-02-16 06:26 - 2017-02-16 06:26 - 00000000 ___HD C:\OneDriveTemp
2017-02-15 19:43 - 2017-02-15 19:56 - 00000000 ____D C:\AdwCleaner
2017-02-15 17:13 - 2017-02-16 13:58 - 02422272 _____ (Farbar) C:\Users\Marťas\Desktop\FRST64.exe
2017-02-15 17:13 - 2017-02-16 13:58 - 00000000 ____D C:\FRST
2017-02-15 14:47 - 2017-02-15 14:47 - 00003744 _____ C:\WINDOWS\System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5}
2017-02-15 14:16 - 2017-02-15 14:16 - 00000000 ___HD C:\$AV_ASW
2017-02-15 14:16 - 2017-02-15 14:16 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG\AppData\Roaming\AVAST Software
2017-02-15 14:15 - 2017-02-15 14:20 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG\AppData\Local\Packages
2017-02-15 14:15 - 2017-02-15 14:20 - 00000000 ____D C:\Users\TEMP.DESKTOP-IMU1TCG
2017-02-15 14:15 - 2017-02-15 14:15 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVAST Software
2017-02-15 14:11 - 2017-02-15 14:11 - 00000000 ____D C:\Users\Default\AppData\Local\NetworkTiles
2017-02-15 14:11 - 2017-02-15 14:11 - 00000000 ____D C:\Users\Default User\AppData\Local\NetworkTiles
2017-02-15 14:10 - 2017-02-15 14:15 - 00000000 ____D C:\Users\TEMP
2017-02-15 14:08 - 2017-02-15 14:08 - 00000000 ____D C:\Users\Default\winhttp
2017-02-15 13:34 - 2017-02-15 13:34 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\AVAST Software
2017-02-15 13:33 - 2017-02-15 13:33 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-15 13:22 - 2017-02-15 13:22 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\SMRecorder
2017-02-15 13:21 - 2017-02-15 13:21 - 00000000 ____D C:\Users\Marťas\Documents\SMRecorder
2017-02-15 13:16 - 2017-02-15 13:38 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-15 13:16 - 2017-02-15 13:38 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-15 13:09 - 2017-02-15 13:09 - 00000000 ____D C:\Program Files (x86)\qs4j0wbq
2017-02-15 12:28 - 2017-02-15 12:28 - 00003334 _____ C:\WINDOWS\System32\Tasks\psv_Dentola
2017-02-15 12:27 - 2017-02-15 14:40 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-15 11:38 - 2017-02-15 11:38 - 00003306 _____ C:\WINDOWS\System32\Tasks\psv_S-it
2017-02-15 11:35 - 2017-02-15 12:31 - 00003658 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-15 11:33 - 2017-02-15 11:33 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Zaamtax
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-02-15 11:26 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
2017-02-15 11:26 - 2017-02-15 11:26 - 00003354 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-02-15 11:25 - 2017-02-15 13:04 - 00000000 ____D C:\Program Files\qs4j0wbq
2017-02-15 11:25 - 2017-02-15 11:25 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-15 11:24 - 2017-02-15 11:24 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Unilax
2017-02-15 08:11 - 2017-02-15 14:24 - 00000000 ____D C:\Users\Marťas\AppData\Local\UCBrowser
2017-02-15 08:11 - 2017-02-15 08:11 - 00000000 ____D C:\Users\Marťas\AppData\Local\NoxInsPackFileder
2017-02-15 08:11 - 2017-02-15 08:11 - 00000000 ____D C:\Users\Marťas\AppData\Local\Nox
2017-02-15 08:02 - 2017-02-15 14:46 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-02-15 07:52 - 2017-02-15 14:40 - 00000000 ____D C:\Program Files (x86)\xxx
2017-02-15 07:49 - 2017-02-15 14:40 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Seznam.cz
2017-02-15 07:41 - 2017-02-15 07:41 - 01938536 _____ C:\Users\Marťas\AppData\Roaming\Y-zap.bin
2017-02-15 07:41 - 2017-02-15 07:41 - 00136827 _____ () C:\Users\Marťas\AppData\Roaming\Dongnix.bin
2017-02-15 07:40 - 2017-02-15 19:57 - 00000000 ____D C:\ProgramData\Ronzap
2017-02-15 07:40 - 2017-02-15 07:40 - 01908169 _____ C:\Users\Marťas\AppData\Roaming\Mathbam.tst
2017-02-15 07:40 - 2017-02-15 07:40 - 00278518 _____ C:\Users\Marťas\AppData\Roaming\Inch-Lab.bin
2017-02-15 07:40 - 2017-02-15 07:39 - 00983040 _____ C:\Users\Marťas\AppData\Roaming\Mathbam.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 00001194 _____ C:\Users\Public\Desktop\SMRecorder.lnk
2017-02-15 07:39 - 2017-02-15 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMRecorder
2017-02-15 07:39 - 2017-02-15 07:39 - 00000000 ____D C:\Program Files (x86)\SMRecorder
2017-02-14 22:17 - 2017-02-14 22:18 - 00000270 __RSH C:\Users\Marťas\ntuser.pol
2017-02-14 22:16 - 2017-02-14 22:16 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-14 22:16 - 2017-02-14 22:16 - 00003396 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-02-14 22:16 - 2017-02-14 22:16 - 00003042 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Marťas)
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Marťas\AppData\LocalLow\IObit
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-14 22:16 - 2017-02-14 22:16 - 00000000 ____D C:\ProgramData\IObit
2017-02-14 22:15 - 2017-02-14 22:16 - 00000000 ____D C:\Users\Public\Thunder Network
2017-02-14 22:15 - 2017-02-14 22:15 - 00000000 ____D C:\ProgramData\Thunder Network
2017-02-14 22:15 - 2017-02-14 22:15 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-14 22:14 - 2017-02-15 11:32 - 00000000 ____D C:\Program Files (x86)\Buluwardatacack
2017-02-14 22:14 - 2017-02-15 08:14 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Grjelyckojule
2017-02-14 22:14 - 2017-02-14 22:15 - 00000000 ____D C:\Users\Marンas\AppData\Local\Ghezeent
2017-02-14 22:14 - 2017-02-14 22:14 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marンas
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\IObit
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Users\Marťas\AppData\Local\Ghezeent
2017-02-14 22:14 - 2017-02-14 22:14 - 00000000 ____D C:\Program Files (x86)\Coitoy Manager
2017-02-14 22:07 - 2017-02-14 22:26 - 00000000 ____D C:\Users\Marťas\AppData\Local\Dxtory Software
2017-02-14 22:07 - 2017-02-14 22:07 - 00001198 _____ C:\Users\Marťas\Desktop\Dxtory.lnk
2017-02-14 22:07 - 2017-02-14 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2017-02-14 22:07 - 2017-02-14 22:07 - 00000000 ____D C:\Program Files (x86)\ExKode
2017-02-14 22:07 - 2015-08-10 16:00 - 02606144 _____ (ExKode Co. Ltd.) C:\WINDOWS\system32\DxtoryCodec.dll
2017-02-14 22:07 - 2015-08-10 16:00 - 02499648 _____ (ExKode Co. Ltd.) C:\WINDOWS\SysWOW64\DxtoryCodec.dll
2017-02-12 08:16 - 2017-02-12 08:16 - 00002098 _____ C:\Users\Marťas\Desktop\My.com Game Center.lnk
2017-02-12 07:13 - 2017-02-12 07:13 - 00000000 ____D C:\Users\Marťas\AppData\Local\CrashRpt
2017-02-12 06:55 - 2017-02-12 07:12 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2017-02-12 06:54 - 2017-02-16 13:28 - 00000000 ____D C:\Users\Marťas\AppData\Local\MyComGames
2017-02-11 21:08 - 2017-02-11 21:08 - 00000222 _____ C:\Users\Marťas\Desktop\Warface.url
2017-02-08 17:48 - 2017-02-16 13:58 - 00002556 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-08 17:48 - 2017-02-16 13:58 - 00002544 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 17:46 - 2017-02-08 17:55 - 00000000 ____D C:\Users\Marťas\AppData\Local\Google
2017-02-08 17:46 - 2017-02-08 17:47 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-06 16:14 - 2017-02-06 16:14 - 00000000 ____D C:\Users\Marťas\AppData\Local\Macromedia
2017-02-06 13:35 - 2017-02-06 13:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-05 00:17 - 2017-02-05 00:19 - 00000000 ____D C:\Users\Marťas\AppData\Local\Adobe
2017-01-25 14:42 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:42 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 14:35 - 2017-01-24 14:35 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\BANDISOFT
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\Users\Marťas\Documents\Bandicam
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2017-01-24 14:34 - 2017-01-24 14:34 - 00000000 ____D C:\Program Files (x86)\Bandicam
2017-01-23 16:47 - 2017-02-13 08:40 - 00000000 ____D C:\Users\Marťas\Desktop\Plocha
2017-01-18 21:51 - 2017-02-13 08:40 - 00000000 ____D C:\Users\Marťas\Desktop\Lyže

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 13:58 - 2016-12-17 16:19 - 00001260 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-16 13:28 - 2016-12-17 16:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-16 13:28 - 2016-12-17 15:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-16 13:05 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 13:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-16 13:00 - 2016-12-17 16:19 - 00000000 ____D C:\Users\Marťas\AppData\LocalLow\Mozilla
2017-02-16 06:27 - 2016-12-17 16:00 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Skype
2017-02-16 06:26 - 2016-12-17 19:46 - 00000000 __SHD C:\Users\Marťas\IntelGraphicsProfiles
2017-02-16 06:26 - 2016-12-17 15:59 - 00000000 ___RD C:\Users\Marťas\OneDrive
2017-02-15 20:03 - 2016-12-17 15:55 - 01895820 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-15 20:03 - 2016-07-16 23:25 - 00692040 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-15 20:03 - 2016-07-16 23:25 - 00157910 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-15 19:58 - 2016-12-17 15:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-15 19:57 - 2016-07-16 07:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-02-15 19:56 - 2016-12-17 15:56 - 00000000 ____D C:\Users\Marťas\AppData\Roaming\Adobe
2017-02-15 14:43 - 2016-12-17 19:50 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-15 14:40 - 2017-01-09 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreshDevices
2017-02-15 14:40 - 2017-01-09 18:21 - 00000000 ____D C:\Program Files (x86)\FreshDevices
2017-02-15 14:40 - 2016-12-17 16:26 - 00000000 ____D C:\Program Files\Intel
2017-02-15 14:40 - 2016-12-17 15:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-15 14:40 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-15 14:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-15 14:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 14:24 - 2016-12-17 15:55 - 00000000 ____D C:\Users\Marťas
2017-02-15 14:24 - 2016-12-17 15:51 - 00000000 ____D C:\Users\defaultuser0
2017-02-15 12:23 - 2016-12-17 16:28 - 00000436 _____ C:\Users\Marťas\Desktop\Tento počítač.lnk
2017-02-15 07:52 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-14 22:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Škola
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Reniny dorty
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Fotečky
2017-02-13 08:40 - 2016-12-17 16:57 - 00000000 ____D C:\Users\Marťas\Desktop\Epic moments
2017-02-12 22:37 - 2016-11-23 13:59 - 00000000 ____D C:\Games
2017-02-09 14:20 - 2016-12-17 15:56 - 00000000 ____D C:\Users\Marťas\AppData\Local\VirtualStore
2017-02-09 12:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-06 19:45 - 2016-12-25 09:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-06 15:59 - 2016-12-24 22:46 - 00000222 _____ C:\Users\Marťas\Desktop\Rebel Galaxy.url
2017-02-05 00:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-31 16:34 - 2016-12-17 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-31 16:34 - 2016-12-17 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 15:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2017-02-15 07:41 - 2017-02-15 07:41 - 0136827 _____ () C:\Users\Marťas\AppData\Roaming\Dongnix.bin
2017-02-15 07:40 - 2017-02-15 07:40 - 0278518 _____ () C:\Users\Marťas\AppData\Roaming\Inch-Lab.bin
2017-02-15 07:40 - 2017-02-15 07:39 - 0983040 _____ () C:\Users\Marťas\AppData\Roaming\Mathbam.exe
2017-02-15 07:40 - 2017-02-15 07:40 - 1908169 _____ () C:\Users\Marťas\AppData\Roaming\Mathbam.tst
2017-02-15 07:42 - 2017-02-15 07:42 - 0001150 _____ () C:\Users\Marťas\AppData\Roaming\uninstall_temp.ico
2017-02-15 07:41 - 2017-02-15 07:41 - 1938536 _____ () C:\Users\Marťas\AppData\Roaming\Y-zap.bin
2016-12-17 16:01 - 2016-12-17 16:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe


Some files in TEMP:
====================
2017-02-14 22:14 - 2017-02-14 22:14 - 17628560 _____ (IObit ) C:\Users\Marťas\AppData\Local\Temp\5CCE.tmp.exe
2017-02-15 07:50 - 2017-02-15 07:50 - 1171283 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\8766.tmp.exe
2017-02-14 22:14 - 2017-02-14 22:14 - 2315388 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\AutoTime51495.exe
2013-08-05 07:15 - 2013-08-05 07:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\Marťas\AppData\Local\Temp\bdfilters.dll
2017-02-15 07:58 - 2017-02-15 08:00 - 51198352 _____ (UCWeb Inc.) C:\Users\Marťas\AppData\Local\Temp\Browser_V6.0.1121.13_r_4727_(Build1612191708).exe
2017-02-15 08:11 - 2017-02-15 08:11 - 1171283 _____ ( ) C:\Users\Marťas\AppData\Local\Temp\C713.tmp.exe
2017-02-15 07:48 - 2017-02-15 07:48 - 0237624 _____ () C:\Users\Marťas\AppData\Local\Temp\ContentPushSetup.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0550404 _____ () C:\Users\Marťas\AppData\Local\Temp\DBUpdater.exe
2017-02-14 22:14 - 2017-02-14 22:14 - 0075264 _____ () C:\Users\Marťas\AppData\Local\Temp\DriverBoosterSetup.exe
2017-02-14 22:19 - 2003-02-25 13:44 - 0021019 _____ () C:\Users\Marťas\AppData\Local\Temp\guninst.exe
2017-02-15 11:27 - 2017-02-15 11:27 - 26964688 _____ () C:\Users\Marťas\AppData\Local\Temp\inst12.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0983040 _____ () C:\Users\Marťas\AppData\Local\Temp\linker.exe
2017-02-15 07:49 - 2017-02-15 07:49 - 8585520 _____ () C:\Users\Marťas\AppData\Local\Temp\listicka-partner-16194-1.1.8-offline.exe
2017-02-15 08:11 - 2017-02-15 08:11 - 1575048 _____ (Duodian Technology Co. Ltd.) C:\Users\Marťas\AppData\Local\Temp\nox_setup_v3.8.0.0_dl_intl.exe
2016-11-06 09:21 - 2016-11-06 09:21 - 0109568 _____ () C:\Users\Marťas\AppData\Local\Temp\nsu2EFD.exe
2017-02-15 07:39 - 2017-02-15 07:39 - 0351232 _____ () C:\Users\Marťas\AppData\Local\Temp\prepreinstaller_win.exe
2007-11-07 15:15 - 2007-11-07 15:15 - 1821192 _____ (Microsoft Corporation) C:\Users\Marťas\AppData\Local\Temp\smd_runtime.exe
2017-02-14 22:13 - 2017-02-14 22:14 - 2984392 _____ () C:\Users\Marťas\AppData\Local\Temp\sys32.exe
2017-02-15 07:42 - 2017-02-15 07:44 - 4446120 _____ () C:\Users\Marťas\AppData\Local\Temp\SystemHealer.exe
2017-02-15 07:48 - 2017-02-15 07:49 - 1821696 _____ () C:\Users\Marťas\AppData\Local\Temp\WindowsUpdateKB12695__7428_il1.exe
2017-02-14 22:13 - 2017-02-14 22:13 - 2560943 _____ () C:\Users\Marťas\AppData\Local\Temp\yt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-14 22:33

==================== End of FRST.txt ============================

Re: Vir po stažení programu na snímaní plochy

Napsal: 16 úno 2017 16:14
od Volny256
Log-Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Marťas (16-02-2017 14:01:12)
Running from C:\Users\Marťas\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-17 14:52:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1626131941-1098701557-2232362238-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1626131941-1098701557-2232362238-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1626131941-1098701557-2232362238-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1626131941-1098701557-2232362238-501 - Limited - Disabled)
Marťas (S-1-5-21-1626131941-1098701557-2232362238-1001 - Administrator - Enabled) => C:\Users\Marťas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.3.0.1175 - Bandisoft.com)
BikaQ Rss Reader (HKLM-x32\...\{56B2B28A-E663-4D28-84A3-3846068A7D63}) (Version: 1.0.0 - BikaQ)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Dxtory version 2.0.136 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.136 - ExKode Co. Ltd.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
My.com Game Center (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\MyComGames) (Version: 3.195 - My.com B.V.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
Rebel Galaxy (HKLM\...\Steam App 290300) (Version: - Double Damage Games)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SMRecorder 1.1.9 (HKLM-x32\...\SMRecorder) (Version: 1.1.9 - SMRecorder)
SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Warface (HKLM\...\Steam App 291480) (Version: - Crytek)
Warface My.Com (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Warface My.Com) (Version: 1.27 - My.com B.V.)
World of Tanks (HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {110CF65E-5C9E-421F-A2B1-6D2FD30C5C8D} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRssReader\BikaQ.exe [2016-12-06] (IEC)
Task: {2606F025-A048-4A83-9287-83B63090DFD1} - System32\Tasks\psv_S-it => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Trioflex.reg" & del "C:\ProgramData\Ronzap\Trioflex.reg" & SCHTASKS /Delete /TN "psv_S-it" /F <==== ATTENTION
Task: {8251CAD0-20A2-4770-A0F5-59C63329B24A} - System32\Tasks\psv_Unilax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Volt-Dex.reg" & del "C:\ProgramData\Ronzap\Volt-Dex.reg" & SCHTASKS /Delete /TN "psv_Unilax" /F <==== ATTENTION
Task: {987166B1-06D4-4A3E-996C-1BB63F776906} - System32\Tasks\{FF362657-05F5-418A-B833-872C21AA43F5} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ronphase\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Ronphase\uninstall.dat" -a uninstallme 525A3CDD-2E1E-455A-AC13-6451B14AD793 DeviceId=bb66f1ad-b56f-4fb3-3283-85b1ecb12e29 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {9D41798C-EF5E-421C-B8A0-64DDA3841A78} - System32\Tasks\psv_Dentola => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\SoftKeytouch.reg" & del "C:\ProgramData\Ronzap\SoftKeytouch.reg" & SCHTASKS /Delete /TN "psv_Dentola" /F <==== ATTENTION
Task: {A06BDBB7-C19F-46CF-8F95-4694D7430CE3} - System32\Tasks\psv_Zaamtax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Xxx-eco.reg" & del "C:\ProgramData\Ronzap\Xxx-eco.reg" & SCHTASKS /Delete /TN "psv_Zaamtax" /F <==== ATTENTION
Task: {DD3E22CA-0EA0-41A0-A16D-F31AD7C8CFED} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Marťas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\MARAS~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/

==================== Loaded Modules (Whitelisted) ==============

2017-02-14 22:14 - 2017-02-14 22:14 - 00307200 _____ () C:\Program Files (x86)\Coitoy Manager\local64spl.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 15:21 - 2016-12-17 15:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:21 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:20 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:20 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:20 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-08 17:48 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-08 17:48 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 13:35 - 2017-02-06 13:35 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 13:35 - 2017-02-06 13:35 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-12-17 18:38 - 2016-12-17 18:44 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-12-17 18:38 - 2016-12-17 18:44 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-02-01 13:16 - 2017-02-01 13:16 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2017-02-16 13:04 - 2017-02-16 13:04 - 03865088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-17 16:09 - 2016-12-23 19:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-17 16:09 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-17 16:09 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-17 16:09 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-17 16:15 - 2017-01-05 04:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-17 16:09 - 2017-01-19 02:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [371912]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2017-02-15 08:05 - 00008603 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marťas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.1 - 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5DE2EBB5-5B1A-4CAB-AA4B-5807BAA907E9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08A22725-E8AF-421A-9FE2-04C81CD6AC0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9FC27A19-7CCD-4EFB-8E2B-2168212510CC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{676DFBE9-39F6-436A-B555-095CFC2FBDE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F64412CF-C484-47BD-919D-8D41325C2591}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3DEAA16-2D88-469E-A4EA-2499A1AF734B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F17C0C64-452D-439B-B046-160144278057}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3CC2C7B6-47CB-4A89-BE19-38ED8A339FE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6019CAFA-C564-44D9-AFC0-2A9C208E5813}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A9767C93-CEA0-4FC2-B682-1B5F97D29232}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AE095E22-8C5C-46E1-B14D-68D4A2498A12}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{269E2527-3FBC-4DA5-826F-0D2E07228E9B}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{1DF0FB93-51A4-459B-BD23-C9748CDFB29C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{03A197A2-CF15-4BAD-ADA1-DAE87D88345D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{7D5EA29D-17FD-477D-A5E5-E98BC0CBE50B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe
FirewallRules: [{9A25E597-E220-4FFB-8E26-1C6C758D9FC9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F330A79B-523F-4B99-AF25-BA38E8BC48E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [{5B93A760-1409-4A6D-842D-EFEE01F6D8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe
FirewallRules: [TCP Query User{246F3508-79FE-4F62-BA3E-BB8266005F7A}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [UDP Query User{C6613F0F-3F9F-4008-B787-5FED8B3E6081}C:\users\marťas\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\marťas\appdata\local\mycomgames\mycomgames.exe

==================== Restore Points =========================

31-01-2017 15:10:32 Windows Update
06-02-2017 13:33:54 Windows Update
15-02-2017 07:50:34 Instalační služba modulů systému Windows
15-02-2017 07:51:47 Instalační služba modulů systému Windows
15-02-2017 12:33:30 Operace obnovení

==================== Faulty Device Manager Devices =============

Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2017 02:20:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP.DESKTOP-IMU1TCG>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.

PODROBNOSTI – Adresář není prázdný.

Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.

Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.

Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.

PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Error: (02/15/2017 02:15:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.

PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat

Error: (02/15/2017 02:15:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Systém Windows nemůže odstranit adresář profilů <C:\Users\TEMP>. Může to být způsobeno tím, že soubory v tomto adresáři jsou používány jiným programem.

PODROBNOSTI – Adresář není prázdný.

Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže nalézt místní profil. Budete přihlášeni pomocí dočasného profilu. Změny profilu budou při vašem odhlášení ztraceny.

Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: DESKTOP-IMU1TCG)
Description: Systém Windows zálohoval profil tohoto uživatele. Systém se automaticky pokusí použít zazálohovaný profil při příštím přihlášení uživatele.

Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: DESKTOP-IMU1TCG)
Description: Systém Windows nemůže načíst místně uložený profil. Možné příčiny této chyby zahrnují nedostatečná zabezpečovací práva nebo poškozený místní profil.

PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Error: (02/15/2017 02:10:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Systém Windows nemohl načíst registr. Tento problém je často způsoben nedostatkem paměti nebo nedostatečnými zabezpečovacími právy.

PODROBNOSTI – Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
pro: C:\Users\Marťas\ntuser.dat


System errors:
=============
Error: (02/16/2017 07:09:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/16/2017 06:26:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_4fece3 byla ukončena s následující chybou:
Nespecifikovaná chyba

Error: (02/16/2017 06:26:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/16/2017 06:26:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2017 10:44:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2017 10:01:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2017 09:04:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
a APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2017 07:58:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2017 07:58:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/15/2017 07:58:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba CDPUserSvc_2e739 byla ukončena s následující chybou:
Nespecifikovaná chyba


CodeIntegrity:
===================================
Date: 2017-02-15 19:44:39.091
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 17:55:19.870
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 16:06:06.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 14:44:19.485
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 14:43:08.213
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 14:42:11.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 13:10:31.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 13:10:30.983
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\lqjippcrdamlpyo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 13:10:30.860
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-15 13:10:30.781
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Marťas\AppData\Local\Temp\bk6A1.tmp\stwzbnkdpdfvyp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 38%
Total physical RAM: 3977.98 MB
Available physical RAM: 2429.22 MB
Total Virtual: 4681.98 MB
Available Virtual: 2580.94 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:449.63 GB) (Free:367.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 042A475B)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Vir po stažení programu na snímaní plochy

Napsal: 16 úno 2017 18:40
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION
Task: {2606F025-A048-4A83-9287-83B63090DFD1} - System32\Tasks\psv_S-it => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Trioflex.reg" & del "C:\ProgramData\Ronzap\Trioflex.reg" & SCHTASKS /Delete /TN "psv_S-it" /F <==== ATTENTION
Task: {8251CAD0-20A2-4770-A0F5-59C63329B24A} - System32\Tasks\psv_Unilax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Volt-Dex.reg" & del "C:\ProgramData\Ronzap\Volt-Dex.reg" & SCHTASKS /Delete /TN "psv_Unilax" /F <==== ATTENTION
Task: {9D41798C-EF5E-421C-B8A0-64DDA3841A78} - System32\Tasks\psv_Dentola => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\SoftKeytouch.reg" & del "C:\ProgramData\Ronzap\SoftKeytouch.reg" & SCHTASKS /Delete /TN "psv_Dentola" /F <==== ATTENTION
Task: {A06BDBB7-C19F-46CF-8F95-4694D7430CE3} - System32\Tasks\psv_Zaamtax => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Xxx-eco.reg" & del "C:\ProgramData\Ronzap\Xxx-eco.reg" & SCHTASKS /Delete /TN "psv_Zaamtax" /F <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [371912]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1213218]
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\...\Run: [MyComGames] => C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe [5013392 2017-02-14] (MY.COM B.V.) <===== ATTENTION
ShellExecuteHooks: No Name - {8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} - C:\Users\Marťas\AppData\Roaming\Grjelyckojule\Coosak.dll -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... JzhF3kt&q={searchTerms}
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%73%6E%61%70%64%6F ... 0FA8kWLIom
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1626131941-1098701557-2232362238-1001 -> DefaultScope {ielnksrch} URL =
CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=0193a36a0277fe ... UH&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=0193a36a0277feb42dd07 ... UH&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}& ... UH&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-16] <==== ATTENTION
S2 serverss; C:\WINDOWS\Temp\E12D.tmp [X]
C:\WINDOWS\LastGood.Tmp
C:\Program Files\qs4j0wbq
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\ProgramData\DP45977C.lfl
C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe
C:\Users\Marťas\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Vir po stažení programu na snímaní plochy

Napsal: 16 úno 2017 19:58
od Volny256
Log

EmptyTemp:
End
*****************

SnapDo (HKLM-x32\...\{525A3CDD-2E1E-455A-AC13-6451B14AD793}) (Version: 1.0.0.0 - Resoft) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2606F025-A048-4A83-9287-83B63090DFD1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2606F025-A048-4A83-9287-83B63090DFD1} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_S-it => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_S-it => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8251CAD0-20A2-4770-A0F5-59C63329B24A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8251CAD0-20A2-4770-A0F5-59C63329B24A} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Unilax => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Unilax => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D41798C-EF5E-421C-B8A0-64DDA3841A78} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D41798C-EF5E-421C-B8A0-64DDA3841A78} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Dentola => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Dentola => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A06BDBB7-C19F-46CF-8F95-4694D7430CE3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A06BDBB7-C19F-46CF-8F95-4694D7430CE3} => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Zaamtax => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Zaamtax => key removed successfully
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully
C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS removed successfully.
C:\WINDOWS\system32\drivers => ":x64" ADS removed successfully.
C:\WINDOWS\system32\drivers => ":x86" ADS removed successfully.
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MyComGames => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} => value removed successfully
HKCR\CLSID\{8A2A2C62-EEB8-11E6-9AB6-64006A5CFC23} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1626131941-1098701557-2232362238-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Marťas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\serverss => key removed successfully
serverss => service removed successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
C:\Program Files\qs4j0wbq => moved successfully
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Marťas\AppData\Local\MyComGames\MyComGames.exe => moved successfully

"C:\Users\Marťas\AppData\Local\Temp" folder move:

Could not move "C:\Users\Marťas\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 39624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34085511 B
Java, Flash, Steam htmlcache => 736 B
Windows/system/drivers => 68630458 B
Edge => 71432471 B
Chrome => 0 B
Firefox => 107636056 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 794 B
NetworkService => 0 B
defaultuser0 => 7296 B
Marťas => 1260544527 B

RecycleBin => 24368595 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-02-2017 19:55:33)

C:\Users\Marťas\AppData\Local\Temp => moved successfully

==== End of Fixlog 19:55:36 ====

Re: Vir po stažení programu na snímaní plochy

Napsal: 16 úno 2017 20:01
od Rudy
Smazáno. Nastala nějaká změna?

Re: Vir po stažení programu na snímaní plochy

Napsal: 16 úno 2017 21:14
od Volny256
Vše je už v pohodě, děkuji za pomoc.

Re: Vir po stažení programu na snímaní plochy

Napsal: 16 úno 2017 21:16
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz