I tu něco najdem

[Alonzop]

Zdravím Všechny, i ty ostatní. Obzvláště Guru Rudyho

ADW našlo 11 čehosi , tak nastal čas na kontroly,bude te li tak laskavý.

Hijack :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by Allonzo (administrator) on X-COM (26-02-2017 10:29:37)
Running from C:\Users\Allonzo\Desktop
Loaded Profiles: Allonzo (Available Profiles: Allonzo)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Users\Allonzo\Desktop\adwcleaner_6.043.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Allonzo\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-21] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2823601367-1896843323-1796517690-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-01-24]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4a6f79e5-8da6-4451-a1e2-181d078a6556}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9a8ca0e5-5e36-4865-8644-400ce9f0a8bd}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2823601367-1896843323-1796517690-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Allonzo\AppData\Roaming\TomTom\HOME\Profiles\bovmmkmh.default [2016-10-26]
FF Extension: (No Name) - C:\Users\Allonzo\Desktop\gps home\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Allonzo\AppData\Roaming\Mozilla\Firefox\Profiles\eotr3wyy.default-1477319689961 [2017-02-26]
FF Extension: (WhatsApp™ Messenger) - C:\Users\Allonzo\AppData\Roaming\Mozilla\Firefox\Profiles\eotr3wyy.default-1477319689961\Extensions\rt42fsdty645jIidD@jetpack.xpi [2016-10-30]
FF Extension: (uBlock Origin) - C:\Users\Allonzo\AppData\Roaming\Mozilla\Firefox\Profiles\eotr3wyy.default-1477319689961\Extensions\uBlock0@raymondhill.net.xpi [2017-02-20]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Allonzo\AppData\Roaming\Mozilla\Firefox\Profiles\eotr3wyy.default-1477319689961\features\{661de6aa-cc76-4ee3-988e-dd2ec2474b3b}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-22]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-31] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-01-31] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-08-02] (Disc Soft Ltd)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-31] (REALiX(tm))
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [4767504 2016-02-15] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 EverestDriver; \??\C:\Users\Allonzo\AppData\Local\Temp\EverestDriver.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 10:29 - 2017-02-26 10:29 - 00015327 _____ C:\Users\Allonzo\Desktop\LM.bat
2017-02-26 10:29 - 2017-02-26 10:29 - 00011152 _____ C:\Users\Allonzo\Desktop\FRST.txt
2017-02-26 10:14 - 2017-02-26 10:29 - 00029696 _____ C:\Users\Allonzo\AppData\Local\MSGBOX.EXE
2017-02-26 10:14 - 2017-02-26 10:14 - 00008010 _____ C:\Users\Allonzo\Desktop\Addition.rar
2017-02-26 10:10 - 2017-02-26 10:10 - 00112640 _____ (forum.viry.cz) C:\Users\Allonzo\Desktop\FRSTLauncher.exe
2017-02-26 10:04 - 2017-02-26 10:04 - 00002376 _____ C:\Users\Allonzo\Desktop\AdwCleaner[S6].txt
2017-02-26 09:58 - 2017-02-26 09:58 - 02903480 _____ C:\Users\Allonzo\Desktop\notepad_7.3.2.exe
2017-02-26 09:54 - 2017-02-26 09:55 - 55566792 _____ (Malwarebytes ) C:\Users\Allonzo\Desktop\mb3-setup-adwc.adwc100.3.0.6.1469.exe
2017-02-26 09:53 - 2017-02-26 09:53 - 04015056 _____ C:\Users\Allonzo\Desktop\adwcleaner_6.043.exe
2017-02-24 18:50 - 2017-02-24 18:50 - 00000585 _____ C:\Users\Allonzo\Desktop\µTorrent.lnk
2017-02-24 18:50 - 2017-02-24 18:50 - 00000000 ____D C:\Users\Allonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2017-02-24 18:49 - 2017-02-24 18:49 - 02168712 _____ (emc) C:\Users\Allonzo\Downloads\uTorrent221(1).exe
2017-02-24 18:40 - 2017-02-24 18:41 - 00000000 _____ C:\Users\Allonzo\Downloads\uTorrent221.exe
2017-02-24 18:36 - 2017-02-24 18:36 - 00009051 _____ C:\Users\Allonzo\Downloads\[CzT]Urob_Si_Sam_Zahrada_01_2017_SK_.torrent
2017-02-24 18:21 - 2017-02-26 02:36 - 00000000 ____D C:\Users\Allonzo\Desktop\luck III
2017-02-24 18:20 - 2017-02-24 23:46 - 00000000 ____D C:\Users\Allonzo\Desktop\non-compl
2017-02-24 18:07 - 2017-02-24 18:38 - 00000000 ____D C:\Users\Allonzo\AppData\Roaming\uTorrent
2017-02-17 17:37 - 2017-02-26 04:45 - 00000955 _____ C:\Users\Allonzo\Desktop\music – zástupce.lnk
2017-02-06 20:24 - 2017-02-26 09:48 - 00035328 _____ C:\Users\Allonzo\Desktop\únor.xls
2017-02-04 18:08 - 2017-02-04 18:08 - 00000000 ____D C:\WINDOWS\system32\6f7413a12ea79bc2e1bf91..bin
2017-01-27 12:21 - 2017-02-15 14:39 - 00000000 ____D C:\Users\Allonzo\Documents\Duels of the Planeswalkers Dumps
2017-01-27 07:26 - 2017-01-27 07:28 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-27 07:23 - 2017-01-27 07:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-01-27 07:22 - 2017-01-27 07:22 - 00000000 ____D C:\Program Files\ATI Technologies

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 10:29 - 2016-11-19 02:44 - 00000000 ____D C:\Users\Allonzo\AppData\LocalLow\Mozilla
2017-02-26 10:29 - 2016-08-10 13:41 - 00000000 ____D C:\FRST
2017-02-26 10:06 - 2017-01-13 11:24 - 02423296 _____ (Farbar) C:\Users\Allonzo\Desktop\FRST64.exe
2017-02-26 10:01 - 2016-08-10 20:16 - 00000000 ____D C:\AdwCleaner
2017-02-26 09:49 - 2016-12-27 07:02 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-26 09:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-26 09:49 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-26 09:24 - 2016-09-21 22:54 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-26 04:08 - 2017-01-13 14:59 - 00005196 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for X-COM-Allonzo X-com
2017-02-25 23:07 - 2016-09-21 23:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-25 23:06 - 2016-09-21 23:00 - 00000000 ____D C:\Users\Allonzo
2017-02-25 23:06 - 2016-09-21 22:56 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-25 23:06 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-25 20:16 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-25 20:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-25 18:57 - 2016-12-30 17:28 - 00000000 ____D C:\Users\Allonzo\Desktop\luck
2017-02-25 04:14 - 2016-07-31 10:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-25 04:10 - 2016-07-31 10:35 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 18:53 - 2017-01-11 04:40 - 00000000 ____D C:\zaloha
2017-02-24 18:10 - 2017-01-19 14:02 - 00000000 ____D C:\Users\Allonzo\Desktop\luck II
2017-02-24 17:32 - 2016-11-01 05:27 - 00000468 _____ C:\Users\Allonzo\Desktop\Aut.txt
2017-02-23 05:07 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 18:08 - 2016-07-31 08:18 - 00000000 ____D C:\Users\Allonzo\AppData\Local\Packages
2017-02-19 00:38 - 2016-08-01 04:55 - 00000000 ____D C:\Program Files\Rockstar Games
2017-02-19 00:38 - 2016-08-01 04:55 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-02-16 05:19 - 2016-07-31 17:56 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-15 07:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 07:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-12 00:20 - 2016-09-09 05:50 - 00000000 ____D C:\Users\Allonzo\AppData\Local\Battle.net
2017-02-10 16:50 - 2016-08-22 00:24 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-06 20:48 - 2017-01-11 04:18 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2017-01-11 04:18 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-01 10:26 - 2016-08-02 20:12 - 00000000 ____D C:\Program Files\KMSpico
2017-01-30 18:50 - 2016-11-17 21:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-30 18:50 - 2016-08-17 04:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-30 18:46 - 2016-07-31 10:59 - 00000000 ____D C:\ProgramData\AMD
2017-01-27 07:28 - 2016-07-31 08:20 - 00002397 _____ C:\Users\Allonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 07:28 - 2016-07-31 08:20 - 00000000 ___RD C:\Users\Allonzo\OneDrive

==================== Files in the root of some directories =======

2016-07-31 17:46 - 2016-07-31 17:46 - 7129600 _____ () C:\Users\Allonzo\AppData\Roaming\agent.dat
2016-07-31 17:46 - 2016-07-31 17:46 - 0067968 _____ () C:\Users\Allonzo\AppData\Roaming\Config.xml
2016-07-31 17:46 - 2016-07-31 17:46 - 0014400 _____ () C:\Users\Allonzo\AppData\Roaming\InstallationConfiguration.xml
2016-07-31 17:46 - 2016-07-31 17:46 - 0129024 _____ () C:\Users\Allonzo\AppData\Roaming\Installer.dat
2016-07-31 17:46 - 2016-07-31 17:46 - 0018432 _____ () C:\Users\Allonzo\AppData\Roaming\Main.dat
2016-07-31 17:46 - 2016-07-31 17:46 - 0005568 _____ () C:\Users\Allonzo\AppData\Roaming\md.xml
2016-07-31 17:46 - 2016-07-31 17:46 - 0126464 _____ () C:\Users\Allonzo\AppData\Roaming\noah.dat
2016-07-31 17:46 - 2016-07-31 17:46 - 2279413 _____ () C:\Users\Allonzo\AppData\Roaming\Quad-Bam.bin
2016-07-31 17:46 - 2016-07-31 17:46 - 0032038 _____ () C:\Users\Allonzo\AppData\Roaming\uninstall_temp.ico
2016-07-31 17:46 - 2016-07-31 17:46 - 0681984 _____ () C:\Users\Allonzo\AppData\Roaming\Voltcom.exe
2016-07-31 17:46 - 2016-07-31 17:46 - 1904376 _____ () C:\Users\Allonzo\AppData\Roaming\Voltcom.tst
2017-02-26 10:14 - 2017-02-26 10:29 - 0029696 _____ () C:\Users\Allonzo\AppData\Local\MSGBOX.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 00:27

==================== End of FRST.txt ============================

Addition.rar

(7.89 KiB) Staženo 86 x

[Alonzop]

ADW (nic sem nemazal) 11 ohrožení
:
# AdwCleaner v6.043 - Logfile created 26/02/2017 at 10:01:24
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Allonzo - X-COM
# Running from : C:\Users\Allonzo\Desktop\adwcleaner_6.043.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

File Found: C:\Users\Allonzo\AppData\Roaming\md.xml
File Found: C:\Users\Allonzo\AppData\Roaming\Config.xml
File Found: C:\Users\Allonzo\AppData\Roaming\noah.dat
File Found: C:\Users\Allonzo\AppData\Roaming\Installer.dat
File Found: C:\Users\Allonzo\AppData\Roaming\InstallationConfiguration.xml
File Found: C:\Users\Allonzo\AppData\Roaming\Main.dat
File Found: C:\Users\Allonzo\AppData\Roaming\agent.dat
File Found: C:\Users\Allonzo\AppData\Roaming\uninstall_temp.ico


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKU\S-1-5-21-2823601367-1896843323-1796517690-1001\Software\Conduit
Key Found: HKCU\Software\Conduit
Key Found: [x64] HKCU\Software\Conduit


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4310 Bytes] - [10/08/2016 20:17:46]
C:\AdwCleaner\AdwCleaner[C2].txt - [1401 Bytes] - [28/08/2016 07:05:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [1632 Bytes] - [13/01/2017 14:56:22]
C:\AdwCleaner\AdwCleaner[C4].txt - [1599 Bytes] - [23/01/2017 07:20:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [8412 Bytes] - [10/08/2016 20:16:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [1490 Bytes] - [28/08/2016 07:05:23]
C:\AdwCleaner\AdwCleaner[S3].txt - [1741 Bytes] - [13/01/2017 14:53:55]
C:\AdwCleaner\AdwCleaner[S4].txt - [1693 Bytes] - [23/01/2017 07:20:01]
C:\AdwCleaner\AdwCleaner[S5].txt - [1719 Bytes] - [23/01/2017 07:28:55]
C:\AdwCleaner\AdwCleaner[S6].txt - [2220 Bytes] - [26/02/2017 10:01:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2293 Bytes] ##########

[Rudy]

Zdravím!
Díky za důvěru. ADW ovšem nemazal, neklikl jste na mazání. Zkuste ještě jednou a dejte nový log FRST

[Alonzop]

ADW po smazaní a restartu :
# AdwCleaner v6.043 - Logfile created 26/02/2017 at 11:50:57
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Allonzo - X-COM
# Running from : C:\Users\Allonzo\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Users\Allonzo\AppData\Roaming\md.xml
[-] File deleted: C:\Users\Allonzo\AppData\Roaming\Config.xml
[-] File deleted: C:\Users\Allonzo\AppData\Roaming\noah.dat
[-] File deleted: C:\Users\Allonzo\AppData\Roaming\Installer.dat
[-] File deleted: C:\Users\Allonzo\AppData\Roaming\InstallationConfiguration.xml
[-] File deleted: C:\Users\Allonzo\AppData\Roaming\Main.dat
[-] File deleted: C:\Users\Allonzo\AppData\Roaming\agent.dat
[-] File deleted: C:\Users\Allonzo\AppData\Roaming\uninstall_temp.ico


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-2823601367-1896843323-1796517690-1001\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4310 Bytes] - [10/08/2016 20:17:46]
C:\AdwCleaner\AdwCleaner[C2].txt - [1401 Bytes] - [28/08/2016 07:05:57]
C:\AdwCleaner\AdwCleaner[C3].txt - [1632 Bytes] - [13/01/2017 14:56:22]
C:\AdwCleaner\AdwCleaner[C4].txt - [1599 Bytes] - [23/01/2017 07:20:47]
C:\AdwCleaner\AdwCleaner[C5].txt - [1755 Bytes] - [26/02/2017 11:50:57]
C:\AdwCleaner\AdwCleaner[S1].txt - [8412 Bytes] - [10/08/2016 20:16:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [1490 Bytes] - [28/08/2016 07:05:23]
C:\AdwCleaner\AdwCleaner[S3].txt - [1741 Bytes] - [13/01/2017 14:53:55]
C:\AdwCleaner\AdwCleaner[S4].txt - [1693 Bytes] - [23/01/2017 07:20:01]
C:\AdwCleaner\AdwCleaner[S5].txt - [1719 Bytes] - [23/01/2017 07:28:55]
C:\AdwCleaner\AdwCleaner[S6].txt - [2376 Bytes] - [26/02/2017 10:01:24]

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2266 Bytes] ##########

[Alonzop]

Po restartovej :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by Allonzo (administrator) on X-COM (26-02-2017 11:57:06)
Running from C:\Users\Allonzo\Desktop
Loaded Profiles: Allonzo (Available Profiles: Allonzo)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(forum.viry.cz) C:\Users\Allonzo\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-21] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2823601367-1896843323-1796517690-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-01-24]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4a6f79e5-8da6-4451-a1e2-181d078a6556}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9a8ca0e5-5e36-4865-8644-400ce9f0a8bd}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2823601367-1896843323-1796517690-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Allonzo\AppData\Roaming\TomTom\HOME\Profiles\bovmmkmh.default [2016-10-26]
FF Extension: (No Name) - C:\Users\Allonzo\Desktop\gps home\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Allonzo\AppData\Roaming\Mozilla\Firefox\Profiles\eotr3wyy.default-1477319689961 [2017-02-26]
FF Extension: (WhatsApp™ Messenger) - C:\Users\Allonzo\AppData\Roaming\Mozilla\Firefox\Profiles\eotr3wyy.default-1477319689961\Extensions\rt42fsdty645jIidD@jetpack.xpi [2016-10-30]
FF Extension: (uBlock Origin) - C:\Users\Allonzo\AppData\Roaming\Mozilla\Firefox\Profiles\eotr3wyy.default-1477319689961\Extensions\uBlock0@raymondhill.net.xpi [2017-02-20]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Allonzo\AppData\Roaming\Mozilla\Firefox\Profiles\eotr3wyy.default-1477319689961\features\{661de6aa-cc76-4ee3-988e-dd2ec2474b3b}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-22]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-31] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-01-31] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-08-02] (Disc Soft Ltd)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-31] (REALiX(tm))
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [4767504 2016-02-15] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 EverestDriver; \??\C:\Users\Allonzo\AppData\Local\Temp\EverestDriver.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 11:57 - 2017-02-26 11:58 - 00011331 _____ C:\Users\Allonzo\Desktop\FRST.txt
2017-02-26 10:40 - 2017-02-26 10:40 - 00008075 _____ C:\Users\Allonzo\Desktop\Addition.rar
2017-02-26 10:10 - 2017-02-26 10:10 - 00112640 _____ (forum.viry.cz) C:\Users\Allonzo\Desktop\FRSTLauncher.exe
2017-02-26 10:04 - 2017-02-26 10:04 - 00002376 _____ C:\Users\Allonzo\Desktop\AdwCleaner[S6].txt
2017-02-26 09:58 - 2017-02-26 09:58 - 02903480 _____ C:\Users\Allonzo\Desktop\notepad_7.3.2.exe
2017-02-26 09:54 - 2017-02-26 09:55 - 55566792 _____ (Malwarebytes ) C:\Users\Allonzo\Desktop\mb3-setup-adwc.adwc100.3.0.6.1469.exe
2017-02-26 09:53 - 2017-02-26 09:53 - 04015056 _____ C:\Users\Allonzo\Desktop\adwcleaner_6.043.exe
2017-02-24 18:50 - 2017-02-24 18:50 - 00000585 _____ C:\Users\Allonzo\Desktop\µTorrent.lnk
2017-02-24 18:50 - 2017-02-24 18:50 - 00000000 ____D C:\Users\Allonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2017-02-24 18:49 - 2017-02-24 18:49 - 02168712 _____ (emc) C:\Users\Allonzo\Downloads\uTorrent221(1).exe
2017-02-24 18:40 - 2017-02-24 18:41 - 00000000 _____ C:\Users\Allonzo\Downloads\uTorrent221.exe
2017-02-24 18:36 - 2017-02-24 18:36 - 00009051 _____ C:\Users\Allonzo\Downloads\[CzT]Urob_Si_Sam_Zahrada_01_2017_SK_.torrent
2017-02-24 18:21 - 2017-02-26 02:36 - 00000000 ____D C:\Users\Allonzo\Desktop\luck III
2017-02-24 18:20 - 2017-02-24 23:46 - 00000000 ____D C:\Users\Allonzo\Desktop\non-compl
2017-02-24 18:07 - 2017-02-24 18:38 - 00000000 ____D C:\Users\Allonzo\AppData\Roaming\uTorrent
2017-02-17 17:37 - 2017-02-26 04:45 - 00000955 _____ C:\Users\Allonzo\Desktop\music – zástupce.lnk
2017-02-06 20:24 - 2017-02-26 09:48 - 00035328 _____ C:\Users\Allonzo\Desktop\únor.xls
2017-02-04 18:08 - 2017-02-04 18:08 - 00000000 ____D C:\WINDOWS\system32\6f7413a12ea79bc2e1bf91..bin
2017-01-27 12:21 - 2017-02-15 14:39 - 00000000 ____D C:\Users\Allonzo\Documents\Duels of the Planeswalkers Dumps
2017-01-27 07:26 - 2017-01-27 07:28 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-27 07:23 - 2017-01-27 07:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-01-27 07:22 - 2017-01-27 07:22 - 00000000 ____D C:\Program Files\ATI Technologies

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 11:57 - 2016-08-10 13:41 - 00000000 ____D C:\FRST
2017-02-26 11:56 - 2016-11-19 02:44 - 00000000 ____D C:\Users\Allonzo\AppData\LocalLow\Mozilla
2017-02-26 11:53 - 2017-01-13 14:59 - 00005196 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for X-COM-Allonzo X-com
2017-02-26 11:51 - 2016-09-21 23:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-26 11:51 - 2016-09-21 23:00 - 00000000 ____D C:\Users\Allonzo
2017-02-26 11:51 - 2016-09-21 22:56 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-26 11:51 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-26 11:51 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-26 11:50 - 2016-08-10 20:16 - 00000000 ____D C:\AdwCleaner
2017-02-26 11:47 - 2016-09-21 22:54 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-26 10:06 - 2017-01-13 11:24 - 02423296 _____ (Farbar) C:\Users\Allonzo\Desktop\FRST64.exe
2017-02-26 09:49 - 2016-12-27 07:02 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-26 09:49 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-25 20:16 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-25 20:16 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-25 18:57 - 2016-12-30 17:28 - 00000000 ____D C:\Users\Allonzo\Desktop\luck
2017-02-25 04:14 - 2016-07-31 10:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-25 04:10 - 2016-07-31 10:35 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 18:53 - 2017-01-11 04:40 - 00000000 ____D C:\zaloha
2017-02-24 18:10 - 2017-01-19 14:02 - 00000000 ____D C:\Users\Allonzo\Desktop\luck II
2017-02-24 17:32 - 2016-11-01 05:27 - 00000468 _____ C:\Users\Allonzo\Desktop\Aut.txt
2017-02-23 05:07 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 18:08 - 2016-07-31 08:18 - 00000000 ____D C:\Users\Allonzo\AppData\Local\Packages
2017-02-19 00:38 - 2016-08-01 04:55 - 00000000 ____D C:\Program Files\Rockstar Games
2017-02-19 00:38 - 2016-08-01 04:55 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-02-16 05:19 - 2016-07-31 17:56 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-15 07:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 07:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-12 00:20 - 2016-09-09 05:50 - 00000000 ____D C:\Users\Allonzo\AppData\Local\Battle.net
2017-02-10 16:50 - 2016-08-22 00:24 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-06 20:48 - 2017-01-11 04:18 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2017-01-11 04:18 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-01 10:26 - 2016-08-02 20:12 - 00000000 ____D C:\Program Files\KMSpico
2017-01-30 18:50 - 2016-11-17 21:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-30 18:50 - 2016-08-17 04:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-30 18:46 - 2016-07-31 10:59 - 00000000 ____D C:\ProgramData\AMD
2017-01-27 07:28 - 2016-07-31 08:20 - 00002397 _____ C:\Users\Allonzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 07:28 - 2016-07-31 08:20 - 00000000 ___RD C:\Users\Allonzo\OneDrive

==================== Files in the root of some directories =======

2016-07-31 17:46 - 2016-07-31 17:46 - 2279413 _____ () C:\Users\Allonzo\AppData\Roaming\Quad-Bam.bin
2016-07-31 17:46 - 2016-07-31 17:46 - 0681984 _____ () C:\Users\Allonzo\AppData\Roaming\Voltcom.exe
2016-07-31 17:46 - 2016-07-31 17:46 - 1904376 _____ () C:\Users\Allonzo\AppData\Roaming\Voltcom.tst

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Allonzo:Heroes & Generals [38]

==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Allonzo\Desktop" je 95668 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Addition.rar

(7.93 KiB) Staženo 87 x

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
FF Extension: (No Name) - C:\Users\Allonzo\Desktop\gps home\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
AlternateDataStreams: C:\Users\Allonzo:Heroes & Generals [38]
SafeFinder (HKLM-x32\...\{5AAF01F5-8828-46FA-8C9C-8A93E48C7436}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\Allonzo\Desktop" je 95668 MB.

To je příliš mnoho a může to způsobovat zpomalení startu systému. Vytvořte v C:\Users\Allonzo novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.

[Alonzop]

Zrovna sem to presouval , take sem to zahledl .

Safefinder odolal :
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Allonzo (26-02-2017 13:23:35) Run:2
Running from C:\Users\Allonzo\Desktop
Loaded Profiles: Allonzo (Available Profiles: Allonzo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
FF Extension: (No Name) - C:\Users\Allonzo\Desktop\gps home\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
AlternateDataStreams: C:\Users\Allonzo:Heroes & Generals [38]
SafeFinder (HKLM-x32\...\{5AAF01F5-8828-46FA-8C9C-8A93E48C7436}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION

EmptyTemp:
End
*****************

C:\Users\Allonzo\Desktop\gps home\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com => path removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0 => key removed successfully
C:\Users\Allonzo => ":Heroes & Generals" ADS removed successfully.
SafeFinder (HKLM-x32\...\{5AAF01F5-8828-46FA-8C9C-8A93E48C7436}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 591840 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39376116 B
Java, Flash, Steam htmlcache => 479439870 B
Windows/system/drivers => 5678 B
Edge => 2073 B
Chrome => 0 B
Firefox => 32455924 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 1058 B
Allonzo => 5630990 B

RecycleBin => 2460411 B
EmptyTemp: => 534 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:23:43 ====

[Rudy]

Smazáno. Log by již měl být OK.

[Alonzop]

Bezvadné,rychlé a efektivní...ostatně jako vždy, sem rád že tu ste.

Mohu se prosím otázat ohledně doporučené ochrany (či rezidentu) Jak si stoji Mcafe . Ponechat / nahradit ?

[Rudy]

McAfee je slušný AV. Pokud vám nevadí, že je placený, ponechte.

[Alonzop]

Dobrá tedy, Díky Mistře .

Pěkný zbytek večera .

[Rudy]

Mistr snad ne. Nemáte zač a hezký den!