VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Bojim se, ze ma zavirovany notebook.

https://forum.viry.cz:443/viewtopic.php?t=151757

Stránka 1 z 1

Bojim se, ze ma zavirovany notebook.

Napsal: 30 bře 2017 17:56
od Sun_Li
Zdravim,

prosim o pomoc. Mam funkcni NOD32-nic nenasel, zapnuty win firewall.
Kdyz notas neni na internetu je rychlost normalni, jakmile se pripojim yacne mrznout a celkem cile komunikuje na tehle adresach:

103.5.140.18:53
http://www.ipgeek.co/103.5.140.18
103.5.140.11:67

Spusteni RSIT skoncilo s chybou, vkladam log z DDS, snad bude stacit.
Moc dekuji ya pomoc.



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17689
Run by maimai at 18:39:11 on 2017-03-30
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.201 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 10.0.390.0 *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
SP: ESET NOD32 Antivirus 10.0.390.0 *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\windows\system32\crypserv.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\processexplorer\procexp.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\SeaMonkey\seamonkey.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\wakan\wakan.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\procex~1.lnk - c:\program files\processexplorer\procexp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\totalc~1.lnk - c:\program files\totalcmd\TOTALCMD.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 103.5.140.18 103.5.140.19
TCP: Interfaces\{61A0E461-29CD-460E-947A-510EC7882C39} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{875AABA7-06D2-470B-9E19-3CBF1AE66A27} : DHCPNameServer = 103.5.140.18 103.5.140.19
TCP: Interfaces\{875AABA7-06D2-470B-9E19-3CBF1AE66A27}\072776E2165627F6D266275656 : DHCPNameServer = 193.179.211.28 80.188.91.29
TCP: Interfaces\{875AABA7-06D2-470B-9E19-3CBF1AE66A27}\2457666616C6F6D274D293146303 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{875AABA7-06D2-470B-9E19-3CBF1AE66A27}\25F4F4D4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{875AABA7-06D2-470B-9E19-3CBF1AE66A27}\35753513461697 : DHCPNameServer = 101.110.25.155 101.110.10.155
TCP: Interfaces\{875AABA7-06D2-470B-9E19-3CBF1AE66A27}\4595E435B41402C4944502B414651425E414 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{875AABA7-06D2-470B-9E19-3CBF1AE66A27}\E264255454F57596D26496F50514353505F42545 : DHCPNameServer = 101.110.25.155 101.110.10.155
TCP: Interfaces\{CFF24251-2894-4565-A5C7-4592B7A9FBF8} : NameServer = 217.77.165.81 217.77.161.131
TCP: Interfaces\{CFF24251-2894-4565-A5C7-4592B7A9FBF8} : DHCPNameServer = 217.77.165.81 217.77.161.131
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-6-28 11520]
.
=============== Created Last 30 ================
.
2017-03-30 16:20:08 -------- d-----w- c:\program files\trend micro
.
==================== Find3M ====================
.
2017-03-27 20:20:59 62528 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2017-03-27 20:20:59 140984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2017-03-27 20:20:58 113544 ----a-w- c:\windows\system32\drivers\eamonm.sys
.
============= FINISH: 18:43:36.14 ===============

Re: Bojim se, ze ma zavirovany notebook.

Napsal: 30 bře 2017 18:07
od Sun_Li
ps.
FRSTLauncher me nejde stahnout, pri pokusu o stazeni me to vyhodi stranku ve smyslu:

vas poskytovatel internetu vas informuje, ze pokusem o stazeni xxx.exe porusujete pravidla, jestli mate nejake dotayz kontaktujte nas.

Re: Bojim se, ze ma zavirovany notebook.

Napsal: 30 bře 2017 18:08
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Bojim se, ze ma zavirovany notebook.

Napsal: 30 bře 2017 18:30
od Sun_Li
Dekuji.
Spusteno, smayano, po restartu PC nabehl log:
(ps.Moyna prestanu reagovat, mam 02:30 mistniho casu, jsem polomrtvz a rano musim vstavat, na net se moyna dostanu ay vecer.)


# AdwCleaner v6.045 - Logfile created 30/03/2017 at 19:21:29
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-30.1 [Server]
# Operating System : Windows 7 Starter Service Pack 1 (X86)
# Username : maimai - MAIMAI_PC
# Running from : C:\Users\maimai\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key deleted: HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1051 Bytes] - [30/03/2017 19:21:29]
C:\AdwCleaner\AdwCleaner[S0].txt - [1380 Bytes] - [30/03/2017 19:20:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1197 Bytes] ##########

Re: Bojim se, ze ma zavirovany notebook.

Napsal: 30 bře 2017 19:03
od Rudy
Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Pokud nejde Launcher, stačí běžný FRST.

Re: Bojim se, ze ma zavirovany notebook.

Napsal: 30 bře 2017 19:32
od Sun_Li
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by maimai (administrator) on MAIMAI_PC (30-03-2017 20:24:13)
Running from C:\Users\maimai\Desktop
Loaded Profiles: maimai (Available Profiles: maimai & renata)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Windows\System32\AsusService.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sysinternals - www.sysinternals.com) C:\Program Files\processexplorer\procexp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(mozilla.org) C:\Program Files\SeaMonkey\seamonkey.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [415920 2010-03-30] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-04-13] (Synaptics Incorporated)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-06-28] (ASUSTek Computer Inc.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2010-04-13] (Synaptics Incorporated)
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6775512 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\MountPoints2: {5ba0fc6a-8ebf-11e1-a27a-bcaec503cbdc} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\MountPoints2: {5ba0fcf9-8ebf-11e1-a27a-bcaec503cbdc} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\MountPoints2: {74700f4e-a62f-11e1-bb10-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\MountPoints2: {74700f64-a62f-11e1-bb10-bcaec503cbdc} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\MountPoints2: {aa15f80f-a631-11e1-a070-bcaec503cbdc} - E:\setup_vmb_lite.exe /checkApplicationPresence
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp - Shortcut.lnk [2012-02-01]
ShortcutTarget: procexp - Shortcut.lnk -> C:\Program Files\processexplorer\procexp.exe (Sysinternals - www.sysinternals.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TOTALCMD - Shortcut.lnk [2012-02-01]
ShortcutTarget: TOTALCMD - Shortcut.lnk -> C:\Program Files\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 103.5.140.18 103.5.140.19
Tcpip\..\Interfaces\{61A0E461-29CD-460E-947A-510EC7882C39}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{875AABA7-06D2-470B-9E19-3CBF1AE66A27}: [DhcpNameServer] 103.5.140.18 103.5.140.19
Tcpip\..\Interfaces\{CFF24251-2894-4565-A5C7-4592B7A9FBF8}: [NameServer] 217.77.165.81 217.77.161.131
Tcpip\..\Interfaces\{CFF24251-2894-4565-A5C7-4592B7A9FBF8}: [DhcpNameServer] 217.77.165.81 217.77.161.131

Internet Explorer:
==================
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-4275557178-1437537661-1358321331-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-4275557178-1437537661-1358321331-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\maimai\AppData\Roaming\Mozilla\SeaMonkey\Profiles\hhmofm1h.default [2017-03-30]
FF Homepage: Mozilla\SeaMonkey\Profiles\hhmofm1h.default -> hxxp://www.google.com/ncr
FF Extension: (DOM Inspector) - C:\Users\maimai\AppData\Roaming\Mozilla\SeaMonkey\Profiles\hhmofm1h.default\Extensions\inspector@mozilla.org [2016-07-01]
FF Extension: (ChatZilla) - C:\Users\maimai\AppData\Roaming\Mozilla\SeaMonkey\Profiles\hhmofm1h.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-11-15]
FF Extension: (JavaScript Debugger) - C:\Users\maimai\AppData\Roaming\Mozilla\SeaMonkey\Profiles\hhmofm1h.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-07-01]
FF ProfilePath: C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default [2013-07-07]
FF Extension: (CSS Stylesheet Editor) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\csseditor@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (EyeDropper) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\eyedropper@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (FontSquirrel Manager) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\fs@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Fullscreen) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\fullscreen@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Google Font Directory Manager) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\gfd@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-cs@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-de@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Suomenkielinen (FI) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-fi@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Français Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-fr@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Galego (España) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-gl@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-he@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-hu@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-it@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Japanese Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-ja@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Korean (KR) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-ko@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-nl@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-pl@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-sl@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (српски (sr) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-sr@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (MathML) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\mathml@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Opquast Accessibility First Step) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\op1@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Snippets) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\snippets@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (SVG-edit) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\svg-edit@googlegroups.com.xpi [2013-06-09] [not signed]
FF Extension: (Table Layouts) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\tablelayout@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (One-click Templates) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\templatesManager@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Thumbnailer) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\thumbnailer@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Tip of the Day) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\tipoftheday@bluegriffon.com.xpi [2013-06-09] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] () [File not signed]
R2 cpextender; C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [368272 2015-10-19] (Check Point Software Technologies)
R2 Crypkey License; C:\windows\SYSTEM32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2241992 2017-03-27] (ESET)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 nlsvc; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [495616 2010-03-25] (Locktime Software) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R3 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-01-11] (DT Soft Ltd)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [113544 2017-03-27] (ESET)
R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [140984 2017-03-27] (ESET)
R1 epfwwfpr; C:\windows\System32\DRIVERS\epfwwfpr.sys [62528 2017-03-27] (ESET)
S3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-07-12] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-07-12] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [182272 2011-07-12] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\windows\System32\DRIVERS\ewusbfake.sys [100736 2009-07-23] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2010-04-13] ( )
R1 NetworkX; C:\windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R1 nltdi; C:\windows\system32\drivers\nltdi.sys [82360 2010-03-25] (Locktime Software) [File not signed]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [428088 2012-01-11] () [File not signed]
R3 VNA; C:\windows\System32\DRIVERS\vna.sys [129304 2015-10-19] (Check Point Software Technologies)
S3 vpnva; C:\windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
U3 aoua1g4e; C:\windows\system32\Drivers\aoua1g4e.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [X]
S3 ESETCleanersDriver; \??\C:\windows\system32\Drivers\ESETCleanersDriver.sys [X]
S3 PROCEXP151; \??\C:\windows\system32\Drivers\PROCEXP151.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 20:24 - 2017-03-30 20:26 - 00019808 _____ C:\Users\maimai\Desktop\FRST.txt
2017-03-30 20:23 - 2017-03-30 20:24 - 00000000 ____D C:\FRST
2017-03-30 19:14 - 2017-03-30 19:21 - 00000000 ____D C:\AdwCleaner
2017-03-30 19:11 - 2017-03-30 19:11 - 04089296 _____ C:\Users\maimai\Desktop\adwcleaner_6.045.exe
2017-03-30 19:03 - 2017-03-30 19:03 - 01766912 _____ (Farbar) C:\Users\maimai\Desktop\FRST.exe
2017-03-30 18:44 - 2017-03-30 18:44 - 00007775 _____ C:\Users\maimai\Desktop\attach.txt
2017-03-30 18:44 - 2017-03-30 18:43 - 00007372 _____ C:\Users\maimai\Desktop\dds.txt
2017-03-30 18:37 - 2017-03-30 18:37 - 00688992 ____R (Swearware) C:\Users\maimai\Desktop\dds.exe
2017-03-30 18:20 - 2017-03-30 18:31 - 00000000 ____D C:\Program Files\trend micro
2017-03-30 18:20 - 2017-03-30 18:20 - 00000000 ____D C:\rsit
2017-03-30 18:18 - 2017-03-30 18:18 - 01206272 _____ C:\Users\maimai\Desktop\RSIT.exe
2017-03-30 13:57 - 2017-03-30 13:57 - 00003288 ____N C:\bootsqm.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 19:42 - 2014-04-26 10:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-03-30 19:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 19:30 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-30 19:23 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-30 17:36 - 2009-07-25 09:50 - 00893478 _____ C:\windows\system32\PerfStringBackup.INI
2017-03-30 17:36 - 2009-07-14 04:37 - 00000000 ____D C:\windows\inf
2017-03-27 22:20 - 2015-07-14 15:29 - 00140984 _____ (ESET) C:\windows\system32\Drivers\ehdrv.sys
2017-03-27 22:20 - 2015-07-14 15:29 - 00113544 _____ (ESET) C:\windows\system32\Drivers\eamonm.sys
2017-03-27 22:20 - 2015-07-14 15:29 - 00062528 _____ (ESET) C:\windows\system32\Drivers\epfwwfpr.sys

==================== Files in the root of some directories =======

2014-07-26 05:13 - 2014-07-26 05:14 - 0005632 _____ () C:\Users\maimai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-29 20:11 - 2016-09-26 17:01 - 0001832 _____ () C:\Users\maimai\AppData\Local\SLC_maimai.prx
2011-07-10 15:56 - 2011-07-10 15:56 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2010-06-28 19:18 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-09 16:47

==================== End of FRST.txt ============================

Re: Bojim se, ze ma zavirovany notebook.

Napsal: 30 bře 2017 20:20
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\MountPoints2: {5ba0fc6a-8ebf-11e1-a27a-bcaec503cbdc} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\MountPoints2: {5ba0fcf9-8ebf-11e1-a27a-bcaec503cbdc} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\MountPoints2: {74700f4e-a62f-11e1-bb10-806e6f6e6963} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\MountPoints2: {74700f64-a62f-11e1-bb10-bcaec503cbdc} - E:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\MountPoints2: {aa15f80f-a631-11e1-a070-bcaec503cbdc} - E:\setup_vmb_lite.exe /checkApplicationPresence
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-4275557178-1437537661-1358321331-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-4275557178-1437537661-1358321331-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
U3 aoua1g4e; C:\windows\system32\Drivers\aoua1g4e.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
C:\Users\maimai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Bojim se, ze ma zavirovany notebook.

Napsal: 31 bře 2017 11:55
od Sun_Li
Provedeno, vkladam aktualni log.
(NetLimiter me nicmene hlasi na tech dvou IP adresach porad provoz a to jak prichozi tak odchozi.)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by maimai (administrator) on MAIMAI_PC (31-03-2017 12:43:29)
Running from C:\Users\maimai\Desktop
Loaded Profiles: maimai (Available Profiles: maimai & renata)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Windows\System32\AsusService.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Locktime Software) C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\APRP\aprp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [415920 2010-03-30] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-04-13] (Synaptics Incorporated)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2010-06-28] (ASUSTek Computer Inc.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2010-04-13] (Synaptics Incorporated)
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6775512 2016-06-10] (Piriform Ltd)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\procexp - Shortcut.lnk [2012-02-01]
ShortcutTarget: procexp - Shortcut.lnk -> C:\Program Files\processexplorer\procexp.exe (Sysinternals - www.sysinternals.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TOTALCMD - Shortcut.lnk [2012-02-01]
ShortcutTarget: TOTALCMD - Shortcut.lnk -> C:\Program Files\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 103.5.140.18 103.5.140.19
Tcpip\..\Interfaces\{61A0E461-29CD-460E-947A-510EC7882C39}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{875AABA7-06D2-470B-9E19-3CBF1AE66A27}: [DhcpNameServer] 103.5.140.18 103.5.140.19
Tcpip\..\Interfaces\{CFF24251-2894-4565-A5C7-4592B7A9FBF8}: [NameServer] 217.77.165.81 217.77.161.131
Tcpip\..\Interfaces\{CFF24251-2894-4565-A5C7-4592B7A9FBF8}: [DhcpNameServer] 217.77.165.81 217.77.161.131

Internet Explorer:
==================
HKU\S-1-5-21-4275557178-1437537661-1358321331-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\maimai\AppData\Roaming\Mozilla\SeaMonkey\Profiles\hhmofm1h.default [2017-03-31]
FF Homepage: Mozilla\SeaMonkey\Profiles\hhmofm1h.default -> hxxp://www.google.com/ncr
FF Extension: (DOM Inspector) - C:\Users\maimai\AppData\Roaming\Mozilla\SeaMonkey\Profiles\hhmofm1h.default\Extensions\inspector@mozilla.org [2016-07-01]
FF Extension: (ChatZilla) - C:\Users\maimai\AppData\Roaming\Mozilla\SeaMonkey\Profiles\hhmofm1h.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-11-15]
FF Extension: (JavaScript Debugger) - C:\Users\maimai\AppData\Roaming\Mozilla\SeaMonkey\Profiles\hhmofm1h.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-07-01]
FF ProfilePath: C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default [2013-07-07]
FF Extension: (CSS Stylesheet Editor) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\csseditor@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (EyeDropper) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\eyedropper@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (FontSquirrel Manager) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\fs@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Fullscreen) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\fullscreen@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Google Font Directory Manager) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\gfd@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-cs@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-de@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (English (US) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Español (España) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Suomenkielinen (FI) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-fi@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Français Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-fr@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Galego (España) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-gl@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-he@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-hu@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-it@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Japanese Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-ja@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Korean (KR) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-ko@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-nl@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Polski Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-pl@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-sl@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (српски (sr) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-sr@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2013-06-09] [not signed]
FF Extension: (MathML) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\mathml@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Opquast Accessibility First Step) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\op1@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Snippets) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\snippets@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (SVG-edit) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\svg-edit@googlegroups.com.xpi [2013-06-09] [not signed]
FF Extension: (Table Layouts) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\tablelayout@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (One-click Templates) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\templatesManager@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Thumbnailer) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\thumbnailer@bluegriffon.com.xpi [2013-06-09] [not signed]
FF Extension: (Tip of the Day) - C:\Users\maimai\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2803sqz5.default\Extensions\tipoftheday@bluegriffon.com.xpi [2013-06-09] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-19] () [File not signed]
R2 cpextender; C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [368272 2015-10-19] (Check Point Software Technologies)
R2 Crypkey License; C:\windows\SYSTEM32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2241992 2017-03-27] (ESET)
S2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2009-05-15] (Hewlett-Packard) [File not signed]
R2 nlsvc; C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe [495616 2010-03-25] (Locktime Software) [File not signed]
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2009-05-15] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11520 2010-03-31] ()
R3 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [239168 2012-01-11] (DT Soft Ltd)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [113544 2017-03-27] (ESET)
R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [140984 2017-03-27] (ESET)
R1 epfwwfpr; C:\windows\System32\DRIVERS\epfwwfpr.sys [62528 2017-03-27] (ESET)
S3 huawei_cdcacm; C:\windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-07-12] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-07-12] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\windows\System32\DRIVERS\ew_juwwanecm.sys [182272 2011-07-12] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\windows\System32\DRIVERS\ewusbfake.sys [100736 2009-07-23] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2010-04-13] ( )
R1 NetworkX; C:\windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R1 nltdi; C:\windows\system32\drivers\nltdi.sys [82360 2010-03-25] (Locktime Software) [File not signed]
R0 sptd; C:\windows\System32\Drivers\sptd.sys [428088 2012-01-11] () [File not signed]
R3 VNA; C:\windows\System32\DRIVERS\vna.sys [129304 2015-10-19] (Check Point Software Technologies)
S3 vpnva; C:\windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
U3 alfdkfyk; C:\windows\system32\Drivers\alfdkfyk.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [X]
S3 ESETCleanersDriver; \??\C:\windows\system32\Drivers\ESETCleanersDriver.sys [X]
S3 PROCEXP151; \??\C:\windows\system32\Drivers\PROCEXP151.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-31 12:43 - 2017-03-31 12:44 - 00018249 _____ C:\Users\maimai\Desktop\FRST.txt
2017-03-30 20:23 - 2017-03-31 12:43 - 00000000 ____D C:\FRST
2017-03-30 19:14 - 2017-03-30 19:21 - 00000000 ____D C:\AdwCleaner
2017-03-30 19:11 - 2017-03-30 19:11 - 04089296 _____ C:\Users\maimai\Desktop\adwcleaner_6.045.exe
2017-03-30 19:03 - 2017-03-30 19:03 - 01766912 _____ (Farbar) C:\Users\maimai\Desktop\FRST.exe
2017-03-30 18:37 - 2017-03-30 18:37 - 00688992 ____R (Swearware) C:\Users\maimai\Desktop\dds.exe
2017-03-30 18:20 - 2017-03-30 18:31 - 00000000 ____D C:\Program Files\trend micro
2017-03-30 18:20 - 2017-03-30 18:20 - 00000000 ____D C:\rsit
2017-03-30 18:18 - 2017-03-30 18:18 - 01206272 _____ C:\Users\maimai\Desktop\RSIT.exe
2017-03-30 13:57 - 2017-03-30 13:57 - 00003288 ____N C:\bootsqm.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-31 12:31 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-31 12:31 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-31 12:24 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-31 11:33 - 2009-07-25 09:50 - 00893478 _____ C:\windows\system32\PerfStringBackup.INI
2017-03-31 11:33 - 2009-07-14 04:37 - 00000000 ____D C:\windows\inf
2017-03-30 19:42 - 2014-04-26 10:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-03-27 22:20 - 2015-07-14 15:29 - 00140984 _____ (ESET) C:\windows\system32\Drivers\ehdrv.sys
2017-03-27 22:20 - 2015-07-14 15:29 - 00113544 _____ (ESET) C:\windows\system32\Drivers\eamonm.sys
2017-03-27 22:20 - 2015-07-14 15:29 - 00062528 _____ (ESET) C:\windows\system32\Drivers\epfwwfpr.sys

==================== Files in the root of some directories =======

2016-03-29 20:11 - 2016-09-26 17:01 - 0001832 _____ () C:\Users\maimai\AppData\Local\SLC_maimai.prx
2011-07-10 15:56 - 2011-07-10 15:56 - 0000048 ____H () C:\ProgramData\ezsidmv.dat
2010-06-28 19:18 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-09 16:47

==================== End of FRST.txt ============================

Re: Bojim se, ze ma zavirovany notebook.

Napsal: 31 bře 2017 15:55
od Rudy
Smazáno. Ještě proveďte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Bojim se, ze ma zavirovany notebook.

Napsal: 31 bře 2017 17:10
od Sun_Li
Tady je log. Tise doufam, ze se ten problem vzresi. Jakmile se pripojim k internetu tak i otevreni poznamkoveho bloku trva minuty, offline reaguje vse jako blesk.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/31/17
Scan Time: 5:27 PM
Logfile: report.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1637
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: maimai_PC\maimai

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277087
Time Elapsed: 25 min, 32 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Re: Bojim se, ze ma zavirovany notebook.

Napsal: 31 bře 2017 17:23
od Rudy
PC je čisté. Zkuste opravit winsock: https://support.microsoft.com/cs-cz/hel ... ll-utility .
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz