Dobrý den,
na notebooku mám asi dva měsíce problémy s Adwarem (je možné, že je jich víc). Pravděpodobně "dáreček" k instalaci. Prosím o kontrolu logu (FRST).
Předem moc děkuji a prosím, abyste mi pokud možno vysvětlili jak postupovat co nejvíce "po lopatě".
Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-05-2017 02
Ran by mvece (administrator) on LAPTOP-9AP0CRJG (05-05-2017 20:37:21)
Running from C:\Users\mvece\Desktop
Loaded Profiles: mvece (Available Profiles: mvece)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(hxxp://www.amuleall.org/) C:\Config.Msi\4328f3e6.rbf
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Akamai Technologies, Inc.) C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Users\mvece\AppData\Local\background_fault\aswRD.exe
(Akamai Technologies, Inc.) C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\SDK\CM_LibraryIO.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(WiperSoft) C:\Program Files\WiperSoft\WiperSoft.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Huawei) C:\Program Files (x86)\HiSuite\HiSuite.exe
(Huawei) C:\Program Files (x86)\HiSuite\hwtools\hdbtransport.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17032.10341.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8067.57781.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser_crashreporter.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
(forum.viry.cz) C:\Users\mvece\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [BloodyTonemaker] => C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe [8473088 2016-03-02] ()
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [Akamai NetSession Interface] => C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [background_fault] => C:\Users\mvece\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== ATTENTION
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {0681c056-3eb7-11e6-9bda-54ab3a5b02bd} - "E:\autorun.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {6d009eb4-4da9-11e6-9bdf-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {ed3d016b-0198-11e7-9c15-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{882d1620-1b3f-4343-9635-a1d107255070}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{d0354b49-1f4d-4b6d-b460-fab0df96bfd9}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
SearchScopes: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
SearchScopes: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&t ... earchTerms}
SearchScopes: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> {5CBAD2B1-0E2A-4062-A23B-5323D343F686} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-05] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-05] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=148 ... 46TAE46TAE
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... 46TAE46TAE
FireFox:
========
FF DefaultProfile: kf61vqfm.default
FF ProfilePath: C:\Users\mvece\AppData\Roaming\Firefox\Firefox\Profiles\kf61vqfm.default [2017-05-04]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\mvece\AppData\Roaming\Firefox\Firefox\Profiles\kf61vqfm.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-05-04] [not signed]
FF SearchPlugin: C:\Users\mvece\AppData\Roaming\Firefox\Firefox\Profiles\kf61vqfm.default\searchplugins\startsearch.xml [2017-05-04]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE
CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE"
CHR Profile: C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default [2017-05-05]
CHR Extension: (Prezentace Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-13]
CHR Extension: (BetterTTV) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-05-05]
CHR Extension: (Dokumenty Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
CHR Extension: (Disk Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (Zhasnout světla) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-05-05]
CHR Extension: (YouTube) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
CHR Extension: (Adblock Plus) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-15]
CHR Extension: (Avast SafePrice) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-15]
CHR Extension: (Tabulky Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13]
CHR Extension: (Vysor) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-02-11]
CHR Extension: (AdBlock) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Avast Online Security) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-15]
CHR Extension: (Morpheon Dark) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-01-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
CHR Extension: (Chrome Media Router) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=14939 ... 46TAE46TAE
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Cansuck\Application\chrome.exe <==== ATTENTION
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [102064 2017-02-28] ()
S2 AMD; C:\Users\mvece\AppData\Local\AMD\amd.exe [246272 2017-04-22] () [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows (R) Win 7 DDK provider)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-05] (windows) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
S4 clean; C:\Users\mvece\AppData\Local\clean\Kyubey.exe [114688 2017-04-22] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe [310256 2017-02-07] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe [488944 2017-02-07] (Intel Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [107672 2017-05-04] () <==== ATTENTION
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-17] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe [350704 2017-02-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
S4 Kyubey; C:\Users\mvece\AppData\Roaming\Kyubey\Kyubey.exe [240128 2017-04-22] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-05] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-05] (Acer Incorporated)
R2 SNARE; C:\Users\mvece\AppData\Local\SNARE\Snare.dll [826368 2017-05-02] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 SNAREA; C:\Users\mvece\AppData\Local\SNAREA\Snare.dll [826368 2017-05-03] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
S4 SNARER; C:\Users\mvece\AppData\Local\SNARER\Snarer.dll [793600 2017-04-22] () [File not signed] <==== ATTENTION
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
R2 WANARE; C:\Users\mvece\AppData\Local\WANARE\Snare.dll [826368 2017-05-05] (InterSect Alliance Pty Ltd) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115856 2016-07-13] (Wondershare)
R2 ed2kidle; "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle [X]
S4 Kitty; C:\Users\mvece\AppData\Local\Kitty\Kitty.dll [X] <==== ATTENTION
S4 WinSAPSvc; C:\Users\mvece\AppData\Roaming\WinSAPSvc\WinSAP.dll [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
R3 CMUAC; C:\WINDOWS\system32\DRIVERS\Headset6400x1.SYS [387072 2013-10-03] (A4Tech Inc.)
R1 cryptfd; C:\WINDOWS\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igdkmd64.sys [11041776 2017-02-07] (Intel Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== ATTENTION
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-05] (Acer Incorporated)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [File not signed]
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-05] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-05] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-07-29] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
U2 WinSnare; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-05 20:37 - 2017-05-05 20:39 - 00039462 _____ C:\Users\mvece\Desktop\FRST.txt
2017-05-05 20:36 - 2017-05-05 20:36 - 00112640 _____ (forum.viry.cz) C:\Users\mvece\Desktop\FRSTLauncher.exe
2017-05-05 20:35 - 2017-05-05 20:37 - 00000000 ____D C:\FRST
2017-05-05 20:35 - 2017-05-05 20:35 - 02429440 _____ (Farbar) C:\Users\mvece\Desktop\FRST64.exe
2017-05-05 20:25 - 2017-05-05 20:25 - 00000000 ____D C:\Program Files (x86)\Cansuck
2017-05-05 14:34 - 2017-05-05 14:34 - 00000000 ____D C:\Program Files (x86)\{9F11ACC5-3A36-4AED-AEFF-3E4DBBC7D3AA}
2017-05-05 14:20 - 2017-05-05 14:20 - 100371107 _____ C:\Users\mvece\Desktop\VID_20160709_114705.mp4
2017-05-05 12:15 - 2017-05-05 12:33 - 1968676084 _____ C:\Users\mvece\Desktop\Allegiant.2016.1080p.BluRay.AAC-RARBG.mp4.mp4
2017-05-05 12:13 - 2017-05-05 12:13 - 00068815 _____ C:\Users\mvece\Desktop\Allegiant(0000274557).srt
2017-05-05 11:53 - 2017-05-05 14:34 - 00000000 ____D C:\Users\mvece\AppData\Local\WANARE
2017-05-05 11:53 - 2017-05-05 11:53 - 00000000 ____D C:\ProgramData\BIT
2017-05-04 23:02 - 2017-05-04 23:02 - 00003264 _____ C:\WINDOWS\System32\Tasks\{B63C7928-8EC8-43B7-8682-74EC6F4549C7}
2017-05-04 22:13 - 2017-05-04 22:13 - 06751872 _____ (ESET spol. s r.o.) C:\Users\mvece\Desktop\esetonlinescanner_csy.exe
2017-05-04 22:13 - 2017-05-04 22:13 - 00000000 ____D C:\Users\mvece\AppData\Local\ESET
2017-05-04 10:11 - 2017-05-04 10:11 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-05-04 10:10 - 2017-05-05 10:47 - 00000000 ____D C:\Users\mvece\AppData\Local\background_fault
2017-05-03 13:36 - 2017-05-05 10:49 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-03 10:31 - 2017-05-03 13:36 - 00000000 ____D C:\Users\mvece\AppData\Local\SNAREA
2017-05-03 10:29 - 2017-05-03 10:29 - 00000000 ____D C:\Program Files (x86)\{45D796CE-C2C5-45D5-A411-468FE7316A06}
2017-05-02 19:23 - 2017-05-02 19:23 - 00000752 _____ C:\Users\mvece\Downloads\Plocha – zástupce (2).lnk
2017-05-01 11:35 - 2017-05-01 11:35 - 00000000 ____D C:\ProgramData\HP
2017-05-01 11:34 - 2017-05-01 11:34 - 00000000 ____D C:\Users\mvece\AppData\Roaming\HPPSDr
2017-05-01 11:34 - 2017-05-01 11:34 - 00000000 ____D C:\Program Files (x86)\HP
2017-04-28 19:54 - 2017-04-28 19:54 - 00000843 _____ C:\Users\mvece\Desktop\Filmy – zástupce.lnk
2017-04-28 19:53 - 2017-04-28 19:53 - 00000738 _____ C:\Users\mvece\Documents\Hudba – zástupce.lnk
2017-04-28 19:51 - 2017-04-28 19:51 - 00000000 ____D C:\Users\mvece\Documents\Náramky
2017-04-28 19:48 - 2017-04-28 19:48 - 00000000 ____D C:\Program Files (x86)\{D4643B4E-5211-47F6-9067-44D655B96362}
2017-04-28 19:48 - 2017-04-28 19:48 - 00000000 ____D C:\Alitkojck
2017-04-28 19:47 - 2017-04-28 19:50 - 00000000 ____D C:\Users\mvece\Documents\Yoyo
2017-04-28 19:45 - 2017-04-28 19:46 - 00000000 ____D C:\Users\mvece\Documents\Zápisy - mix
2017-04-26 15:47 - 2017-05-02 14:28 - 00000003 _____ C:\WINDOWS\SysWOW64\f_z
2017-04-26 15:20 - 2017-05-05 14:34 - 00000000 ____D C:\Insist
2017-04-26 15:20 - 2017-04-26 15:20 - 00000000 ____D C:\WINDOWS\psgo
2017-04-26 15:20 - 2017-04-26 15:20 - 00000000 ____D C:\Program Files (x86)\{1463B1FE-2E1E-4B57-A2CD-290C28B2A1C3}
2017-04-21 12:02 - 2017-05-05 10:51 - 00000000 ____D C:\Program Files (x86)\AlphaGo
2017-04-20 10:45 - 2017-04-20 10:45 - 00000000 ____D C:\Program Files (x86)\{23CB7CB0-5D92-48D8-997E-6C19F34492A5}
2017-04-19 14:44 - 2017-04-19 14:44 - 00000000 ____D C:\Users\mvece\AppData\Local\3DM
2017-04-18 16:09 - 2017-04-22 12:36 - 00000000 ____D C:\Program Files (x86)\{CE4F718F-B2FA-4D99-B47F-54F7A0139FCB}
2017-04-18 16:09 - 2017-04-18 16:09 - 00000000 ____D C:\WINDOWS\Update
2017-04-17 15:39 - 2017-04-26 18:27 - 00001271 _____ C:\Users\mvece\Desktop\nativelog.txt
2017-04-14 18:49 - 2017-04-14 18:49 - 00029976 _____ C:\ProgramData\agent.update.1492188567.bdinstall.bin
2017-04-14 17:34 - 2017-04-14 17:35 - 01380712 _____ C:\Users\mvece\Downloads\facerig.exe
2017-04-14 17:33 - 2017-04-14 17:33 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-04-14 17:31 - 2017-04-29 22:18 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-04-14 17:31 - 2017-04-14 17:31 - 00046965 _____ C:\ProgramData\agent.1492183867.bdinstall.bin
2017-04-14 09:15 - 2017-04-14 09:15 - 00000000 ____D C:\Program Files (x86)\Terela
2017-04-13 14:34 - 2017-04-22 12:36 - 00000000 ____D C:\Program Files (x86)\{CAB9AC0F-80E9-4A92-BE41-921BF7B12597}
2017-04-13 11:19 - 2017-05-05 14:22 - 00000000 ____D C:\Users\mvece\AppData\Local\SNARE
2017-04-13 11:19 - 2017-05-05 14:22 - 00000000 ____D C:\Users\mvece\AppData\Local\Kitty
2017-04-11 14:34 - 2017-04-11 14:34 - 00000000 ____D C:\Program Files (x86)\{AD7FC7E6-2854-40D0-80FD-272815073C63}
2017-04-11 10:13 - 2017-04-12 19:51 - 00000000 ____D C:\Users\mvece\AppData\Local\SNARER
2017-04-11 10:13 - 2017-04-11 10:13 - 00000000 ____D C:\Program Files (x86)\{E1687BCE-5097-4EAB-948C-0424E6F6907C}
2017-04-10 16:17 - 2017-04-10 16:17 - 00001120 _____ C:\Users\mvece\Desktop\Herbář – zástupce.lnk
2017-04-07 17:16 - 2017-04-07 17:16 - 00000000 ____D C:\Users\mvece\AppData\Local\AMD
2017-04-06 12:27 - 2017-05-05 17:40 - 00000000 ____D C:\Users\mvece\AppData\Roaming\SNARER
2017-04-05 17:35 - 2017-04-05 17:35 - 00000000 ____D C:\Users\mvece\AppData\Local\clean
2017-04-05 15:01 - 2017-04-05 15:10 - 00000000 ____D C:\Users\mvece\AppData\Local\Autodesk
2017-04-05 15:01 - 2017-04-05 15:01 - 00000000 ____D C:\Users\mvece\Documents\MB
2017-04-05 14:58 - 2017-04-05 14:58 - 00000000 ____D C:\Users\mvece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-04-05 14:43 - 2017-05-04 22:48 - 00000000 ____D C:\ProgramData\Autodesk
2017-04-05 14:43 - 2017-04-05 15:11 - 00000000 ____D C:\Users\mvece\AppData\Roaming\Autodesk
2017-04-05 14:42 - 2017-04-05 14:42 - 00000000 ____D C:\Users\mvece\AppData\Local\Akamai
2017-04-05 14:42 - 2017-04-05 14:42 - 00000000 ____D C:\Autodesk
2017-04-05 11:42 - 2017-05-05 14:19 - 00000000 ____D C:\Program Files (x86)\WINSNARE(4.4.6)
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-05 20:25 - 2016-06-13 18:54 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-05 19:46 - 2016-06-13 19:03 - 00000000 ____D C:\Users\mvece\AppData\Roaming\vlc
2017-05-05 19:43 - 2017-03-13 19:28 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-05-05 19:25 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-05 19:19 - 2016-08-09 11:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-05 17:40 - 2017-03-11 15:35 - 00000000 ____D C:\Users\mvece\AppData\Roaming\WinSAPSvc
2017-05-05 17:39 - 2017-03-11 09:34 - 00000000 ____D C:\Users\mvece\AppData\Roaming\Lifoykuqucult
2017-05-05 14:35 - 2017-03-30 14:43 - 00003592 _____ C:\WINDOWS\System32\Tasks\Windows-PG
2017-05-05 14:35 - 2017-03-11 15:35 - 00003680 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-05-05 14:22 - 2015-08-31 12:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-05 13:15 - 2017-03-13 19:28 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-05-05 11:35 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-05 11:35 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-05 11:02 - 2017-03-11 10:48 - 00000000 ____D C:\Users\mvece\AppData\Roaming\WiperSoft
2017-05-05 10:55 - 2017-01-12 22:42 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-05 10:54 - 2016-06-13 18:35 - 00000000 ____D C:\Users\mvece\AppData\Local\Host App Service
2017-05-05 10:52 - 2017-02-03 17:49 - 00000000 ____D C:\Users\mvece\AppData\Local\Adobe
2017-05-05 10:49 - 2017-03-13 19:30 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-05 10:47 - 2016-06-13 18:38 - 00000000 __SHD C:\Users\mvece\IntelGraphicsProfiles
2017-05-04 22:05 - 2017-04-02 10:40 - 00000000 ____D C:\Program Files\MK
2017-05-04 10:11 - 2017-03-13 19:30 - 00000000 ____D C:\Users\mvece\AppData\LocalLow\Mozilla
2017-05-04 09:10 - 2016-11-10 17:34 - 00000000 ____D C:\Users\mvece\AppData\Local\Microsoft Help
2017-05-03 10:25 - 2016-06-13 18:38 - 00000000 ____D C:\Users\mvece\AppData\Local\VirtualStore
2017-05-02 20:15 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-02 08:56 - 2016-06-13 18:38 - 00000000 ____D C:\Users\mvece\AppData\Local\Packages
2017-04-29 22:20 - 2016-08-09 12:03 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 22:20 - 2016-08-09 12:03 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 19:52 - 2016-09-29 19:00 - 00000000 ____D C:\Users\mvece\Documents\Škola
2017-04-28 19:50 - 2017-01-20 21:12 - 00000000 ____D C:\Users\mvece\Documents\Stronghold Crusader 2
2017-04-27 20:34 - 2016-06-14 18:19 - 00000000 ____D C:\Users\mvece\AppData\Local\CrashDumps
2017-04-26 21:33 - 2016-08-09 11:52 - 00000000 ____D C:\Users\mvece
2017-04-26 18:27 - 2016-06-13 19:16 - 00000000 ____D C:\Users\mvece\AppData\Roaming\.minecraft
2017-04-23 18:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-22 19:28 - 2016-08-09 12:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-22 19:28 - 2016-08-09 11:49 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-22 12:46 - 2017-03-13 22:04 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-22 11:49 - 2016-07-16 08:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-04-22 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-18 16:13 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-18 16:10 - 2016-11-10 17:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-04-18 16:05 - 2016-12-17 12:34 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-18 16:05 - 2016-06-13 18:41 - 00002391 _____ C:\Users\mvece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-18 16:05 - 2016-06-13 18:41 - 00000000 ___RD C:\Users\mvece\OneDrive
2017-04-16 14:37 - 2016-06-13 19:16 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-04-14 19:12 - 2017-03-16 21:14 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-14 19:12 - 2016-06-14 18:51 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-12 19:44 - 2017-03-14 10:41 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-04-12 19:43 - 2017-03-11 15:35 - 00000000 ____D C:\Users\mvece\AppData\Roaming\WinSnare
2017-04-07 17:58 - 2017-03-11 10:48 - 00000815 _____ C:\Users\mvece\Desktop\WiperSoft.lnk
2017-04-07 17:36 - 2017-03-11 10:48 - 00000000 ____D C:\Program Files\WiperSoft
2017-04-05 17:35 - 2017-03-13 19:28 - 00000000 ____D C:\Program Files (x86)\deskapp
2017-04-05 15:02 - 2017-02-03 18:10 - 00000000 ____D C:\ProgramData\boost_interprocess
==================== Files in the root of some directories =======
2016-11-12 18:09 - 2016-11-12 18:09 - 0003584 _____ () C:\Users\mvece\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-11 13:25 - 2017-03-11 13:25 - 0047410 _____ () C:\ProgramData\agent.1489231515.bdinstall.bin
2017-03-11 16:04 - 2017-03-11 16:04 - 0028755 _____ () C:\ProgramData\agent.1489240941.bdinstall.bin
2017-03-13 22:43 - 2017-03-13 22:43 - 0029157 _____ () C:\ProgramData\agent.1489437816.bdinstall.bin
2017-04-14 17:31 - 2017-04-14 17:31 - 0046965 _____ () C:\ProgramData\agent.1492183867.bdinstall.bin
2017-04-14 18:49 - 2017-04-14 18:49 - 0029976 _____ () C:\ProgramData\agent.update.1492188567.bdinstall.bin
2016-08-09 11:48 - 2016-08-09 11:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\mvece\AppData\Local\background_fault\aswRD.exe
Some files in TEMP:
====================
2017-04-05 15:01 - 2016-02-23 08:30 - 0021952 _____ (Autodesk, Inc.) C:\Users\mvece\AppData\Local\Temp\AcDeltree.exe
2017-05-04 22:45 - 2017-05-04 22:48 - 2398688 _____ (Flexera Software LLC) C:\Users\mvece\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-04-16 10:34 - 2017-04-16 10:35 - 59080608 _____ (SweetLabs,Inc.) C:\Users\mvece\AppData\Local\Temp\oct18D3.tmp.exe
2017-03-13 22:01 - 2017-03-13 22:02 - 38421056 _____ (SweetLabs,Inc.) C:\Users\mvece\AppData\Local\Temp\octA013.tmp.exe
2017-04-16 10:38 - 2017-04-16 10:39 - 58523032 _____ (SweetLabs,Inc.) C:\Users\mvece\AppData\Local\Temp\octD175.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job => <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job => <==== ATTENTION
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\mvece\Desktop" je 1990 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Udělala jsem to podle návodu, ale po restartu se znovu objevil problém, který nedávno sám od sebe zmizel (možná zabral antivirus?!) - hned po spuštění vyskočí několik oken Internetu Exploreru s adresou [res://aaResources.dll/104], ale prohlížeč hlásí "Tato stránka se nedá zobrazit.".
Zde je ten log:
# AdwCleaner v6.046 - Log vytvořen 05/05/2017 v 23:02:45
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-05-05.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : mvece - LAPTOP-9AP0CRJG
# Spuštěno z : C:\Users\mvece\Desktop\adwcleaner_6.046.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: iSafeKrnl
[-] Služba smazána: iSafeKrnlBoot
[-] Služba smazána: iSafeKrnlKit
[-] Služba smazána: iSafeKrnlMon
[-] Služba smazána: iSafeKrnlR3
[-] Služba smazána: iSafeService
[-] Služba smazána: FirefoxU
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ed2kidle
[-] Služba smazána: Kyubey
[-] Služba smazána: clean
[-] Služba smazána: SNARER
[-] Služba smazána: AMD
[-] Služba smazána: SNARE
[-] Služba smazána: Kitty
[-] Služba smazána: SNAREA
***** [ Složky ] *****
[-] Složka smazána: C:\Users\mvece\AppData\Local\Host App Service
[-] Složka smazána: C:\Users\mvece\AppData\Local\Cansuck
[-] Složka smazána: C:\Users\mvece\AppData\Local\SNARER
[-] Složka smazána: C:\Users\mvece\AppData\Local\SNAREA
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\Elex-tech
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\Event Monitor
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\WinSAPSvc
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\WiperSoft
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\Kyubey
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\UCChannel
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\isMiner
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\SNARER
[-] Složka smazána: C:\Program Files\DriverSetupUtility
[-] Složka smazána: C:\Program Files\WiperSoft
[-] Složka smazána: C:\ProgramData\DriverSetupUtility
[-] Složka smazána: C:\ProgramData\RegisterObject
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
[-] Složka smazána: C:\Program Files (x86)\Elex-tech
[-] Složka smazána: C:\Program Files (x86)\BikaQRss
[-] Složka smazána: C:\Program Files (x86)\deskapp
[-] Složka smazána: C:\Program Files (x86)\Cansuck
[-] Složka smazána: C:\Users\mvece\AppData\Local\Temp\337
[-] Složka smazána: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[#] Složka smazána po restartu: C:\Users\mvece\AppData\Local\Host App Service
[-] Složka smazána: C:\Program Files (x86)\Firefox
[-] Složka smazána: C:\Users\Default\AppData\Local\Host App Service
[-] Složka smazána: C:\Users\Public\Pokki
[-] Složka smazána: C:\Users\mvece\AppData\Local\svchost
[#] Složka smazána po restartu: C:\Users\mvece\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\Firefox
[-] Složka smazána: C:\Users\mvece\AppData\Local\Firefox
[-] Složka smazána: C:\Users\Public\App Explorer
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\clean
[-] Složka smazána: C:\UPDATE\PSGO
[-] Složka smazána: C:\Users\mvece\AppData\Local\SNARE
[-] Složka smazána: C:\Users\mvece\AppData\Local\Kitty
[-] Složka smazána: C:\WINDOWS\Update\psgo
***** [ Soubory ] *****
[-] Soubor smazán: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] Soubor smazán: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
[-] Soubor smazán: C:\Users\Default\Desktop\App Explorer.lnk
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
[-] Soubor smazán: C:\Users\mvece\AppData\Local\AMD\amd.exe
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: RunAtStartup
[-] Úloha smazána: RunAtStartup
[-] Úloha smazána: PC Clean Plus_UPDATES
[-] Úloha smazána: PC Clean Plus_DEFAULT
[-] Úloha smazána: PC Clean Plus
[-] Úloha smazána: App Explorer
[-] Úloha smazána: Milimili
[-] Úloha smazána: BikaQ_FetchAndUpgrade_CanBeDel
[-] Úloha smazána: WiperSoft Startup
[-] Úloha smazána: pc clean plus
[-] Úloha smazána: Microsoft\Windows\Media Center\RegisterObject
[-] Úloha smazána: Windows-PG
***** [ Registry ] *****
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnl
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlboot
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlkit
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlmon
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlr3
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafeservice
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\googlechromeupservice
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\googlechromeupservice
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNAREA
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNAREA
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon.AmazonAssistant.AABroker
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon.AmazonAssistant.Messenger
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon.AmazonAssistant.AABroker
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon.AmazonAssistant.Messenger
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Klíč smazán: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKU\.DEFAULT\Software\UpgSvr
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Installer
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Host App Service
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\AutoTime
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\WinSnare
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\WiperSoft
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\isMiner
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\deskapp
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\UpgSvr
[#] Klíč smazán po restartu: HKCU\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\Host App Service
[#] Klíč smazán po restartu: HKCU\Software\AutoTime
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[#] Klíč smazán po restartu: HKCU\Software\WiperSoft
[#] Klíč smazán po restartu: HKCU\Software\isMiner
[#] Klíč smazán po restartu: HKCU\Software\deskapp
[-] Klíč smazán: HKLM\SOFTWARE\Elex-tech
[-] Klíč smazán: HKLM\SOFTWARE\Jawego
[-] Klíč smazán: HKLM\SOFTWARE\PC Clean Plus
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\msServer
[-] Klíč smazán: HKLM\SOFTWARE\ourluckysitesSoftware
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\Host App Service
[#] Klíč smazán po restartu: [x64] HKCU\Software\AutoTime
[#] Klíč smazán po restartu: [x64] HKCU\Software\WinSnare
[#] Klíč smazán po restartu: [x64] HKCU\Software\WiperSoft
[#] Klíč smazán po restartu: [x64] HKCU\Software\isMiner
[#] Klíč smazán po restartu: [x64] HKCU\Software\deskapp
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Data obnovena: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Data obnovena: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Klíč smazán: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [18048 Bajty] - [05/05/2017 23:02:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [19582 Bajty] - [05/05/2017 22:54:04]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [18196 Bajty] ##########
Zde je ten log:
# AdwCleaner v6.046 - Log vytvořen 05/05/2017 v 23:02:45
# Aktualizováno dne 24/04/2017 z Malwarebytes
# Databáze : 2017-05-05.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : mvece - LAPTOP-9AP0CRJG
# Spuštěno z : C:\Users\mvece\Desktop\adwcleaner_6.046.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
[-] Služba smazána: iSafeKrnl
[-] Služba smazána: iSafeKrnlBoot
[-] Služba smazána: iSafeKrnlKit
[-] Služba smazána: iSafeKrnlMon
[-] Služba smazána: iSafeKrnlR3
[-] Služba smazána: iSafeService
[-] Služba smazána: FirefoxU
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ed2kidle
[-] Služba smazána: Kyubey
[-] Služba smazána: clean
[-] Služba smazána: SNARER
[-] Služba smazána: AMD
[-] Služba smazána: SNARE
[-] Služba smazána: Kitty
[-] Služba smazána: SNAREA
***** [ Složky ] *****
[-] Složka smazána: C:\Users\mvece\AppData\Local\Host App Service
[-] Složka smazána: C:\Users\mvece\AppData\Local\Cansuck
[-] Složka smazána: C:\Users\mvece\AppData\Local\SNARER
[-] Složka smazána: C:\Users\mvece\AppData\Local\SNAREA
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\Elex-tech
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\Event Monitor
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\WinSAPSvc
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\WiperSoft
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\Kyubey
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\UCChannel
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\isMiner
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\SNARER
[-] Složka smazána: C:\Program Files\DriverSetupUtility
[-] Složka smazána: C:\Program Files\WiperSoft
[-] Složka smazána: C:\ProgramData\DriverSetupUtility
[-] Složka smazána: C:\ProgramData\RegisterObject
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
[-] Složka smazána: C:\Program Files (x86)\Elex-tech
[-] Složka smazána: C:\Program Files (x86)\BikaQRss
[-] Složka smazána: C:\Program Files (x86)\deskapp
[-] Složka smazána: C:\Program Files (x86)\Cansuck
[-] Složka smazána: C:\Users\mvece\AppData\Local\Temp\337
[-] Složka smazána: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[#] Složka smazána po restartu: C:\Users\mvece\AppData\Local\Host App Service
[-] Složka smazána: C:\Program Files (x86)\Firefox
[-] Složka smazána: C:\Users\Default\AppData\Local\Host App Service
[-] Složka smazána: C:\Users\Public\Pokki
[-] Složka smazána: C:\Users\mvece\AppData\Local\svchost
[#] Složka smazána po restartu: C:\Users\mvece\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\Firefox
[-] Složka smazána: C:\Users\mvece\AppData\Local\Firefox
[-] Složka smazána: C:\Users\Public\App Explorer
[-] Složka smazána: C:\Users\mvece\AppData\Roaming\clean
[-] Složka smazána: C:\UPDATE\PSGO
[-] Složka smazána: C:\Users\mvece\AppData\Local\SNARE
[-] Složka smazána: C:\Users\mvece\AppData\Local\Kitty
[-] Složka smazána: C:\WINDOWS\Update\psgo
***** [ Soubory ] *****
[-] Soubor smazán: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] Soubor smazán: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
[-] Soubor smazán: C:\Users\Default\Desktop\App Explorer.lnk
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
[-] Soubor smazán: C:\Users\mvece\AppData\Local\AMD\amd.exe
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: RunAtStartup
[-] Úloha smazána: RunAtStartup
[-] Úloha smazána: PC Clean Plus_UPDATES
[-] Úloha smazána: PC Clean Plus_DEFAULT
[-] Úloha smazána: PC Clean Plus
[-] Úloha smazána: App Explorer
[-] Úloha smazána: Milimili
[-] Úloha smazána: BikaQ_FetchAndUpgrade_CanBeDel
[-] Úloha smazána: WiperSoft Startup
[-] Úloha smazána: pc clean plus
[-] Úloha smazána: Microsoft\Windows\Media Center\RegisterObject
[-] Úloha smazána: Windows-PG
***** [ Registry ] *****
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnl
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlboot
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlkit
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlmon
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafekrnlr3
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\isafeservice
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\googlechromeupservice
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\googlechromeupservice
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARER
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNAREA
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNAREA
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon.AmazonAssistant.AABroker
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon.AmazonAssistant.Messenger
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon.AmazonAssistant.AABroker
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon.AmazonAssistant.Messenger
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Klíč smazán: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Klíč smazán: HKU\.DEFAULT\Software\UpgSvr
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Installer
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Host App Service
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\AutoTime
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\WinSnare
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\WiperSoft
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\isMiner
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\deskapp
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[#] Klíč smazán po restartu: HKU\S-1-5-18\Software\UpgSvr
[#] Klíč smazán po restartu: HKCU\Software\Installer
[#] Klíč smazán po restartu: HKCU\Software\Host App Service
[#] Klíč smazán po restartu: HKCU\Software\AutoTime
[#] Klíč smazán po restartu: HKCU\Software\WinSnare
[#] Klíč smazán po restartu: HKCU\Software\WiperSoft
[#] Klíč smazán po restartu: HKCU\Software\isMiner
[#] Klíč smazán po restartu: HKCU\Software\deskapp
[-] Klíč smazán: HKLM\SOFTWARE\Elex-tech
[-] Klíč smazán: HKLM\SOFTWARE\Jawego
[-] Klíč smazán: HKLM\SOFTWARE\PC Clean Plus
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\msServer
[-] Klíč smazán: HKLM\SOFTWARE\ourluckysitesSoftware
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Installer
[#] Klíč smazán po restartu: [x64] HKCU\Software\Host App Service
[#] Klíč smazán po restartu: [x64] HKCU\Software\AutoTime
[#] Klíč smazán po restartu: [x64] HKCU\Software\WinSnare
[#] Klíč smazán po restartu: [x64] HKCU\Software\WiperSoft
[#] Klíč smazán po restartu: [x64] HKCU\Software\isMiner
[#] Klíč smazán po restartu: [x64] HKCU\Software\deskapp
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307
[-] Data obnovena: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Klíč smazán: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
[-] Data obnovena: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Data obnovena: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\analytics.app.amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Klíč smazán: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [18048 Bajty] - [05/05/2017 23:02:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [19582 Bajty] - [05/05/2017 22:54:04]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [18196 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by mvece (administrator) on LAPTOP-9AP0CRJG (06-05-2017 20:48:20)
Running from C:\Users\mvece\Desktop
Loaded Profiles: mvece (Available Profiles: mvece)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msoia.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Akamai Technologies, Inc.) C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Users\mvece\AppData\Local\background_fault\aswRD.exe
(Akamai Technologies, Inc.) C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\SDK\CM_LibraryIO.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(forum.viry.cz) C:\Users\mvece\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [BloodyTonemaker] => C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe [8473088 2016-03-02] ()
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [Akamai NetSession Interface] => C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [background_fault] => C:\Users\mvece\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== ATTENTION
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {0681c056-3eb7-11e6-9bda-54ab3a5b02bd} - "E:\autorun.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {6d009eb4-4da9-11e6-9bdf-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {ed3d016b-0198-11e7-9c15-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{882d1620-1b3f-4343-9635-a1d107255070}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{d0354b49-1f4d-4b6d-b460-fab0df96bfd9}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> {5CBAD2B1-0E2A-4062-A23B-5323D343F686} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-05] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-05] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... 46TAE46TAE
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE
CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE"
CHR Profile: C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default [2017-05-05]
CHR Extension: (Prezentace Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-13]
CHR Extension: (BetterTTV) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-05-05]
CHR Extension: (Dokumenty Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
CHR Extension: (Disk Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (Zhasnout světla) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-05-05]
CHR Extension: (YouTube) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
CHR Extension: (Adblock Plus) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-15]
CHR Extension: (Avast SafePrice) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-15]
CHR Extension: (Tabulky Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13]
CHR Extension: (Vysor) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-02-11]
CHR Extension: (AdBlock) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Avast Online Security) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-15]
CHR Extension: (Morpheon Dark) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-01-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
CHR Extension: (Chrome Media Router) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [102064 2017-02-28] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-05] (windows) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe [310256 2017-02-07] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe [488944 2017-02-07] (Intel Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-17] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe [350704 2017-02-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-05] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-05] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
R2 WANARE; C:\Users\mvece\AppData\Local\WANARE\Snare.dll [826368 2017-05-05] (InterSect Alliance Pty Ltd) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115856 2016-07-13] (Wondershare)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-05-05] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
R3 CMUAC; C:\WINDOWS\system32\DRIVERS\Headset6400x1.SYS [387072 2013-10-03] (A4Tech Inc.)
R1 cryptfd; C:\WINDOWS\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igdkmd64.sys [11041776 2017-02-07] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-05] (Acer Incorporated)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [File not signed]
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-05] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-05] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-07-29] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
U2 WinSnare; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-06 20:48 - 2017-05-06 20:48 - 00030784 _____ C:\Users\mvece\Desktop\FRST.txt
2017-05-06 20:48 - 2017-05-06 20:48 - 00000000 ____D C:\Users\mvece\Desktop\FRST-OlderVersion
2017-05-06 20:46 - 2017-05-06 20:46 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-05-06 13:01 - 2017-05-06 13:01 - 00000044 _____ C:\Users\mvece\Desktop\TS.txt
2017-05-06 12:57 - 2017-05-06 13:00 - 00000000 ____D C:\Users\mvece\AppData\Roaming\TS3Client
2017-05-06 12:57 - 2017-05-06 12:57 - 00000000 ____D C:\Users\mvece\.TeamSpeak 3
2017-05-06 12:57 - 2017-05-06 12:57 - 00000000 ____D C:\Users\mvece\.QtWebEngineProcess
2017-05-06 12:56 - 2017-05-06 12:56 - 00001284 _____ C:\Users\mvece\Desktop\TeamSpeak 3 Client.lnk
2017-05-06 12:56 - 2017-05-06 12:56 - 00001242 _____ C:\Users\mvece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-05-06 12:56 - 2017-05-06 12:56 - 00000000 ____D C:\Users\mvece\AppData\Local\TeamSpeak 3 Client
2017-05-06 12:53 - 2017-05-06 12:55 - 77604984 _____ (TeamSpeak Systems GmbH) C:\Users\mvece\Desktop\TeamSpeak3-Client-win64-3.1.4.exe
2017-05-05 23:30 - 2017-05-05 23:30 - 00018491 _____ C:\Users\mvece\Desktop\AdwCleaner[C0].txt
2017-05-05 23:07 - 2017-05-05 23:07 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-05 22:47 - 2017-05-05 23:02 - 00000000 ____D C:\AdwCleaner
2017-05-05 22:47 - 2017-05-05 22:47 - 04102600 _____ C:\Users\mvece\Desktop\adwcleaner_6.046.exe
2017-05-05 20:35 - 2017-05-06 20:48 - 02429440 _____ (Farbar) C:\Users\mvece\Desktop\FRST64.exe
2017-05-05 20:35 - 2017-05-05 20:37 - 00000000 ____D C:\FRST
2017-05-05 14:34 - 2017-05-05 14:34 - 00000000 ____D C:\Program Files (x86)\{9F11ACC5-3A36-4AED-AEFF-3E4DBBC7D3AA}
2017-05-05 14:20 - 2017-05-05 14:20 - 100371107 _____ C:\Users\mvece\Desktop\VID_20160709_114705.mp4
2017-05-05 12:15 - 2017-05-05 12:33 - 1968676084 _____ C:\Users\mvece\Desktop\Allegiant.2016.1080p.BluRay.AAC-RARBG.mp4.mp4
2017-05-05 12:13 - 2017-05-05 12:13 - 00068815 _____ C:\Users\mvece\Desktop\Allegiant(0000274557).srt
2017-05-05 11:53 - 2017-05-05 14:34 - 00000000 ____D C:\Users\mvece\AppData\Local\WANARE
2017-05-05 11:53 - 2017-05-05 11:53 - 00000000 ____D C:\ProgramData\BIT
2017-05-04 23:02 - 2017-05-04 23:02 - 00003264 _____ C:\WINDOWS\System32\Tasks\{B63C7928-8EC8-43B7-8682-74EC6F4549C7}
2017-05-04 22:13 - 2017-05-04 22:13 - 06751872 _____ (ESET spol. s r.o.) C:\Users\mvece\Desktop\esetonlinescanner_csy.exe
2017-05-04 22:13 - 2017-05-04 22:13 - 00000000 ____D C:\Users\mvece\AppData\Local\ESET
2017-05-04 10:10 - 2017-05-05 10:47 - 00000000 ____D C:\Users\mvece\AppData\Local\background_fault
2017-05-03 13:36 - 2017-05-05 10:49 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-03 10:29 - 2017-05-05 23:04 - 00000000 ____D C:\Program Files (x86)\{45D796CE-C2C5-45D5-A411-468FE7316A06}
2017-05-02 19:23 - 2017-05-02 19:23 - 00000752 _____ C:\Users\mvece\Downloads\Plocha – zástupce (2).lnk
2017-05-01 11:35 - 2017-05-01 11:35 - 00000000 ____D C:\ProgramData\HP
2017-05-01 11:34 - 2017-05-01 11:34 - 00000000 ____D C:\Users\mvece\AppData\Roaming\HPPSDr
2017-05-01 11:34 - 2017-05-01 11:34 - 00000000 ____D C:\Program Files (x86)\HP
2017-04-28 19:54 - 2017-04-28 19:54 - 00000843 _____ C:\Users\mvece\Desktop\Filmy – zástupce.lnk
2017-04-28 19:53 - 2017-04-28 19:53 - 00000738 _____ C:\Users\mvece\Documents\Hudba – zástupce.lnk
2017-04-28 19:51 - 2017-04-28 19:51 - 00000000 ____D C:\Users\mvece\Documents\Náramky
2017-04-28 19:48 - 2017-05-05 23:04 - 00000000 ____D C:\Program Files (x86)\{D4643B4E-5211-47F6-9067-44D655B96362}
2017-04-28 19:48 - 2017-05-05 23:04 - 00000000 ____D C:\Alitkojck
2017-04-28 19:47 - 2017-04-28 19:50 - 00000000 ____D C:\Users\mvece\Documents\Yoyo
2017-04-28 19:45 - 2017-04-28 19:46 - 00000000 ____D C:\Users\mvece\Documents\Zápisy - mix
2017-04-26 15:47 - 2017-05-02 14:28 - 00000003 _____ C:\WINDOWS\SysWOW64\f_z
2017-04-26 15:20 - 2017-05-05 23:04 - 00000000 ____D C:\Program Files (x86)\{1463B1FE-2E1E-4B57-A2CD-290C28B2A1C3}
2017-04-26 15:20 - 2017-05-05 14:34 - 00000000 ____D C:\Insist
2017-04-26 15:20 - 2017-04-26 15:20 - 00000000 ____D C:\WINDOWS\psgo
2017-04-21 12:02 - 2017-05-05 10:51 - 00000000 ____D C:\Program Files (x86)\AlphaGo
2017-04-20 10:45 - 2017-04-20 10:45 - 00000000 ____D C:\Program Files (x86)\{23CB7CB0-5D92-48D8-997E-6C19F34492A5}
2017-04-19 14:44 - 2017-05-05 23:04 - 00000000 ____D C:\Users\mvece\AppData\Local\3DM
2017-04-18 16:09 - 2017-05-05 23:02 - 00000000 ____D C:\WINDOWS\Update
2017-04-18 16:09 - 2017-04-22 12:36 - 00000000 ____D C:\Program Files (x86)\{CE4F718F-B2FA-4D99-B47F-54F7A0139FCB}
2017-04-17 15:39 - 2017-04-26 18:27 - 00001271 _____ C:\Users\mvece\Desktop\nativelog.txt
2017-04-14 18:49 - 2017-04-14 18:49 - 00029976 _____ C:\ProgramData\agent.update.1492188567.bdinstall.bin
2017-04-14 17:34 - 2017-04-14 17:35 - 01380712 _____ C:\Users\mvece\Downloads\facerig.exe
2017-04-14 17:33 - 2017-04-14 17:33 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-04-14 17:31 - 2017-05-06 20:46 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-04-14 17:31 - 2017-04-14 17:31 - 00046965 _____ C:\ProgramData\agent.1492183867.bdinstall.bin
2017-04-14 09:15 - 2017-04-14 09:15 - 00000000 ____D C:\Program Files (x86)\Terela
2017-04-13 14:34 - 2017-04-22 12:36 - 00000000 ____D C:\Program Files (x86)\{CAB9AC0F-80E9-4A92-BE41-921BF7B12597}
2017-04-11 14:34 - 2017-04-11 14:34 - 00000000 ____D C:\Program Files (x86)\{AD7FC7E6-2854-40D0-80FD-272815073C63}
2017-04-11 10:13 - 2017-04-11 10:13 - 00000000 ____D C:\Program Files (x86)\{E1687BCE-5097-4EAB-948C-0424E6F6907C}
2017-04-10 16:17 - 2017-04-10 16:17 - 00001120 _____ C:\Users\mvece\Desktop\Herbář – zástupce.lnk
2017-04-07 17:16 - 2017-05-05 23:02 - 00000000 ____D C:\Users\mvece\AppData\Local\AMD
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-06 20:46 - 2017-01-12 22:42 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-06 20:46 - 2016-06-13 18:38 - 00000000 __SHD C:\Users\mvece\IntelGraphicsProfiles
2017-05-06 14:04 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-06 13:36 - 2016-08-09 11:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-06 12:57 - 2016-08-09 11:52 - 00000000 ____D C:\Users\mvece
2017-05-06 06:11 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-06 05:50 - 2017-02-03 17:49 - 00000000 ____D C:\Users\mvece\AppData\Local\Adobe
2017-05-06 05:41 - 2016-08-09 12:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-06 05:41 - 2016-08-09 11:49 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-05 23:14 - 2017-03-13 22:04 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-05-05 23:14 - 2017-03-13 22:04 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-05-05 23:03 - 2016-07-16 08:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-05 23:02 - 2017-03-30 14:43 - 00000000 ____D C:\Update
2017-05-05 23:02 - 2017-03-13 19:31 - 00000000 ____D C:\WINDOWS\system32\log
2017-05-05 22:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-05 22:46 - 2016-06-13 19:03 - 00000000 ____D C:\Users\mvece\AppData\Roaming\vlc
2017-05-05 20:25 - 2016-06-13 18:54 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-05 17:39 - 2017-03-11 09:34 - 00000000 ____D C:\Users\mvece\AppData\Roaming\Lifoykuqucult
2017-05-05 14:22 - 2015-08-31 12:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-05 14:19 - 2017-04-05 11:42 - 00000000 ____D C:\Program Files (x86)\WINSNARE(4.4.6)
2017-05-05 11:35 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-05 10:49 - 2017-03-13 19:30 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-04 22:48 - 2017-04-05 14:43 - 00000000 ____D C:\ProgramData\Autodesk
2017-05-04 22:05 - 2017-04-02 10:40 - 00000000 ____D C:\Program Files\MK
2017-05-04 10:11 - 2017-03-13 19:30 - 00000000 ____D C:\Users\mvece\AppData\LocalLow\Mozilla
2017-05-04 09:10 - 2016-11-10 17:34 - 00000000 ____D C:\Users\mvece\AppData\Local\Microsoft Help
2017-05-03 10:25 - 2016-06-13 18:38 - 00000000 ____D C:\Users\mvece\AppData\Local\VirtualStore
2017-05-02 08:56 - 2016-06-13 18:38 - 00000000 ____D C:\Users\mvece\AppData\Local\Packages
2017-04-29 22:20 - 2016-08-09 12:03 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 22:20 - 2016-08-09 12:03 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 19:52 - 2016-09-29 19:00 - 00000000 ____D C:\Users\mvece\Documents\Škola
2017-04-28 19:50 - 2017-01-20 21:12 - 00000000 ____D C:\Users\mvece\Documents\Stronghold Crusader 2
2017-04-27 20:34 - 2016-06-14 18:19 - 00000000 ____D C:\Users\mvece\AppData\Local\CrashDumps
2017-04-26 18:27 - 2016-06-13 19:16 - 00000000 ____D C:\Users\mvece\AppData\Roaming\.minecraft
2017-04-23 18:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-22 12:46 - 2017-03-13 22:04 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-22 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-18 16:13 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-18 16:10 - 2016-11-10 17:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-04-18 16:05 - 2016-12-17 12:34 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-18 16:05 - 2016-06-13 18:41 - 00002391 _____ C:\Users\mvece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-18 16:05 - 2016-06-13 18:41 - 00000000 ___RD C:\Users\mvece\OneDrive
2017-04-16 14:37 - 2016-06-13 19:16 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-04-14 19:12 - 2017-03-16 21:14 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-14 19:12 - 2016-06-14 18:51 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-12 19:44 - 2017-03-14 10:41 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-04-07 17:58 - 2017-03-11 10:48 - 00000815 _____ C:\Users\mvece\Desktop\WiperSoft.lnk
==================== Files in the root of some directories =======
2016-11-12 18:09 - 2016-11-12 18:09 - 0003584 _____ () C:\Users\mvece\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-11 13:25 - 2017-03-11 13:25 - 0047410 _____ () C:\ProgramData\agent.1489231515.bdinstall.bin
2017-03-11 16:04 - 2017-03-11 16:04 - 0028755 _____ () C:\ProgramData\agent.1489240941.bdinstall.bin
2017-03-13 22:43 - 2017-03-13 22:43 - 0029157 _____ () C:\ProgramData\agent.1489437816.bdinstall.bin
2017-04-14 17:31 - 2017-04-14 17:31 - 0046965 _____ () C:\ProgramData\agent.1492183867.bdinstall.bin
2017-04-14 18:49 - 2017-04-14 18:49 - 0029976 _____ () C:\ProgramData\agent.update.1492188567.bdinstall.bin
2016-08-09 11:48 - 2016-08-09 11:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\mvece\AppData\Local\background_fault\aswRD.exe
Some files in TEMP:
====================
2017-04-05 15:01 - 2016-02-23 08:30 - 0021952 _____ (Autodesk, Inc.) C:\Users\mvece\AppData\Local\Temp\AcDeltree.exe
2017-05-04 22:45 - 2017-05-04 22:48 - 2398688 _____ (Flexera Software LLC) C:\Users\mvece\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-04-16 10:34 - 2017-04-16 10:35 - 59080608 _____ (SweetLabs,Inc.) C:\Users\mvece\AppData\Local\Temp\oct18D3.tmp.exe
2017-03-13 22:01 - 2017-03-13 22:02 - 38421056 _____ (SweetLabs,Inc.) C:\Users\mvece\AppData\Local\Temp\octA013.tmp.exe
2017-04-16 10:38 - 2017-04-16 10:39 - 58523032 _____ (SweetLabs,Inc.) C:\Users\mvece\AppData\Local\Temp\octD175.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\mvece\Desktop" je 2070 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by mvece (administrator) on LAPTOP-9AP0CRJG (06-05-2017 20:48:20)
Running from C:\Users\mvece\Desktop
Loaded Profiles: mvece (Available Profiles: mvece)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msoia.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.675.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Akamai Technologies, Inc.) C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Users\mvece\AppData\Local\background_fault\aswRD.exe
(Akamai Technologies, Inc.) C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\mshta.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\SDK\CM_LibraryIO.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(forum.viry.cz) C:\Users\mvece\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [BloodyTonemaker] => C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe [8473088 2016-03-02] ()
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [Akamai NetSession Interface] => C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [background_fault] => C:\Users\mvece\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== ATTENTION
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {0681c056-3eb7-11e6-9bda-54ab3a5b02bd} - "E:\autorun.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {6d009eb4-4da9-11e6-9bdf-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {ed3d016b-0198-11e7-9c15-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{882d1620-1b3f-4343-9635-a1d107255070}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{d0354b49-1f4d-4b6d-b460-fab0df96bfd9}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> {5CBAD2B1-0E2A-4062-A23B-5323D343F686} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-03-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-05] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-05] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> hxxp://www.startpageing123.com/?type=hp&ts=148 ... 46TAE46TAE
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE
CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE"
CHR Profile: C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default [2017-05-05]
CHR Extension: (Prezentace Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-13]
CHR Extension: (BetterTTV) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-05-05]
CHR Extension: (Dokumenty Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
CHR Extension: (Disk Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (Zhasnout světla) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-05-05]
CHR Extension: (YouTube) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
CHR Extension: (Adblock Plus) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-15]
CHR Extension: (Avast SafePrice) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-15]
CHR Extension: (Tabulky Google) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13]
CHR Extension: (Vysor) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-02-11]
CHR Extension: (AdBlock) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Avast Online Security) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-15]
CHR Extension: (Morpheon Dark) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-01-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
CHR Extension: (Chrome Media Router) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [102064 2017-02-28] ()
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-05] (windows) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe [310256 2017-02-07] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe [488944 2017-02-07] (Intel Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-17] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe [350704 2017-02-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-05] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-05] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
R2 WANARE; C:\Users\mvece\AppData\Local\WANARE\Snare.dll [826368 2017-05-05] (InterSect Alliance Pty Ltd) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115856 2016-07-13] (Wondershare)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-05-05] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
R3 CMUAC; C:\WINDOWS\system32\DRIVERS\Headset6400x1.SYS [387072 2013-10-03] (A4Tech Inc.)
R1 cryptfd; C:\WINDOWS\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igdkmd64.sys [11041776 2017-02-07] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-05] (Acer Incorporated)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [File not signed]
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-05] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-05] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-07-29] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
U2 WinSnare; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-06 20:48 - 2017-05-06 20:48 - 00030784 _____ C:\Users\mvece\Desktop\FRST.txt
2017-05-06 20:48 - 2017-05-06 20:48 - 00000000 ____D C:\Users\mvece\Desktop\FRST-OlderVersion
2017-05-06 20:46 - 2017-05-06 20:46 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-05-06 13:01 - 2017-05-06 13:01 - 00000044 _____ C:\Users\mvece\Desktop\TS.txt
2017-05-06 12:57 - 2017-05-06 13:00 - 00000000 ____D C:\Users\mvece\AppData\Roaming\TS3Client
2017-05-06 12:57 - 2017-05-06 12:57 - 00000000 ____D C:\Users\mvece\.TeamSpeak 3
2017-05-06 12:57 - 2017-05-06 12:57 - 00000000 ____D C:\Users\mvece\.QtWebEngineProcess
2017-05-06 12:56 - 2017-05-06 12:56 - 00001284 _____ C:\Users\mvece\Desktop\TeamSpeak 3 Client.lnk
2017-05-06 12:56 - 2017-05-06 12:56 - 00001242 _____ C:\Users\mvece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-05-06 12:56 - 2017-05-06 12:56 - 00000000 ____D C:\Users\mvece\AppData\Local\TeamSpeak 3 Client
2017-05-06 12:53 - 2017-05-06 12:55 - 77604984 _____ (TeamSpeak Systems GmbH) C:\Users\mvece\Desktop\TeamSpeak3-Client-win64-3.1.4.exe
2017-05-05 23:30 - 2017-05-05 23:30 - 00018491 _____ C:\Users\mvece\Desktop\AdwCleaner[C0].txt
2017-05-05 23:07 - 2017-05-05 23:07 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-05 22:47 - 2017-05-05 23:02 - 00000000 ____D C:\AdwCleaner
2017-05-05 22:47 - 2017-05-05 22:47 - 04102600 _____ C:\Users\mvece\Desktop\adwcleaner_6.046.exe
2017-05-05 20:35 - 2017-05-06 20:48 - 02429440 _____ (Farbar) C:\Users\mvece\Desktop\FRST64.exe
2017-05-05 20:35 - 2017-05-05 20:37 - 00000000 ____D C:\FRST
2017-05-05 14:34 - 2017-05-05 14:34 - 00000000 ____D C:\Program Files (x86)\{9F11ACC5-3A36-4AED-AEFF-3E4DBBC7D3AA}
2017-05-05 14:20 - 2017-05-05 14:20 - 100371107 _____ C:\Users\mvece\Desktop\VID_20160709_114705.mp4
2017-05-05 12:15 - 2017-05-05 12:33 - 1968676084 _____ C:\Users\mvece\Desktop\Allegiant.2016.1080p.BluRay.AAC-RARBG.mp4.mp4
2017-05-05 12:13 - 2017-05-05 12:13 - 00068815 _____ C:\Users\mvece\Desktop\Allegiant(0000274557).srt
2017-05-05 11:53 - 2017-05-05 14:34 - 00000000 ____D C:\Users\mvece\AppData\Local\WANARE
2017-05-05 11:53 - 2017-05-05 11:53 - 00000000 ____D C:\ProgramData\BIT
2017-05-04 23:02 - 2017-05-04 23:02 - 00003264 _____ C:\WINDOWS\System32\Tasks\{B63C7928-8EC8-43B7-8682-74EC6F4549C7}
2017-05-04 22:13 - 2017-05-04 22:13 - 06751872 _____ (ESET spol. s r.o.) C:\Users\mvece\Desktop\esetonlinescanner_csy.exe
2017-05-04 22:13 - 2017-05-04 22:13 - 00000000 ____D C:\Users\mvece\AppData\Local\ESET
2017-05-04 10:10 - 2017-05-05 10:47 - 00000000 ____D C:\Users\mvece\AppData\Local\background_fault
2017-05-03 13:36 - 2017-05-05 10:49 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-03 10:29 - 2017-05-05 23:04 - 00000000 ____D C:\Program Files (x86)\{45D796CE-C2C5-45D5-A411-468FE7316A06}
2017-05-02 19:23 - 2017-05-02 19:23 - 00000752 _____ C:\Users\mvece\Downloads\Plocha – zástupce (2).lnk
2017-05-01 11:35 - 2017-05-01 11:35 - 00000000 ____D C:\ProgramData\HP
2017-05-01 11:34 - 2017-05-01 11:34 - 00000000 ____D C:\Users\mvece\AppData\Roaming\HPPSDr
2017-05-01 11:34 - 2017-05-01 11:34 - 00000000 ____D C:\Program Files (x86)\HP
2017-04-28 19:54 - 2017-04-28 19:54 - 00000843 _____ C:\Users\mvece\Desktop\Filmy – zástupce.lnk
2017-04-28 19:53 - 2017-04-28 19:53 - 00000738 _____ C:\Users\mvece\Documents\Hudba – zástupce.lnk
2017-04-28 19:51 - 2017-04-28 19:51 - 00000000 ____D C:\Users\mvece\Documents\Náramky
2017-04-28 19:48 - 2017-05-05 23:04 - 00000000 ____D C:\Program Files (x86)\{D4643B4E-5211-47F6-9067-44D655B96362}
2017-04-28 19:48 - 2017-05-05 23:04 - 00000000 ____D C:\Alitkojck
2017-04-28 19:47 - 2017-04-28 19:50 - 00000000 ____D C:\Users\mvece\Documents\Yoyo
2017-04-28 19:45 - 2017-04-28 19:46 - 00000000 ____D C:\Users\mvece\Documents\Zápisy - mix
2017-04-26 15:47 - 2017-05-02 14:28 - 00000003 _____ C:\WINDOWS\SysWOW64\f_z
2017-04-26 15:20 - 2017-05-05 23:04 - 00000000 ____D C:\Program Files (x86)\{1463B1FE-2E1E-4B57-A2CD-290C28B2A1C3}
2017-04-26 15:20 - 2017-05-05 14:34 - 00000000 ____D C:\Insist
2017-04-26 15:20 - 2017-04-26 15:20 - 00000000 ____D C:\WINDOWS\psgo
2017-04-21 12:02 - 2017-05-05 10:51 - 00000000 ____D C:\Program Files (x86)\AlphaGo
2017-04-20 10:45 - 2017-04-20 10:45 - 00000000 ____D C:\Program Files (x86)\{23CB7CB0-5D92-48D8-997E-6C19F34492A5}
2017-04-19 14:44 - 2017-05-05 23:04 - 00000000 ____D C:\Users\mvece\AppData\Local\3DM
2017-04-18 16:09 - 2017-05-05 23:02 - 00000000 ____D C:\WINDOWS\Update
2017-04-18 16:09 - 2017-04-22 12:36 - 00000000 ____D C:\Program Files (x86)\{CE4F718F-B2FA-4D99-B47F-54F7A0139FCB}
2017-04-17 15:39 - 2017-04-26 18:27 - 00001271 _____ C:\Users\mvece\Desktop\nativelog.txt
2017-04-14 18:49 - 2017-04-14 18:49 - 00029976 _____ C:\ProgramData\agent.update.1492188567.bdinstall.bin
2017-04-14 17:34 - 2017-04-14 17:35 - 01380712 _____ C:\Users\mvece\Downloads\facerig.exe
2017-04-14 17:33 - 2017-04-14 17:33 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-04-14 17:31 - 2017-05-06 20:46 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-04-14 17:31 - 2017-04-14 17:31 - 00046965 _____ C:\ProgramData\agent.1492183867.bdinstall.bin
2017-04-14 09:15 - 2017-04-14 09:15 - 00000000 ____D C:\Program Files (x86)\Terela
2017-04-13 14:34 - 2017-04-22 12:36 - 00000000 ____D C:\Program Files (x86)\{CAB9AC0F-80E9-4A92-BE41-921BF7B12597}
2017-04-11 14:34 - 2017-04-11 14:34 - 00000000 ____D C:\Program Files (x86)\{AD7FC7E6-2854-40D0-80FD-272815073C63}
2017-04-11 10:13 - 2017-04-11 10:13 - 00000000 ____D C:\Program Files (x86)\{E1687BCE-5097-4EAB-948C-0424E6F6907C}
2017-04-10 16:17 - 2017-04-10 16:17 - 00001120 _____ C:\Users\mvece\Desktop\Herbář – zástupce.lnk
2017-04-07 17:16 - 2017-05-05 23:02 - 00000000 ____D C:\Users\mvece\AppData\Local\AMD
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-06 20:46 - 2017-01-12 22:42 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-06 20:46 - 2016-06-13 18:38 - 00000000 __SHD C:\Users\mvece\IntelGraphicsProfiles
2017-05-06 14:04 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-06 13:36 - 2016-08-09 11:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-06 12:57 - 2016-08-09 11:52 - 00000000 ____D C:\Users\mvece
2017-05-06 06:11 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-06 05:50 - 2017-02-03 17:49 - 00000000 ____D C:\Users\mvece\AppData\Local\Adobe
2017-05-06 05:41 - 2016-08-09 12:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-06 05:41 - 2016-08-09 11:49 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-05 23:14 - 2017-03-13 22:04 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-05-05 23:14 - 2017-03-13 22:04 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2017-05-05 23:03 - 2016-07-16 08:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-05 23:02 - 2017-03-30 14:43 - 00000000 ____D C:\Update
2017-05-05 23:02 - 2017-03-13 19:31 - 00000000 ____D C:\WINDOWS\system32\log
2017-05-05 22:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-05 22:46 - 2016-06-13 19:03 - 00000000 ____D C:\Users\mvece\AppData\Roaming\vlc
2017-05-05 20:25 - 2016-06-13 18:54 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-05 17:39 - 2017-03-11 09:34 - 00000000 ____D C:\Users\mvece\AppData\Roaming\Lifoykuqucult
2017-05-05 14:22 - 2015-08-31 12:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-05-05 14:19 - 2017-04-05 11:42 - 00000000 ____D C:\Program Files (x86)\WINSNARE(4.4.6)
2017-05-05 11:35 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-05 10:49 - 2017-03-13 19:30 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-04 22:48 - 2017-04-05 14:43 - 00000000 ____D C:\ProgramData\Autodesk
2017-05-04 22:05 - 2017-04-02 10:40 - 00000000 ____D C:\Program Files\MK
2017-05-04 10:11 - 2017-03-13 19:30 - 00000000 ____D C:\Users\mvece\AppData\LocalLow\Mozilla
2017-05-04 09:10 - 2016-11-10 17:34 - 00000000 ____D C:\Users\mvece\AppData\Local\Microsoft Help
2017-05-03 10:25 - 2016-06-13 18:38 - 00000000 ____D C:\Users\mvece\AppData\Local\VirtualStore
2017-05-02 08:56 - 2016-06-13 18:38 - 00000000 ____D C:\Users\mvece\AppData\Local\Packages
2017-04-29 22:20 - 2016-08-09 12:03 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 22:20 - 2016-08-09 12:03 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-28 19:52 - 2016-09-29 19:00 - 00000000 ____D C:\Users\mvece\Documents\Škola
2017-04-28 19:50 - 2017-01-20 21:12 - 00000000 ____D C:\Users\mvece\Documents\Stronghold Crusader 2
2017-04-27 20:34 - 2016-06-14 18:19 - 00000000 ____D C:\Users\mvece\AppData\Local\CrashDumps
2017-04-26 18:27 - 2016-06-13 19:16 - 00000000 ____D C:\Users\mvece\AppData\Roaming\.minecraft
2017-04-23 18:31 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-22 12:46 - 2017-03-13 22:04 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-22 11:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-18 16:13 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-18 16:10 - 2016-11-10 17:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-04-18 16:05 - 2016-12-17 12:34 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-18 16:05 - 2016-06-13 18:41 - 00002391 _____ C:\Users\mvece\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-18 16:05 - 2016-06-13 18:41 - 00000000 ___RD C:\Users\mvece\OneDrive
2017-04-16 14:37 - 2016-06-13 19:16 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-04-14 19:12 - 2017-03-16 21:14 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-04-14 19:12 - 2016-06-14 18:51 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-12 19:44 - 2017-03-14 10:41 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-04-07 17:58 - 2017-03-11 10:48 - 00000815 _____ C:\Users\mvece\Desktop\WiperSoft.lnk
==================== Files in the root of some directories =======
2016-11-12 18:09 - 2016-11-12 18:09 - 0003584 _____ () C:\Users\mvece\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-11 13:25 - 2017-03-11 13:25 - 0047410 _____ () C:\ProgramData\agent.1489231515.bdinstall.bin
2017-03-11 16:04 - 2017-03-11 16:04 - 0028755 _____ () C:\ProgramData\agent.1489240941.bdinstall.bin
2017-03-13 22:43 - 2017-03-13 22:43 - 0029157 _____ () C:\ProgramData\agent.1489437816.bdinstall.bin
2017-04-14 17:31 - 2017-04-14 17:31 - 0046965 _____ () C:\ProgramData\agent.1492183867.bdinstall.bin
2017-04-14 18:49 - 2017-04-14 18:49 - 0029976 _____ () C:\ProgramData\agent.update.1492188567.bdinstall.bin
2016-08-09 11:48 - 2016-08-09 11:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\mvece\AppData\Local\background_fault\aswRD.exe
Some files in TEMP:
====================
2017-04-05 15:01 - 2016-02-23 08:30 - 0021952 _____ (Autodesk, Inc.) C:\Users\mvece\AppData\Local\Temp\AcDeltree.exe
2017-05-04 22:45 - 2017-05-04 22:48 - 2398688 _____ (Flexera Software LLC) C:\Users\mvece\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2017-04-16 10:34 - 2017-04-16 10:35 - 59080608 _____ (SweetLabs,Inc.) C:\Users\mvece\AppData\Local\Temp\oct18D3.tmp.exe
2017-03-13 22:01 - 2017-03-13 22:02 - 38421056 _____ (SweetLabs,Inc.) C:\Users\mvece\AppData\Local\Temp\octA013.tmp.exe
2017-04-16 10:38 - 2017-04-16 10:39 - 58523032 _____ (SweetLabs,Inc.) C:\Users\mvece\AppData\Local\Temp\octD175.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\mvece\Desktop" je 2070 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Otevřte poznámkový blok a zkopírujte do něj:
Z logu:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
C:\Users\mvece\AppData\Local\Akamai
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [Akamai NetSession Interface] => C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [background_fault] => C:\Users\mvece\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== ATTENTION
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {0681c056-3eb7-11e6-9bda-54ab3a5b02bd} - "E:\autorun.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {6d009eb4-4da9-11e6-9bdf-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {ed3d016b-0198-11e7-9c15-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> {5CBAD2B1-0E2A-4062-A23B-5323D343F686} URL =
Edge HomeButtonPage: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> hxxp://www.startpageing123.com/?type=hp ... 46TAE46TAE
CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&t ... 46TAE46TAE
CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE"
CHR Extension: (Vysor) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-02-11]
U1 aswbdisk; no ImagePath
U2 WinSnare; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\mvece\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\DP45977C.lfl
C:\Users\mvece\AppData\Local\background_fault\aswRD.exe
c:\Users\mvece\AppData\Local\Temp
EmptyTemp:
End
Z logu:
To je příliš mnoho a může to způsobovat zpomalení staru systému. Vytvořte C:\Users\mvece novou sloýku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.Velikost slozky "C:\Users\mvece\Desktop" je 2070 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Fix nevyřešil problém se samovolným otevíráním Internet Exploreru - hned po startu se spustilo 16 oken opět se stejnou adresou "res://aaResources.dll/104" a zprávou "tato stránka se nedá zobrazit" (zkontrolujte, jestli je webová adresa správá atd.). Stejně jako předtím, jakmile okna pozavírám, objeví se jedno znovu, to zavřu, objeví se další... Zatím to řeším tak, že IE minimalizuju, jinak mi to tam pořád naskakuje.
Fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017
Ran by mvece (07-05-2017 12:16:11) Run:1
Running from C:\Users\mvece\Desktop
Loaded Profiles: mvece (Available Profiles: mvece)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
C:\Users\mvece\AppData\Local\Akamai
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [Akamai NetSession Interface] => C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [background_fault] => C:\Users\mvece\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== ATTENTION
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {0681c056-3eb7-11e6-9bda-54ab3a5b02bd} - "E:\autorun.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {6d009eb4-4da9-11e6-9bdf-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {ed3d016b-0198-11e7-9c15-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> {5CBAD2B1-0E2A-4062-A23B-5323D343F686} URL =
Edge HomeButtonPage: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> hxxp://www.startpageing123.com/?type=hp ... 46TAE46TAE
CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&t ... 46TAE46TAE
CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE"
CHR Extension: (Vysor) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-02-11]
U1 aswbdisk; no ImagePath
U2 WinSnare; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\mvece\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\DP45977C.lfl
C:\Users\mvece\AppData\Local\background_fault\aswRD.exe
c:\Users\mvece\AppData\Local\Temp
EmptyTemp:
End
*****************
"C:\Users\mvece\AppData\Local\Akamai" folder move:
Could not move "C:\Users\mvece\AppData\Local\Akamai" => Scheduled to move on reboot.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Windows\CurrentVersion\Run\\background_fault => value removed successfully
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0681c056-3eb7-11e6-9bda-54ab3a5b02bd} => key removed successfully
HKCR\CLSID\{0681c056-3eb7-11e6-9bda-54ab3a5b02bd} => key not found.
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d009eb4-4da9-11e6-9bdf-54ab3a5b02bd} => key removed successfully
HKCR\CLSID\{6d009eb4-4da9-11e6-9bdf-54ab3a5b02bd} => key not found.
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed3d016b-0198-11e7-9c15-54ab3a5b02bd} => key removed successfully
HKCR\CLSID\{ed3d016b-0198-11e7-9c15-54ab3a5b02bd} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5CBAD2B1-0E2A-4062-A23B-5323D343F686} => key removed successfully
HKCR\CLSID\{5CBAD2B1-0E2A-4062-A23B-5323D343F686} => key not found.
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm => moved successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\WinSnare => key removed successfully
WinSnare => service removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\mvece\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
C:\Users\mvece\AppData\Local\background_fault\aswRD.exe => moved successfully
"c:\Users\mvece\AppData\Local\Temp" folder move:
Could not move "c:\Users\mvece\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 73822458 B
Java, Flash, Steam htmlcache => 25038196 B
Windows/system/drivers => 239301377 B
Edge => 22066144 B
Chrome => 413740897 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 16052224 B
systemprofile32 => 89718921 B
LocalService => 24482 B
NetworkService => 0 B
mvece => 2757099062 B
RecycleBin => 2539893155 B
EmptyTemp: => 5.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-05-2017 12:25:52)
C:\Users\mvece\AppData\Local\Akamai => Is moved successfully
C:\ProgramData\DP45977C.lfl => Is moved successfully
c:\Users\mvece\AppData\Local\Temp => moved successfully
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
==== End of Fixlog 12:25:58 ====
Fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017
Ran by mvece (07-05-2017 12:16:11) Run:1
Running from C:\Users\mvece\Desktop
Loaded Profiles: mvece (Available Profiles: mvece)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
C:\Users\mvece\AppData\Local\Akamai
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [Akamai NetSession Interface] => C:\Users\mvece\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\Run: [background_fault] => C:\Users\mvece\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== ATTENTION
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {0681c056-3eb7-11e6-9bda-54ab3a5b02bd} - "E:\autorun.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {6d009eb4-4da9-11e6-9bdf-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\...\MountPoints2: {ed3d016b-0198-11e7-9c15-54ab3a5b02bd} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> {5CBAD2B1-0E2A-4062-A23B-5323D343F686} URL =
Edge HomeButtonPage: HKU\S-1-5-21-766364282-3761836419-1956407605-1001 -> hxxp://www.startpageing123.com/?type=hp ... 46TAE46TAE
CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&t ... 46TAE46TAE
CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=14911 ... 46TAE46TAE"
CHR Extension: (Vysor) - C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-02-11]
U1 aswbdisk; no ImagePath
U2 WinSnare; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\mvece\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\DP45977C.lfl
C:\Users\mvece\AppData\Local\background_fault\aswRD.exe
c:\Users\mvece\AppData\Local\Temp
EmptyTemp:
End
*****************
"C:\Users\mvece\AppData\Local\Akamai" folder move:
Could not move "C:\Users\mvece\AppData\Local\Akamai" => Scheduled to move on reboot.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Microsoft\Windows\CurrentVersion\Run\\background_fault => value removed successfully
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0681c056-3eb7-11e6-9bda-54ab3a5b02bd} => key removed successfully
HKCR\CLSID\{0681c056-3eb7-11e6-9bda-54ab3a5b02bd} => key not found.
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d009eb4-4da9-11e6-9bdf-54ab3a5b02bd} => key removed successfully
HKCR\CLSID\{6d009eb4-4da9-11e6-9bdf-54ab3a5b02bd} => key not found.
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed3d016b-0198-11e7-9c15-54ab3a5b02bd} => key removed successfully
HKCR\CLSID\{ed3d016b-0198-11e7-9c15-54ab3a5b02bd} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5CBAD2B1-0E2A-4062-A23B-5323D343F686} => key removed successfully
HKCR\CLSID\{5CBAD2B1-0E2A-4062-A23B-5323D343F686} => key not found.
HKU\S-1-5-21-766364282-3761836419-1956407605-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm => moved successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\WinSnare => key removed successfully
WinSnare => service removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\mvece\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
C:\Users\mvece\AppData\Local\background_fault\aswRD.exe => moved successfully
"c:\Users\mvece\AppData\Local\Temp" folder move:
Could not move "c:\Users\mvece\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 73822458 B
Java, Flash, Steam htmlcache => 25038196 B
Windows/system/drivers => 239301377 B
Edge => 22066144 B
Chrome => 413740897 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 16052224 B
systemprofile32 => 89718921 B
LocalService => 24482 B
NetworkService => 0 B
mvece => 2757099062 B
RecycleBin => 2539893155 B
EmptyTemp: => 5.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-05-2017 12:25:52)
C:\Users\mvece\AppData\Local\Akamai => Is moved successfully
C:\ProgramData\DP45977C.lfl => Is moved successfully
c:\Users\mvece\AppData\Local\Temp => moved successfully
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
==== End of Fixlog 12:25:58 ====
Re: Prosím o kontrolu logu
A ještě po tom, co ty úvodní okna zavřu, na mě vyskočí tato chybová hláška (viz. příloha). Někdy se jich zobrazí hned několik.
- Přílohy
-
- ChybaSkriptu.PNG (20.9 KiB) Zobrazeno 4478 x
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
OK. Zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Problém s IE bohužel stále přetrvává. Přikládám logy.
Log - Zoek:
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by mvece on 07.05.2017 at 19:21:16,34.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\mvece\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
07.05.2017 19:25:00 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\58C6D6D3_cacayima deleted successfully
C:\PROGRA~2\58CAD12B_cacayima deleted successfully
C:\PROGRA~2\AlphaGo deleted successfully
C:\PROGRA~2\Terela deleted successfully
C:\PROGRA~2\{1463B1FE-2E1E-4B57-A2CD-290C28B2A1C3} deleted successfully
C:\PROGRA~2\{45D796CE-C2C5-45D5-A411-468FE7316A06} deleted successfully
C:\PROGRA~2\{9E3A7A0F-BEFF-47BD-AED8-7773FBB09459} deleted successfully
C:\PROGRA~2\{CAB9AC0F-80E9-4A92-BE41-921BF7B12597} deleted successfully
C:\PROGRA~2\{CE4F718F-B2FA-4D99-B47F-54F7A0139FCB} deleted successfully
C:\PROGRA~2\{D4643B4E-5211-47F6-9067-44D655B96362} deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\HiSuiteOuc deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\mvece\AppData\Local\3DM deleted successfully
C:\Users\mvece\AppData\Local\ActiveSync deleted successfully
C:\Users\mvece\AppData\Local\AMD deleted successfully
C:\Users\mvece\AppData\Local\Gafotlpuse deleted successfully
C:\Users\mvece\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SafeZoneStable\shell\open\command]
@="C:\\Program Files\\AVAST Software\\SZBrowser\\Launcher.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\58C6D6D3_cacayima not found
C:\PROGRA~2\58CAD12B_cacayima not found
C:\PROGRA~2\AlphaGo not found
C:\PROGRA~2\Terela not found
C:\PROGRA~2\{1463B1FE-2E1E-4B57-A2CD-290C28B2A1C3} not found
C:\PROGRA~2\{45D796CE-C2C5-45D5-A411-468FE7316A06} not found
C:\PROGRA~2\{9E3A7A0F-BEFF-47BD-AED8-7773FBB09459} not found
C:\PROGRA~2\{CAB9AC0F-80E9-4A92-BE41-921BF7B12597} not found
C:\PROGRA~2\{CE4F718F-B2FA-4D99-B47F-54F7A0139FCB} not found
C:\PROGRA~2\{D4643B4E-5211-47F6-9067-44D655B96362} not found
"C:\WINDOWS\Installer\2cb331d6.msi" not found
C:\windows\SysNative\Tasks\Software Update Application deleted
C:\Users\mvece\.android deleted
C:\avast_free_antivirus_setup_online.exe deleted
C:\WiperSoft-installer.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\mvece\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
"C:\WINDOWS\Installer\80dfdc2.msi" deleted
"C:\PROGRA~2\Wondershare" deleted
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]
BTTV - mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
Avast SafePrice - mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Morpheon Dark - mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad
Chrome Media Router - mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkI ... 00&pc=UE00"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkI ... 00&pc=UE00"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... 02&pc=UE04"
==== Reset Google Chrome ======================
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Web Data.tmp was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C37FA1E28C066D428E9612BF9BB3F48 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\535C7F2E5870D2C45BF610B6DF200B01 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1AF73C7-0C82-4D66-829E-16B29FBBF384} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2F7C535-0785-4C2D-B56F-016BFD02B010} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C37FA1E28C066D428E9612BF9BB3F48 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\535C7F2E5870D2C45BF610B6DF200B01 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default.migrated\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mvece\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mvece\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mvece\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\mvece\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=450 folders=89 177446823 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\mvece\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 07.05.2017 at 19:56:20,30 ======================
Log - JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by mvece (Administrator) on 07.05.2017 at 20:01:21,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.05.2017 at 20:05:59,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log - Zoek:
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by mvece on 07.05.2017 at 19:21:16,34.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\mvece\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
07.05.2017 19:25:00 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\58C6D6D3_cacayima deleted successfully
C:\PROGRA~2\58CAD12B_cacayima deleted successfully
C:\PROGRA~2\AlphaGo deleted successfully
C:\PROGRA~2\Terela deleted successfully
C:\PROGRA~2\{1463B1FE-2E1E-4B57-A2CD-290C28B2A1C3} deleted successfully
C:\PROGRA~2\{45D796CE-C2C5-45D5-A411-468FE7316A06} deleted successfully
C:\PROGRA~2\{9E3A7A0F-BEFF-47BD-AED8-7773FBB09459} deleted successfully
C:\PROGRA~2\{CAB9AC0F-80E9-4A92-BE41-921BF7B12597} deleted successfully
C:\PROGRA~2\{CE4F718F-B2FA-4D99-B47F-54F7A0139FCB} deleted successfully
C:\PROGRA~2\{D4643B4E-5211-47F6-9067-44D655B96362} deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\HiSuiteOuc deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\mvece\AppData\Local\3DM deleted successfully
C:\Users\mvece\AppData\Local\ActiveSync deleted successfully
C:\Users\mvece\AppData\Local\AMD deleted successfully
C:\Users\mvece\AppData\Local\Gafotlpuse deleted successfully
C:\Users\mvece\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SafeZoneStable\shell\open\command]
@="C:\\Program Files\\AVAST Software\\SZBrowser\\Launcher.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\58C6D6D3_cacayima not found
C:\PROGRA~2\58CAD12B_cacayima not found
C:\PROGRA~2\AlphaGo not found
C:\PROGRA~2\Terela not found
C:\PROGRA~2\{1463B1FE-2E1E-4B57-A2CD-290C28B2A1C3} not found
C:\PROGRA~2\{45D796CE-C2C5-45D5-A411-468FE7316A06} not found
C:\PROGRA~2\{9E3A7A0F-BEFF-47BD-AED8-7773FBB09459} not found
C:\PROGRA~2\{CAB9AC0F-80E9-4A92-BE41-921BF7B12597} not found
C:\PROGRA~2\{CE4F718F-B2FA-4D99-B47F-54F7A0139FCB} not found
C:\PROGRA~2\{D4643B4E-5211-47F6-9067-44D655B96362} not found
"C:\WINDOWS\Installer\2cb331d6.msi" not found
C:\windows\SysNative\Tasks\Software Update Application deleted
C:\Users\mvece\.android deleted
C:\avast_free_antivirus_setup_online.exe deleted
C:\WiperSoft-installer.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\mvece\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
"C:\WINDOWS\Installer\80dfdc2.msi" deleted
"C:\PROGRA~2\Wondershare" deleted
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]
BTTV - mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
Avast SafePrice - mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Morpheon Dark - mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad
Chrome Media Router - mvece\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkI ... 00&pc=UE00"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkI ... 00&pc=UE00"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... 02&pc=UE04"
==== Reset Google Chrome ======================
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Web Data.tmp was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C37FA1E28C066D428E9612BF9BB3F48 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\535C7F2E5870D2C45BF610B6DF200B01 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1AF73C7-0C82-4D66-829E-16B29FBBF384} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2F7C535-0785-4C2D-B56F-016BFD02B010} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7C37FA1E28C066D428E9612BF9BB3F48 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\535C7F2E5870D2C45BF610B6DF200B01 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default.migrated\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mvece\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mvece\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mvece\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\mvece\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\mvece\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=450 folders=89 177446823 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\mvece\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 07.05.2017 at 19:56:20,30 ======================
Log - JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by mvece (Administrator) on 07.05.2017 at 20:01:21,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.05.2017 at 20:05:59,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Zkuste IE přeinstalovat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Když jsem chtěla odinstalovat IE přes ovládací panely, vůbec nebyl v seznamu programů. Navíc si nejsem vědoma, že bych ho tam kdy instalovala + mám Win 10, kde je defaultně Microsoft Edge.
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Pokud tam IE máte, do desítek jste ho musela instalovat. V desítkách je defaultně opravdu jen Edge. Postup při reinstalu: https://translate.google.cz/translate?h ... rev=search .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Já to myslela tak, že jsem ho tam neinstalovala vědomě, pravděpodobně jsem si ho do notebooku natáhla při instalování jiného programu. Když jsem dala Ovládací panely->odinstalovat program tak IE nebyl v seznamu, tak jsem ho alespoň vypnula přes "zapnout nebo vypnout funkce windows". Po restartu se sice okna IE neotevřela, ale místo nich se objevila opět chybová hláška - chyba skriptu (viz. nahoře), která také nejde zavřít - resp. se ihned po zavření objeví nová.
-
Rudy
- Site Admin
- Příspěvky: 119670
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Právě proto ho zkuste reinstalovat. Viz návod. Odinstalovat normálně nejde.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?