VIRY.CZ

Logfile of HijackThis v1.99.1
Scan saved at 12:17:57, on 29.9.2017
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\AVG\Antivirus\AVGUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
D:\Programy\viry odstareneni\ProcessExplorer\procexp.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
D:\Programy\viry odstareneni\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E4DDDF-96E4-4A9C-89EB-3F342BAB2E70}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{554AA74B-A3DC-4588-A4FD-1E2443390A88}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{85870302-68BA-4C77-83AA-CF9DE3203E48}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{33E4DDDF-96E4-4A9C-89EB-3F342BAB2E70}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{33E4DDDF-96E4-4A9C-89EB-3F342BAB2E70}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\AVGSvc.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Antivirus\aswidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - D:\Programy\CATIAA\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files\HP\Shared\hpqwmiex.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files\Wondershare\WAF\2.4.3.227\WsAppService.exe

Zdravím!
HijackThis je již dávno za zenitem. Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .

Dobry den, Hijackthis jsem s uspechem pouzival v minulosti tady na viry.cz tak jsem myslel ze stale plati .-)

jinak mam poznatek jeden ktery treba pomuze :

zhodit ten proces pri zapnute siti proste nejde , ale kdyz vypnu wifi sit a zhodim ten proces Securedisk.exe tak pc se chova normalne , jakmile ale zas se pripojim do site tak automaticky hned zase Securedisk.exe 100 %CPU.

Tady je log z FRST :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2017 01
Ran by Doma (administrator) on RAY (29-09-2017 13:16:54)
Running from C:\Users\Doma\Desktop
Loaded Profiles: Doma (Available Profiles: Doma & Administrator)
Platform: Microsoft Windows 7 Professional (X86) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Dassault Systemes) D:\Programy\CATIAA\intel_a\code\bin\CATSysDemon.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(TODO: <Company name>) C:\Disk\WebService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(TODO: <Company name>) C:\Disk\WebService.exe
(PC Tools) C:\Disk\securedisk.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\UNS.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.227\WsAppService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(forum.viry.cz) C:\Users\Doma\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [354360 2009-08-07] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2012-12-29] ()
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-09-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [289248 2017-09-28] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {6fe578d4-58c4-11e2-add6-001e37bf6b2c} - F:\Launch.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {879ca9a0-e29e-11e3-86db-001e37bf6b2c} - G:\Startme.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {af5eeb80-330e-11e5-a90b-001e37bf6b2c} - G:\autorun.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {c6e9eeed-f0fd-11e2-932c-001e37bf6b2c} - G:\Startme.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {db941cc2-ef6b-11e2-9385-001e37bf6b2c} - G:\LGAutoRun.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2014-04-13]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sh4native Sh4Removalsdnclean.exe
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3222038749-3408278726-1471104988-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33E4DDDF-96E4-4A9C-89EB-3F342BAB2E70}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{33E4DDDF-96E4-4A9C-89EB-3F342BAB2E70}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{554AA74B-A3DC-4588-A4FD-1E2443390A88}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{85870302-68BA-4C77-83AA-CF9DE3203E48}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{85870302-68BA-4C77-83AA-CF9DE3203E48}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: njgj5f3a.default
FF ProfilePath: C:\Users\Doma\AppData\Roaming\Mozilla\Firefox\Profiles\njgj5f3a.default [2017-09-29]
FF user.js: detected! => C:\Users\Doma\AppData\Roaming\Mozilla\Firefox\Profiles\njgj5f3a.default\user.js [2017-06-29]
FF Extension: (Adblock Plus) - C:\Users\Doma\AppData\Roaming\Mozilla\Firefox\Profiles\njgj5f3a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (Activity Stream) - C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-09-27] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-08-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-05-07] ()
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-06-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-07-11] (Nullsoft, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\26094505.js [2017-01-21] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\26094505.cfg [2017-01-21] <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [276328 2017-09-28] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5881008 2017-09-28] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-09-14] (AVG Technologies CZ, s.r.o.)
R2 BBDemon; D:\Programy\CATIAA\intel_a\code\bin\CATSysDemon.exe [49152 2006-04-29] (Dassault Systemes) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2015-10-11] (Flexera Software LLC)
S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.)
S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34704 2017-09-27] (Google Inc)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135872 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [261128 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [151024 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [270344 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43992 2017-09-28] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35264 2017-09-28] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [117368 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [91976 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63280 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [766216 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [492552 2017-09-28] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\system32\drivers\avgStm.sys [140648 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [290264 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-07] (DT Soft Ltd)
S3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [55296 2016-07-07] (Leaf Networks)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
S2 PHYMEM; C:\Windows\system32\ami_ipower.sys [15992 2017-01-21] ()
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International)
R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [109216 2009-07-29] () [File not signed]
S3 SANDRA; D:\Programy\ALT\sandra\SiSoft_Sandra_2010_11611_portable\SiSoftware Sandra Portable\WNt500x86\Sandra.sys [23112 2009-08-08] (SiSoftware)
R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [40104 2016-10-20] (RapidSolution Software AG)
R1 wfcre; C:\Windows\System32\drivers\wfcre.sys [112000 2017-07-04] ()
S3 esgiguard; \??\C:\Program Files\SpyHunter-v4.22.8.4668-Portable-+-integrovaný-crack\SpyHunter v4.22.8.4668 Portable\SpyHunter\esgiguard.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\Users\Doma\AppData\Local\Temp\tmp25F7.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 13:16 - 2017-09-29 13:17 - 000019482 _____ C:\Users\Doma\Desktop\FRST.txt
2017-09-29 13:16 - 2017-09-29 13:16 - 000112640 _____ (forum.viry.cz) C:\Users\Doma\Desktop\FRSTLauncher.exe
2017-09-29 13:06 - 2017-09-29 13:16 - 000000000 ____D C:\FRST
2017-09-29 13:04 - 2017-09-29 13:04 - 001795584 _____ (Farbar) C:\Users\Doma\Desktop\FRST.exe
2017-09-29 12:55 - 2017-09-29 12:55 - 000000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-09-29 12:55 - 2017-09-29 12:55 - 000000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-09-29 12:55 - 2017-09-29 12:55 - 000000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-09-29 12:54 - 2017-09-29 12:54 - 000002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-09-29 12:54 - 2017-09-29 12:54 - 000002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-09-29 12:54 - 2017-09-29 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-09-29 12:54 - 2017-05-23 09:22 - 000030128 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean.exe
2017-09-29 11:17 - 2017-09-29 11:17 - 000000079 _____ C:\Windows\wininit.ini
2017-09-29 10:34 - 2017-09-29 12:25 - 000265482 _____ C:\Windows\ntbtlog.txt
2017-09-29 10:31 - 2017-09-29 10:31 - 000001283 _____ C:\Users\Doma\Desktop\procexp – zástupce.lnk
2017-09-29 09:55 - 2017-09-29 09:56 - 000000000 ____D C:\Windows\system32\config\RCCBakup
2017-09-29 09:45 - 2017-09-29 09:45 - 000001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-29 09:45 - 2017-09-29 09:45 - 000001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-29 09:45 - 2017-09-29 09:45 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-28 23:26 - 2017-09-28 20:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170928-232626.backup
2017-09-28 22:29 - 2017-09-29 12:14 - 000000000 ____D C:\Program Files\Solvusoft
2017-09-28 22:29 - 2017-09-28 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
2017-09-28 22:25 - 2017-09-29 12:12 - 000000000 ____D C:\Users\Doma\AppData\Local\IIIQF
2017-09-28 21:10 - 2017-09-29 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-09-28 21:09 - 2017-09-28 21:09 - 000000000 ____D C:\Program Files\Lavasoft
2017-09-28 20:59 - 2017-09-28 20:59 - 000000000 ____D C:\ProgramData\adaware
2017-09-28 20:52 - 2017-09-29 12:55 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-09-28 20:52 - 2017-09-29 12:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-28 20:26 - 2017-09-28 20:26 - 000290264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys
2017-09-28 20:26 - 2017-09-28 20:26 - 000140648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys
2017-09-28 20:26 - 2017-09-28 20:26 - 000000336 ____H C:\Windows\Tasks\Antivirus Emergency Update.job
2017-09-28 20:26 - 2017-09-28 20:25 - 000766216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000492552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000091976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-09-28 20:25 - 2017-09-28 20:25 - 000305936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-09-28 20:25 - 2017-09-28 20:25 - 000261128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2017-09-28 20:25 - 2017-09-28 20:25 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2017-09-28 20:21 - 2017-09-28 20:21 - 000000978 _____ C:\Users\Public\Desktop\AVG.lnk
2017-09-28 20:21 - 2017-09-28 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-09-28 20:20 - 2017-09-28 20:22 - 000000000 ____D C:\Program Files\AVG
2017-09-28 20:20 - 2017-09-28 20:20 - 000000368 ____H C:\Windows\Tasks\AVG EUpdate Task.job
2017-09-28 20:18 - 2017-09-28 20:35 - 000000000 ____D C:\Users\Doma\AppData\Local\AvgSetupLog
2017-09-28 20:18 - 2017-09-28 20:30 - 000000000 ____D C:\Users\Doma\AppData\Local\Avg
2017-09-28 19:24 - 2017-09-28 23:26 - 000454378 ____R C:\Windows\system32\Drivers\etc\hosts.20170929-100112.backup
2017-09-28 19:24 - 2017-09-28 20:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hostsss
2017-09-28 19:23 - 2017-09-28 19:23 - 000000000 _____ C:\Windows\system32\last.dump
2017-09-28 18:28 - 2017-09-28 18:28 - 000000000 ____D C:\Program Files\AVAST Software
2017-09-27 23:43 - 2017-09-27 23:43 - 000150287 _____ C:\Users\Doma\Desktop\bookmarks-2017-09-27.json
2017-09-27 22:42 - 2017-09-28 23:08 - 000000000 ____D C:\Windows\system32\vxgjcrtk
2017-09-27 20:44 - 2017-09-27 20:44 - 000000004 _____ C:\ProgramData\uyt.3gif
2017-09-27 20:41 - 2017-09-28 20:29 - 000000000 ____D C:\Disk
2017-09-27 20:41 - 2017-09-27 20:41 - 000000000 ____D C:\Windat
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\zw4uj0ibkjq
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\vjyug5qwa3d
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\pl4n114g2m5
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Program Files\Y8FLL2OGDH
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Program Files\EVDE13XHYO
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Program Files\A9E3MW8RRI
2017-09-27 20:39 - 2017-09-28 00:02 - 000000000 ____D C:\Users\Doma\AppData\Roaming\ErrorReporting
2017-09-27 20:39 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\zisddyw2mwc
2017-09-27 20:39 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\yojcx1psvv1
2017-09-27 20:39 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\eolmka4p5hn
2017-09-27 20:39 - 2017-09-27 21:42 - 000000000 ____D C:\Program Files\51YWLHTMHP
2017-09-27 20:39 - 2017-09-27 20:47 - 000001835 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-09-27 20:39 - 2017-09-27 20:39 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-09-27 20:38 - 2017-09-27 20:47 - 000001876 _____ C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2017-09-27 20:38 - 2017-09-27 20:47 - 000001876 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2017-09-27 20:38 - 2017-09-27 20:47 - 000001823 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2017-09-27 19:58 - 2017-09-27 20:12 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coolmuster
2017-09-27 19:58 - 2017-09-27 20:12 - 000000000 ____D C:\Program Files\Coolmuster
2017-09-27 19:58 - 2017-09-27 19:58 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Coolmuster
2017-09-27 19:53 - 2017-09-27 20:23 - 000000000 ____D C:\Users\Doma\AppData\Roaming\GetRightToGo
2017-09-27 19:36 - 2017-09-27 19:36 - 000000000 ____D C:\ProgramData\wsr
2017-09-27 19:18 - 2017-09-27 19:18 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wsadb_01009.Wdf
2017-09-27 19:14 - 2017-09-27 19:14 - 000034704 _____ (Google Inc) C:\Windows\system32\Drivers\wsadb.sys
2017-09-27 19:11 - 2017-09-27 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-09-27 19:11 - 2017-09-27 19:12 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Wondershare
2017-09-27 19:11 - 2015-02-27 10:35 - 000000232 _____ C:\Windows\system32\dllhost.exe.config
2017-09-27 19:10 - 2017-09-27 19:39 - 000000000 ____D C:\ProgramData\Wondershare
2017-09-27 19:10 - 2017-09-27 19:39 - 000000000 ____D C:\Program Files\Wondershare
2017-09-26 21:19 - 2017-09-26 21:19 - 000000000 ____D C:\ProgramData\Macrovision
2017-09-18 22:43 - 2017-09-18 22:44 - 000000000 ____D C:\Users\Doma\Desktop\Mosnov 2017 vyber
2017-08-31 22:05 - 2017-09-26 19:09 - 000000316 _____ C:\Windows\Tasks\HPCeeScheduleForDoma.job
2017-08-31 22:05 - 2017-08-31 22:05 - 000000000 ____D C:\Users\Doma\AppData\Local\HP_Inc
2017-08-31 16:49 - 2017-08-31 16:49 - 000000000 ____D C:\Users\Doma\AppData\Local\Sebastien.warin.fr
2017-08-31 16:30 - 2017-08-31 17:10 - 000000000 ____D C:\Program Files\Stream What You Hear
2017-08-31 14:32 - 2017-08-31 14:32 - 000002177 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2017-08-31 14:32 - 2017-08-31 14:32 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Hewlett-Packard
2017-08-31 14:32 - 2017-08-31 14:32 - 000000000 ____D C:\Users\Doma\AppData\Local\Hewlett-Packard
2017-08-31 14:32 - 2017-08-31 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-08-31 14:30 - 2017-08-31 17:18 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-08-31 14:30 - 2017-08-31 14:30 - 000000000 ____D C:\System.sav
2017-08-31 14:30 - 2017-08-31 14:30 - 000000000 ____D C:\ProgramData\HP Inc
2017-08-31 14:29 - 2017-08-31 14:29 - 000000000 ____D C:\Program Files\HP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 13:09 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-29 13:08 - 2017-02-11 15:22 - 000000286 _____ C:\native log.txt
2017-09-29 12:15 - 2009-07-14 06:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-29 12:15 - 2009-07-14 06:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-29 11:41 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-09-29 11:38 - 2017-02-11 16:47 - 000000000 ___HD C:\nssJI5bczG1fUuJo
2017-09-29 11:34 - 2017-02-12 11:15 - 000000000 ____D C:\Program Files\SpyHunter
2017-09-29 09:58 - 2017-02-05 15:00 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-29 09:46 - 2016-11-18 14:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-29 09:33 - 2015-07-02 21:33 - 000000390 _____ C:\Windows\Tasks\FrequencyCheck.job
2017-09-29 09:04 - 2017-02-12 10:41 - 000000000 ___SD C:\Users\Doma\AppData\LocalLow\Temp
2017-09-28 21:48 - 2016-03-20 12:48 - 000000000 ____D C:\ProgramData\Avg
2017-09-28 21:20 - 1980-01-04 00:02 - 000000000 ____D C:\Users\Administrator
2017-09-28 20:30 - 2016-03-20 12:59 - 000000000 ____D C:\Users\Doma\AppData\Roaming\AVG
2017-09-28 20:13 - 2017-02-11 15:20 - 000630225 _____ C:\spyhunter.fix
2017-09-28 18:34 - 2013-01-14 17:11 - 000007598 _____ C:\Users\Doma\AppData\Local\Resmon.ResmonCfg
2017-09-28 18:30 - 2013-01-06 23:12 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-28 00:33 - 2009-07-14 06:33 - 000525984 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-28 00:30 - 2013-01-06 23:26 - 000163368 _____ C:\Users\Doma\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-27 23:45 - 2013-03-10 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-09-27 23:06 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\oobe
2017-09-27 22:31 - 2013-01-06 21:24 - 000000000 ____D C:\Users\Doma
2017-09-27 21:49 - 2013-12-08 14:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\XnView
2017-09-27 21:49 - 2013-01-07 17:59 - 000000000 ____D C:\Users\Doma\AppData\Roaming\DAEMON Tools Lite
2017-09-27 20:47 - 2013-01-06 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2017-09-27 20:43 - 2016-11-20 17:47 - 000000000 ____D C:\Users\Doma\AppData\LocalLow\Mozilla
2017-09-19 18:10 - 2013-01-06 21:26 - 001584756 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-19 18:10 - 2009-07-14 10:44 - 000669164 _____ C:\Windows\system32\perfh005.dat
2017-09-19 18:10 - 2009-07-14 10:44 - 000141790 _____ C:\Windows\system32\perfc005.dat
2017-08-31 16:24 - 2013-02-06 13:57 - 000000000 ____D C:\Users\Doma\AppData\Roaming\vlc
2017-08-31 14:32 - 2013-01-06 22:44 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-08-31 14:31 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\Help
2017-08-31 14:30 - 2013-01-06 22:46 - 000000000 ____D C:\Program Files\Hewlett-Packard
2017-08-31 14:30 - 2013-01-06 22:45 - 000000000 ____D C:\Users\Doma\AppData\Roaming\hpqLog
2017-08-31 14:28 - 2010-04-20 18:20 - 000000000 ____D C:\SwSetup

==================== Files in the root of some directories =======

2014-01-30 19:23 - 2014-05-30 21:52 - 000003744 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-01-06 23:25 - 2013-01-06 23:25 - 000000000 _____ () C:\Users\Doma\AppData\Local\AtStart.txt
2013-01-06 23:25 - 2013-01-06 23:25 - 000000000 _____ () C:\Users\Doma\AppData\Local\DSwitch.txt
2013-01-06 23:29 - 2016-04-24 11:26 - 000000000 _____ () C:\Users\Doma\AppData\Local\FnF4.txt
2017-04-11 21:52 - 2017-04-11 21:52 - 049740672 _____ (Sony) C:\Users\Doma\AppData\Local\pcc.exe
2013-01-06 23:25 - 2013-01-06 23:25 - 000000000 _____ () C:\Users\Doma\AppData\Local\QSwitch.txt
2013-01-14 17:11 - 2017-09-28 18:34 - 000007598 _____ () C:\Users\Doma\AppData\Local\Resmon.ResmonCfg
2017-01-20 22:17 - 2017-05-03 21:01 - 000000552 _____ () C:\Users\Doma\AppData\Local\TroubleshooterConfig.json
2015-10-11 09:48 - 2015-10-11 09:48 - 000000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-09-27 20:44 - 2017-09-27 20:44 - 000000004 _____ () C:\ProgramData\uyt.3gif
2013-02-04 12:31 - 2013-02-04 12:31 - 000000000 _____ () C:\ProgramData\xml495E.tmp
2013-02-04 12:31 - 2013-02-04 12:31 - 000000000 _____ () C:\ProgramData\xml49DC.tmp
2013-01-07 19:45 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml769B.tmp
2013-01-07 19:45 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml7870.tmp
2013-01-07 19:45 - 2013-01-07 19:45 - 000000000 _____ () C:\ProgramData\xml790D.tmp
2013-01-07 19:45 - 2013-01-07 19:45 - 000000000 _____ () C:\ProgramData\xml799B.tmp
2017-01-21 20:23 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml8D08.tmp
2017-01-21 20:23 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml8D77.tmp
2017-01-21 20:23 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml8DB6.tmp
2013-01-13 17:59 - 2013-01-13 17:59 - 000000000 _____ () C:\ProgramData\xml8DDE.tmp
2017-01-21 20:23 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml8E05.tmp
2013-01-13 17:59 - 2013-01-13 17:59 - 000000000 _____ () C:\ProgramData\xml8F46.tmp
2013-01-13 18:17 - 2013-01-13 18:17 - 000000000 _____ () C:\ProgramData\xml9EEF.tmp
2013-01-13 18:17 - 2013-01-13 18:17 - 000000000 _____ () C:\ProgramData\xml9F6D.tmp
2013-01-10 23:23 - 2013-01-10 23:23 - 000000000 _____ () C:\ProgramData\xmlD737.tmp
2013-01-10 23:23 - 2013-01-10 23:23 - 000000000 _____ () C:\ProgramData\xmlD870.tmp
2013-01-07 22:58 - 2013-01-07 22:58 - 000000000 _____ () C:\ProgramData\xmlF0DD.tmp
2013-01-07 22:58 - 2013-01-07 22:58 - 000000000 _____ () C:\ProgramData\xmlF17A.tmp

Some files in TEMP:
====================
2017-09-28 21:07 - 2017-09-28 21:07 - 002613240 _____ () C:\Users\Doma\AppData\Local\Temp\95e10d23-74b8-4138-b9ed-a5e4ec776d4b.exe
2017-09-28 20:59 - 2017-09-28 20:59 - 002613240 _____ () C:\Users\Doma\AppData\Local\Temp\b32dd8bf-5bda-46e7-b9e2-01e1d9016cea.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\SafeBoot.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: C:\Windows\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup\avgsetupx.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\FrequencyCheck.job => c:\programdata\{c6e0f057-e1f6-618f-c6e0-0f057e1fc15f}\sp1 for ds catia v5 6r2014 win32_64.rar.exe <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleForDoma.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\SpyHunter\SpyHunter4.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Doma\AppData\Roaming\ProXoft:RVBA [22]

==================== Security Center ==================

AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Doma\Desktop" je 374 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
"C:\Program Files\Winamp\winampa.exe"

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

lance píše:Dobry den, Hijackthis jsem s uspechem pouzival v minulosti tady na viry.cz

Njn, doba pokročila.

Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

jo jinak notebok chtel jeste restart po cleanu tak jsem to udelal log nastesti zustal po restaru videt takze posilam dva logy jeden pred a druhy po restaru :

mam poznatek

notas prestal funět na 100 % kdyz jsem dal clean v tomto programu adwcleaner_7.0.3.0. Ted ale zase funí po restartu :-/

tady je pred restartem: i po restartu ten nize:

# AdwCleaner 7.0.3.0 - Logfile created on Fri Sep 29 12:07:08 2017
# Updated on 2017/28/09 by Malwarebytes
# Database: 09-27-2017.1
# Running on Windows 7 Professional (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\Doma\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\ProgramData\AVG Security Toolbar
PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\All Users\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\Doma\AppData\Roaming\NCdownloader
PUP.Optional.Legacy, C:\Program Files\Red Sky
PUP.Optional.Legacy, C:\ProgramData\Winamp Toolbar
PUP.Optional.Legacy, C:\ProgramData\Application Data\Winamp Toolbar
PUP.Optional.Legacy, C:\Program Files\Winamp Toolbar
PUP.Optional.Legacy, C:\Users\All Users\Winamp Toolbar
PUP.Optional.Legacy, C:\Users\Doma\AppData\Local\Winamp Toolbar
PUP.Optional.Legacy, C:\Users\All Users\Documents\XMUpdate
PUP.Optional.Legacy, C:\Users\Public\Documents\XMUpdate
PUP.Optional.SpyHunter, C:\Program Files\spyhunter
PUP.Optional.SpyHunter, C:\Program Files\SpyHunter
PUP.Optional.Solvusoft, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
PUP.Optional.Solvusoft, C:\Program Files\Solvusoft
PUP.Optional.WebCompanion, C:\Windows\System32\config\systemprofile\AppData\Local\LavasoftTcpService
Adware.OxyPumper, C:\Users\Doma\AppData\Roaming\ErrorReporting
PUP.Optional.ErrorReporting, C:\Users\Doma\AppData\Roaming\ErrorReporting
PUP.Adware.Heuristic, C:\ProgramData\Avg_Update_0814tb

***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\System32\lavasofttcpservice.dll
PUP.Optional.Legacy, C:\Windows\System32\LavasoftTcpServiceOff.ini
PUP.Optional.ChinAd, C:\Windows\System32\drivers\wfcre.sys
PUP.Optional.SpyHunter, C:\spyhunter.fix
PUP.Optional.SpyHunter, C:\Windows\System32\sh4native.exe

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

PUP.Optional.Legacy, C:\Users\Doma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - http:\\search.certified-toolbar.com?si=41460&st=shortcut&tid=3201
PUP.Optional.Legacy, C:\Users\Doma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - http:\\search.certified-toolbar.com?si=41460&st=shortcut&tid=3201
PUP.Optional.Legacy, C:\Users\Doma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - http:\\search.certified-toolbar.com?si=41460&st=shortcut&tid=3201
PUP.Optional.Legacy, C:\Users\Doma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - http:\\search.certified-toolbar.com?si=41460&st=shortcut&tid=3201
PUP.Optional.SafeFinder, C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - %SNP%
PUP.Optional.SafeFinder, C:\Users\Doma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - %SNP%

***** [ Tasks ] *****

PUP.Optional.Legacy, Microsoft\Windows\Windows Error Reporting\ErrorReporting
PUP.Optional.SpyHunter, SpyHunter4

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Winamp Toolbar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\Winamp Toolbar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
PUP.Optional.Legacy, [Key] - HKCU\Software\Winamp Toolbar
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\AppDataLow\Software\adawarebp
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\adawarebp
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\Headlight
PUP.Optional.Legacy, [Key] - HKCU\Software\Headlight
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Applications\WinThrusterSetup.exe
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Voyasollam.exe
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VoyasollamU
PUP.Optional.Yelloader, [Key] - HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\ssn
PUP.Optional.Yelloader, [Key] - HKCU\Software\ssn
PUP.Optional.SpyHunter, [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
PUP.Optional.WebCompanion, [Key] - HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
PUP.Optional.WebCompanion, [Key] - HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\APreSam
PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\MPrForShutT
PUP.Optional.WeatherAlerts, [Key] - HKLM\SOFTWARE\Microsoft\PWeatherIns

***** [ Firefox (and derivatives) ] *****

PUP.Optional.SafeFinder, Startpage found: C:\ProgramData\Voyasollams\ff.HP

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

# AdwCleaner 7.0.3.0 - Logfile created on Fri Sep 29 12:08:05 2017
# Updated on 2017/28/09 by Malwarebytes
# Running on Windows 7 Professional (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Doma\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\ProgramData\AVG Security Toolbar
Deleted: C:\ProgramData\Application Data\AVG Security Toolbar
Deleted: C:\Users\All Users\AVG Security Toolbar
Deleted: C:\Users\Doma\AppData\Roaming\NCdownloader
Deleted: C:\Program Files\Red Sky
Deleted: C:\ProgramData\Winamp Toolbar
Deleted: C:\ProgramData\Application Data\Winamp Toolbar
Deleted: C:\Program Files\Winamp Toolbar
Deleted: C:\Users\All Users\Winamp Toolbar
Deleted: C:\Users\Doma\AppData\Local\Winamp Toolbar
Deleted: C:\Users\All Users\Documents\XMUpdate
Deleted: C:\Users\Public\Documents\XMUpdate
Deleted: C:\Program Files\spyhunter
Deleted: C:\Program Files\SpyHunter
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
Deleted: C:\Program Files\Solvusoft
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\LavasoftTcpService
Deleted: C:\Users\Doma\AppData\Roaming\ErrorReporting
Deleted: C:\Users\Doma\AppData\Roaming\\ErrorReporting
Deleted: C:\ProgramData\Avg_Update_0814tb

***** [ Files ] *****

Deleted: C:\Windows\System32\lavasofttcpservice.dll
Deleted: C:\Windows\System32\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\System32\drivers\wfcre.sys
Deleted: C:\spyhunter.fix
Deleted: C:\Windows\System32\sh4native.exe

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Cleaned: C:\Users\Doma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk[http:\\search.certified-toolbar.com?si=41460&st=shortcut&tid=3201]
Cleaned: C:\Users\Doma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk[http:\\search.certified-toolbar.com?si=41460&st=shortcut&tid=3201]
Cleaned: C:\Users\Doma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk[http:\\search.certified-toolbar.com?si=41460&st=shortcut&tid=3201]
Cleaned: C:\Users\Doma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk[http:\\search.certified-toolbar.com?si=41460&st=shortcut&tid=3201]
Cleaned: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[%SNP%]
Cleaned: C:\Users\Doma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[%SNP%]

***** [ Tasks ] *****

Deleted: Microsoft\Windows\Windows Error Reporting\ErrorReporting
Deleted: SpyHunter4

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Winamp Toolbar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Deleted: [Key] - HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\Winamp Toolbar
Deleted: [Key] - HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Deleted: [Key] - HKCU\Software\Winamp Toolbar
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Deleted: [Key] - HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\AppDataLow\Software\adawarebp
Deleted: [Key] - HKCU\Software\AppDataLow\Software\adawarebp
Deleted: [Key] - HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\Headlight
Deleted: [Key] - HKCU\Software\Headlight
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\WinThrusterSetup.exe
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Voyasollam.exe
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VoyasollamU
Deleted: [Key] - HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\ssn
Deleted: [Key] - HKCU\Software\ssn
Deleted: [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\APreSam
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\MPrForShutT
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PWeatherIns

***** [ Firefox (and derivatives) ] *****

Startpage deleted: C:\ProgramData\Voyasollams\ff.HP

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [6839 B] - [2017/9/29 12:7:8]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

OK. Teď dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2017 01
Ran by Doma (administrator) on RAY (29-09-2017 14:35:36)
Running from C:\Users\Doma\Desktop
Loaded Profiles: Doma (Available Profiles: Doma & Administrator)
Platform: Microsoft Windows 7 Professional (X86) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Dassault Systemes) D:\Programy\CATIAA\intel_a\code\bin\CATSysDemon.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(TODO: <Company name>) C:\Disk\WebService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(TODO: <Company name>) C:\Disk\WebService.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\UNS.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.227\WsAppService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(PC Tools) C:\Disk\securedisk.exe
(forum.viry.cz) C:\Users\Doma\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [354360 2009-08-07] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2012-12-29] ()
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-09-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [289248 2017-09-28] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {6fe578d4-58c4-11e2-add6-001e37bf6b2c} - F:\Launch.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {879ca9a0-e29e-11e3-86db-001e37bf6b2c} - G:\Startme.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {af5eeb80-330e-11e5-a90b-001e37bf6b2c} - G:\autorun.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {c6e9eeed-f0fd-11e2-932c-001e37bf6b2c} - G:\Startme.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {db941cc2-ef6b-11e2-9385-001e37bf6b2c} - G:\LGAutoRun.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2014-04-13]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sh4native Sh4Removalsdnclean.exe
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3222038749-3408278726-1471104988-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33E4DDDF-96E4-4A9C-89EB-3F342BAB2E70}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{33E4DDDF-96E4-4A9C-89EB-3F342BAB2E70}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{554AA74B-A3DC-4588-A4FD-1E2443390A88}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{85870302-68BA-4C77-83AA-CF9DE3203E48}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{85870302-68BA-4C77-83AA-CF9DE3203E48}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: njgj5f3a.default
FF ProfilePath: C:\Users\Doma\AppData\Roaming\Mozilla\Firefox\Profiles\njgj5f3a.default [2017-09-29]
FF user.js: detected! => C:\Users\Doma\AppData\Roaming\Mozilla\Firefox\Profiles\njgj5f3a.default\user.js [2017-06-29]
FF Extension: (Adblock Plus) - C:\Users\Doma\AppData\Roaming\Mozilla\Firefox\Profiles\njgj5f3a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (Activity Stream) - C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-09-27] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-08-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-05-07] ()
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-06-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-07-11] (Nullsoft, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\26094505.js [2017-01-21] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\26094505.cfg [2017-01-21] <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [276328 2017-09-28] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5881008 2017-09-28] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-09-14] (AVG Technologies CZ, s.r.o.)
R2 BBDemon; D:\Programy\CATIAA\intel_a\code\bin\CATSysDemon.exe [49152 2006-04-29] (Dassault Systemes) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2015-10-11] (Flexera Software LLC)
S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.)
S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34704 2017-09-27] (Google Inc)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135872 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [261128 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [151024 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [270344 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43992 2017-09-28] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35264 2017-09-28] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [117368 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [91976 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63280 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [766216 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [492552 2017-09-28] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\system32\drivers\avgStm.sys [140648 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [290264 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-07] (DT Soft Ltd)
S3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [55296 2016-07-07] (Leaf Networks)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
S2 PHYMEM; C:\Windows\system32\ami_ipower.sys [15992 2017-01-21] ()
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International)
R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [109216 2009-07-29] () [File not signed]
S3 SANDRA; D:\Programy\ALT\sandra\SiSoft_Sandra_2010_11611_portable\SiSoftware Sandra Portable\WNt500x86\Sandra.sys [23112 2009-08-08] (SiSoftware)
R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [40104 2016-10-20] (RapidSolution Software AG)
S3 esgiguard; \??\C:\Program Files\SpyHunter-v4.22.8.4668-Portable-+-integrovaný-crack\SpyHunter v4.22.8.4668 Portable\SpyHunter\esgiguard.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S1 wfcre; system32\drivers\wfcre.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Doma\AppData\Local\Temp\tmp25F7.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 14:03 - 2017-09-29 14:08 - 000000000 ____D C:\AdwCleaner
2017-09-29 14:02 - 2017-09-29 14:02 - 008249808 _____ (Malwarebytes) C:\Users\Doma\Desktop\adwcleaner_7.0.3.0.exe
2017-09-29 13:31 - 2017-09-28 19:24 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170929-133129.backup
2017-09-29 13:16 - 2017-09-29 14:36 - 000019516 _____ C:\Users\Doma\Desktop\FRST.txt
2017-09-29 13:16 - 2017-09-29 13:16 - 000112640 _____ (forum.viry.cz) C:\Users\Doma\Desktop\FRSTLauncher.exe
2017-09-29 13:06 - 2017-09-29 13:16 - 000000000 ____D C:\FRST
2017-09-29 13:04 - 2017-09-29 13:04 - 001795584 _____ (Farbar) C:\Users\Doma\Desktop\FRST.exe
2017-09-29 12:55 - 2017-09-29 12:55 - 000000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-09-29 12:55 - 2017-09-29 12:55 - 000000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-09-29 12:55 - 2017-09-29 12:55 - 000000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-09-29 12:54 - 2017-09-29 12:54 - 000002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-09-29 12:54 - 2017-09-29 12:54 - 000002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-09-29 12:54 - 2017-09-29 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-09-29 12:54 - 2017-05-23 09:22 - 000030128 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean.exe
2017-09-29 11:17 - 2017-09-29 11:17 - 000000079 _____ C:\Windows\wininit.ini
2017-09-29 10:34 - 2017-09-29 12:25 - 000265482 _____ C:\Windows\ntbtlog.txt
2017-09-29 10:31 - 2017-09-29 10:31 - 000001283 _____ C:\Users\Doma\Desktop\procexp – zástupce.lnk
2017-09-29 09:55 - 2017-09-29 09:56 - 000000000 ____D C:\Windows\system32\config\RCCBakup
2017-09-29 09:45 - 2017-09-29 09:45 - 000001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-29 09:45 - 2017-09-29 09:45 - 000001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-29 09:45 - 2017-09-29 09:45 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-28 23:26 - 2017-09-28 20:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170928-232626.backup
2017-09-28 22:25 - 2017-09-29 12:12 - 000000000 ____D C:\Users\Doma\AppData\Local\IIIQF
2017-09-28 21:10 - 2017-09-29 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-09-28 21:09 - 2017-09-28 21:09 - 000000000 ____D C:\Program Files\Lavasoft
2017-09-28 20:59 - 2017-09-28 20:59 - 000000000 ____D C:\ProgramData\adaware
2017-09-28 20:52 - 2017-09-29 12:55 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-09-28 20:52 - 2017-09-29 12:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-28 20:26 - 2017-09-28 20:26 - 000290264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys
2017-09-28 20:26 - 2017-09-28 20:26 - 000140648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys
2017-09-28 20:26 - 2017-09-28 20:26 - 000000336 ____H C:\Windows\Tasks\Antivirus Emergency Update.job
2017-09-28 20:26 - 2017-09-28 20:25 - 000766216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000492552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000091976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-09-28 20:25 - 2017-09-28 20:25 - 000305936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-09-28 20:25 - 2017-09-28 20:25 - 000261128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2017-09-28 20:25 - 2017-09-28 20:25 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2017-09-28 20:21 - 2017-09-28 20:21 - 000000978 _____ C:\Users\Public\Desktop\AVG.lnk
2017-09-28 20:21 - 2017-09-28 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-09-28 20:20 - 2017-09-28 20:22 - 000000000 ____D C:\Program Files\AVG
2017-09-28 20:20 - 2017-09-28 20:20 - 000000368 ____H C:\Windows\Tasks\AVG EUpdate Task.job
2017-09-28 20:18 - 2017-09-28 20:35 - 000000000 ____D C:\Users\Doma\AppData\Local\AvgSetupLog
2017-09-28 20:18 - 2017-09-28 20:30 - 000000000 ____D C:\Users\Doma\AppData\Local\Avg
2017-09-28 19:24 - 2017-09-28 23:26 - 000454378 ____R C:\Windows\system32\Drivers\etc\hosts.20170929-100112.backup
2017-09-28 19:24 - 2017-09-28 20:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hostsss
2017-09-28 19:23 - 2017-09-28 19:23 - 000000000 _____ C:\Windows\system32\last.dump
2017-09-28 18:28 - 2017-09-28 18:28 - 000000000 ____D C:\Program Files\AVAST Software
2017-09-27 23:43 - 2017-09-27 23:43 - 000150287 _____ C:\Users\Doma\Desktop\bookmarks-2017-09-27.json
2017-09-27 22:42 - 2017-09-28 23:08 - 000000000 ____D C:\Windows\system32\vxgjcrtk
2017-09-27 20:44 - 2017-09-27 20:44 - 000000004 _____ C:\ProgramData\uyt.3gif
2017-09-27 20:41 - 2017-09-28 20:29 - 000000000 ____D C:\Disk
2017-09-27 20:41 - 2017-09-27 20:41 - 000000000 ____D C:\Windat
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\zw4uj0ibkjq
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\vjyug5qwa3d
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\pl4n114g2m5
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Program Files\Y8FLL2OGDH
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Program Files\EVDE13XHYO
2017-09-27 20:40 - 2017-09-27 21:42 - 000000000 ____D C:\Program Files\A9E3MW8RRI
2017-09-27 20:39 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\zisddyw2mwc
2017-09-27 20:39 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\yojcx1psvv1
2017-09-27 20:39 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\eolmka4p5hn
2017-09-27 20:39 - 2017-09-27 21:42 - 000000000 ____D C:\Program Files\51YWLHTMHP
2017-09-27 20:39 - 2017-09-27 20:47 - 000001835 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-09-27 20:38 - 2017-09-27 20:47 - 000001876 _____ C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2017-09-27 20:38 - 2017-09-27 20:47 - 000001876 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2017-09-27 20:38 - 2017-09-27 20:47 - 000001823 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2017-09-27 19:58 - 2017-09-27 20:12 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coolmuster
2017-09-27 19:58 - 2017-09-27 20:12 - 000000000 ____D C:\Program Files\Coolmuster
2017-09-27 19:58 - 2017-09-27 19:58 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Coolmuster
2017-09-27 19:53 - 2017-09-27 20:23 - 000000000 ____D C:\Users\Doma\AppData\Roaming\GetRightToGo
2017-09-27 19:36 - 2017-09-27 19:36 - 000000000 ____D C:\ProgramData\wsr
2017-09-27 19:18 - 2017-09-27 19:18 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wsadb_01009.Wdf
2017-09-27 19:14 - 2017-09-27 19:14 - 000034704 _____ (Google Inc) C:\Windows\system32\Drivers\wsadb.sys
2017-09-27 19:11 - 2017-09-27 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-09-27 19:11 - 2017-09-27 19:12 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Wondershare
2017-09-27 19:11 - 2015-02-27 10:35 - 000000232 _____ C:\Windows\system32\dllhost.exe.config
2017-09-27 19:10 - 2017-09-27 19:39 - 000000000 ____D C:\ProgramData\Wondershare
2017-09-27 19:10 - 2017-09-27 19:39 - 000000000 ____D C:\Program Files\Wondershare
2017-09-26 21:19 - 2017-09-26 21:19 - 000000000 ____D C:\ProgramData\Macrovision
2017-09-18 22:43 - 2017-09-18 22:44 - 000000000 ____D C:\Users\Doma\Desktop\Mosnov 2017 vyber
2017-08-31 22:05 - 2017-09-26 19:09 - 000000316 _____ C:\Windows\Tasks\HPCeeScheduleForDoma.job
2017-08-31 22:05 - 2017-08-31 22:05 - 000000000 ____D C:\Users\Doma\AppData\Local\HP_Inc
2017-08-31 16:49 - 2017-08-31 16:49 - 000000000 ____D C:\Users\Doma\AppData\Local\Sebastien.warin.fr
2017-08-31 16:30 - 2017-08-31 17:10 - 000000000 ____D C:\Program Files\Stream What You Hear
2017-08-31 14:32 - 2017-08-31 14:32 - 000002177 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2017-08-31 14:32 - 2017-08-31 14:32 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Hewlett-Packard
2017-08-31 14:32 - 2017-08-31 14:32 - 000000000 ____D C:\Users\Doma\AppData\Local\Hewlett-Packard
2017-08-31 14:32 - 2017-08-31 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-08-31 14:30 - 2017-08-31 17:18 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-08-31 14:30 - 2017-08-31 14:30 - 000000000 ____D C:\System.sav
2017-08-31 14:30 - 2017-08-31 14:30 - 000000000 ____D C:\ProgramData\HP Inc
2017-08-31 14:29 - 2017-08-31 14:29 - 000000000 ____D C:\Program Files\HP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 14:19 - 2009-07-14 06:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-29 14:19 - 2009-07-14 06:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-29 14:09 - 2009-07-14 06:53 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-29 14:09 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-29 13:53 - 2013-02-06 13:57 - 000000000 ____D C:\Users\Doma\AppData\Roaming\vlc
2017-09-29 13:51 - 2016-07-16 20:13 - 000000000 ____D C:\Users\Doma\AppData\Roaming\avidemux
2017-09-29 13:08 - 2017-02-11 15:22 - 000000286 _____ C:\native log.txt
2017-09-29 11:41 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-09-29 11:38 - 2017-02-11 16:47 - 000000000 ___HD C:\nssJI5bczG1fUuJo
2017-09-29 09:58 - 2017-02-05 15:00 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-29 09:46 - 2016-11-18 14:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-29 09:33 - 2015-07-02 21:33 - 000000390 _____ C:\Windows\Tasks\FrequencyCheck.job
2017-09-29 09:04 - 2017-02-12 10:41 - 000000000 ___SD C:\Users\Doma\AppData\LocalLow\Temp
2017-09-28 21:48 - 2016-03-20 12:48 - 000000000 ____D C:\ProgramData\Avg
2017-09-28 21:20 - 1980-01-04 00:02 - 000000000 ____D C:\Users\Administrator
2017-09-28 20:30 - 2016-03-20 12:59 - 000000000 ____D C:\Users\Doma\AppData\Roaming\AVG
2017-09-28 18:34 - 2013-01-14 17:11 - 000007598 _____ C:\Users\Doma\AppData\Local\Resmon.ResmonCfg
2017-09-28 18:30 - 2013-01-06 23:12 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-28 00:33 - 2009-07-14 06:33 - 000525984 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-28 00:30 - 2013-01-06 23:26 - 000163368 _____ C:\Users\Doma\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-27 23:45 - 2013-03-10 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-09-27 23:06 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\oobe
2017-09-27 22:31 - 2013-01-06 21:24 - 000000000 ____D C:\Users\Doma
2017-09-27 21:49 - 2013-12-08 14:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\XnView
2017-09-27 21:49 - 2013-01-07 17:59 - 000000000 ____D C:\Users\Doma\AppData\Roaming\DAEMON Tools Lite
2017-09-27 20:47 - 2013-01-06 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2017-09-27 20:43 - 2016-11-20 17:47 - 000000000 ____D C:\Users\Doma\AppData\LocalLow\Mozilla
2017-09-19 18:10 - 2013-01-06 21:26 - 001584756 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-19 18:10 - 2009-07-14 10:44 - 000669164 _____ C:\Windows\system32\perfh005.dat
2017-09-19 18:10 - 2009-07-14 10:44 - 000141790 _____ C:\Windows\system32\perfc005.dat
2017-08-31 14:32 - 2013-01-06 22:44 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-08-31 14:31 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\Help
2017-08-31 14:30 - 2013-01-06 22:46 - 000000000 ____D C:\Program Files\Hewlett-Packard
2017-08-31 14:30 - 2013-01-06 22:45 - 000000000 ____D C:\Users\Doma\AppData\Roaming\hpqLog
2017-08-31 14:28 - 2010-04-20 18:20 - 000000000 ____D C:\SwSetup

==================== Files in the root of some directories =======

2014-01-30 19:23 - 2014-05-30 21:52 - 000003744 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-01-06 23:25 - 2013-01-06 23:25 - 000000000 _____ () C:\Users\Doma\AppData\Local\AtStart.txt
2013-01-06 23:25 - 2013-01-06 23:25 - 000000000 _____ () C:\Users\Doma\AppData\Local\DSwitch.txt
2013-01-06 23:29 - 2016-04-24 11:26 - 000000000 _____ () C:\Users\Doma\AppData\Local\FnF4.txt
2017-04-11 21:52 - 2017-04-11 21:52 - 049740672 _____ (Sony) C:\Users\Doma\AppData\Local\pcc.exe
2013-01-06 23:25 - 2013-01-06 23:25 - 000000000 _____ () C:\Users\Doma\AppData\Local\QSwitch.txt
2013-01-14 17:11 - 2017-09-28 18:34 - 000007598 _____ () C:\Users\Doma\AppData\Local\Resmon.ResmonCfg
2017-01-20 22:17 - 2017-05-03 21:01 - 000000552 _____ () C:\Users\Doma\AppData\Local\TroubleshooterConfig.json
2015-10-11 09:48 - 2015-10-11 09:48 - 000000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-09-27 20:44 - 2017-09-27 20:44 - 000000004 _____ () C:\ProgramData\uyt.3gif
2013-02-04 12:31 - 2013-02-04 12:31 - 000000000 _____ () C:\ProgramData\xml495E.tmp
2013-02-04 12:31 - 2013-02-04 12:31 - 000000000 _____ () C:\ProgramData\xml49DC.tmp
2013-01-07 19:45 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml769B.tmp
2013-01-07 19:45 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml7870.tmp
2013-01-07 19:45 - 2013-01-07 19:45 - 000000000 _____ () C:\ProgramData\xml790D.tmp
2013-01-07 19:45 - 2013-01-07 19:45 - 000000000 _____ () C:\ProgramData\xml799B.tmp
2017-01-21 20:23 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml8D08.tmp
2017-01-21 20:23 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml8D77.tmp
2017-01-21 20:23 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml8DB6.tmp
2013-01-13 17:59 - 2013-01-13 17:59 - 000000000 _____ () C:\ProgramData\xml8DDE.tmp
2017-01-21 20:23 - 2017-01-21 20:23 - 000000000 _____ () C:\ProgramData\xml8E05.tmp
2013-01-13 17:59 - 2013-01-13 17:59 - 000000000 _____ () C:\ProgramData\xml8F46.tmp
2013-01-13 18:17 - 2013-01-13 18:17 - 000000000 _____ () C:\ProgramData\xml9EEF.tmp
2013-01-13 18:17 - 2013-01-13 18:17 - 000000000 _____ () C:\ProgramData\xml9F6D.tmp
2013-01-10 23:23 - 2013-01-10 23:23 - 000000000 _____ () C:\ProgramData\xmlD737.tmp
2013-01-10 23:23 - 2013-01-10 23:23 - 000000000 _____ () C:\ProgramData\xmlD870.tmp
2013-01-07 22:58 - 2013-01-07 22:58 - 000000000 _____ () C:\ProgramData\xmlF0DD.tmp
2013-01-07 22:58 - 2013-01-07 22:58 - 000000000 _____ () C:\ProgramData\xmlF17A.tmp

Some files in TEMP:
====================
2017-09-28 21:07 - 2017-09-28 21:07 - 002613240 _____ () C:\Users\Doma\AppData\Local\Temp\95e10d23-74b8-4138-b9ed-a5e4ec776d4b.exe
2017-09-28 20:59 - 2017-09-28 20:59 - 002613240 _____ () C:\Users\Doma\AppData\Local\Temp\b32dd8bf-5bda-46e7-b9e2-01e1d9016cea.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\SafeBoot.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: C:\Windows\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup\avgsetupx.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\FrequencyCheck.job => c:\programdata\{c6e0f057-e1f6-618f-c6e0-0f057e1fc15f}\sp1 for ds catia v5 6r2014 win32_64.rar.exe <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleForDoma.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Doma\AppData\Roaming\ProXoft:RVBA [22]

==================== Security Center ==================

AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Doma\Desktop" je 382 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
"C:\Program Files\Winamp\winampa.exe"

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {6fe578d4-58c4-11e2-add6-001e37bf6b2c} - F:\Launch.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {879ca9a0-e29e-11e3-86db-001e37bf6b2c} - G:\Startme.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {af5eeb80-330e-11e5-a90b-001e37bf6b2c} - G:\autorun.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {c6e9eeed-f0fd-11e2-932c-001e37bf6b2c} - G:\Startme.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {db941cc2-ef6b-11e2-9385-001e37bf6b2c} - G:\LGAutoRun.exe
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3222038749-3408278726-1471104988-1001\User: Restriction <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\26094505.js [2017-01-21] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\26094505.cfg [2017-01-21] <==== ATTENTION
C:\Users\Doma\AppData\Roaming\zw4uj0ibkjq
C:\Users\Doma\AppData\Roaming\vjyug5qwa3d
C:\Users\Doma\AppData\Roaming\pl4n114g2m5
C:\Program Files\Y8FLL2OGDH
C:\Program Files\EVDE13XHYO
C:\Program Files\A9E3MW8RRI
C:\Users\Doma\AppData\Roaming\zisddyw2mwc
C:\Users\Doma\AppData\Roaming\yojcx1psvv1
C:\Users\Doma\AppData\Roaming\eolmka4p5hn
C:\Program Files\51YWLHTMHP
C:\ProgramData\xml495E.tmp
C:\ProgramData\xml49DC.tmp
C:\ProgramData\xml769B.tmp
C:\ProgramData\xml7870.tmp
C:\ProgramData\xml790D.tmp
C:\ProgramData\xml799B.tmp
C:\ProgramData\xml8D08.tmp
C:\ProgramData\xml8D77.tmp
C:\ProgramData\xml8DB6.tmp
C:\ProgramData\xml8DDE.tmp
C:\ProgramData\xml8E05.tmp
C:\ProgramData\xml8F46.tmp
C:\ProgramData\xml9EEF.tmp
C:\ProgramData\xml9F6D.tmp
C:\ProgramData\xmlD737.tmp
C:\ProgramData\xmlD870.tmp
C:\ProgramData\xmlF0DD.tmp
C:\ProgramData\xmlF17A.tmp
C:\ProgramData\xml495E.tmp
C:\Users\Doma\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Udelal jsem to podle navodu, ale log mi nevyskocil , restartoval se mi notas a tak jsem zkopiroval textak co mam na plose jmenujese fixlog snad je to vono. AvG mi zhodilo do karanteny ten FRST.exe tak jsme ho vytahl z karanteny

Znovu jsem udela scan pomoci FRST e zkopirovan dole .-)

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-09-2017 01
Ran by Doma (29-09-2017 17:50:54) Run:1
Running from C:\Users\Doma\Desktop
Loaded Profiles: Doma (Available Profiles: Doma & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {6fe578d4-58c4-11e2-add6-001e37bf6b2c} - F:\Launch.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {879ca9a0-e29e-11e3-86db-001e37bf6b2c} - G:\Startme.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {af5eeb80-330e-11e5-a90b-001e37bf6b2c} - G:\autorun.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {c6e9eeed-f0fd-11e2-932c-001e37bf6b2c} - G:\Startme.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {db941cc2-ef6b-11e2-9385-001e37bf6b2c} - G:\LGAutoRun.exe
HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3222038749-3408278726-1471104988-1001\User: Restriction <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\26094505.js [2017-01-21] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\26094505.cfg [2017-01-21] <==== ATTENTION
C:\Users\Doma\AppData\Roaming\zw4uj0ibkjq
C:\Users\Doma\AppData\Roaming\vjyug5qwa3d
C:\Users\Doma\AppData\Roaming\pl4n114g2m5
C:\Program Files\Y8FLL2OGDH
C:\Program Files\EVDE13XHYO
C:\Program Files\A9E3MW8RRI
C:\Users\Doma\AppData\Roaming\zisddyw2mwc
C:\Users\Doma\AppData\Roaming\yojcx1psvv1
C:\Users\Doma\AppData\Roaming\eolmka4p5hn
C:\Program Files\51YWLHTMHP
C:\ProgramData\xml495E.tmp
C:\ProgramData\xml49DC.tmp
C:\ProgramData\xml769B.tmp
C:\ProgramData\xml7870.tmp
C:\ProgramData\xml790D.tmp
C:\ProgramData\xml799B.tmp
C:\ProgramData\xml8D08.tmp
C:\ProgramData\xml8D77.tmp
C:\ProgramData\xml8DB6.tmp
C:\ProgramData\xml8DDE.tmp
C:\ProgramData\xml8E05.tmp
C:\ProgramData\xml8F46.tmp
C:\ProgramData\xml9EEF.tmp
C:\ProgramData\xml9F6D.tmp
C:\ProgramData\xmlD737.tmp
C:\ProgramData\xmlD870.tmp
C:\ProgramData\xmlF0DD.tmp
C:\ProgramData\xmlF17A.tmp
C:\ProgramData\xml495E.tmp
C:\Users\Doma\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully.
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key removed successfully.
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fe578d4-58c4-11e2-add6-001e37bf6b2c} => key removed successfully.
HKLM\Software\Classes\CLSID\{6fe578d4-58c4-11e2-add6-001e37bf6b2c} => key not found.
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{879ca9a0-e29e-11e3-86db-001e37bf6b2c} => key removed successfully.
HKLM\Software\Classes\CLSID\{879ca9a0-e29e-11e3-86db-001e37bf6b2c} => key not found.
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af5eeb80-330e-11e5-a90b-001e37bf6b2c} => key removed successfully.
HKLM\Software\Classes\CLSID\{af5eeb80-330e-11e5-a90b-001e37bf6b2c} => key not found.
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6e9eeed-f0fd-11e2-932c-001e37bf6b2c} => key removed successfully.
HKLM\Software\Classes\CLSID\{c6e9eeed-f0fd-11e2-932c-001e37bf6b2c} => key not found.
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db941cc2-ef6b-11e2-9385-001e37bf6b2c} => key removed successfully.
HKLM\Software\Classes\CLSID\{db941cc2-ef6b-11e2-9385-001e37bf6b2c} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3222038749-3408278726-1471104988-1001\User => moved successfully
C:\Program Files\mozilla firefox\defaults\pref\26094505.js => moved successfully
C:\Program Files\mozilla firefox\26094505.cfg => moved successfully
C:\Users\Doma\AppData\Roaming\zw4uj0ibkjq => moved successfully
C:\Users\Doma\AppData\Roaming\vjyug5qwa3d => moved successfully
C:\Users\Doma\AppData\Roaming\pl4n114g2m5 => moved successfully
C:\Program Files\Y8FLL2OGDH => moved successfully
C:\Program Files\EVDE13XHYO => moved successfully
C:\Program Files\A9E3MW8RRI => moved successfully
C:\Users\Doma\AppData\Roaming\zisddyw2mwc => moved successfully
C:\Users\Doma\AppData\Roaming\yojcx1psvv1 => moved successfully
C:\Users\Doma\AppData\Roaming\eolmka4p5hn => moved successfully
C:\Program Files\51YWLHTMHP => moved successfully
C:\ProgramData\xml495E.tmp => moved successfully
C:\ProgramData\xml49DC.tmp => moved successfully
C:\ProgramData\xml769B.tmp => moved successfully
C:\ProgramData\xml7870.tmp => moved successfully
C:\ProgramData\xml790D.tmp => moved successfully
C:\ProgramData\xml799B.tmp => moved successfully
C:\ProgramData\xml8D08.tmp => moved successfully
C:\ProgramData\xml8D77.tmp => moved successfully
C:\ProgramData\xml8DB6.tmp => moved successfully
C:\ProgramData\xml8DDE.tmp => moved successfully
C:\ProgramData\xml8E05.tmp => moved successfully
C:\ProgramData\xml8F46.tmp => moved successfully
C:\ProgramData\xml9EEF.tmp => moved successfully
C:\ProgramData\xml9F6D.tmp => moved successfully
C:\ProgramData\xmlD737.tmp => moved successfully
C:\ProgramData\xmlD870.tmp => moved successfully
C:\ProgramData\xmlF0DD.tmp => moved successfully
C:\ProgramData\xmlF17A.tmp => moved successfully
"C:\ProgramData\xml495E.tmp" => not found.

"C:\Users\Doma\AppData\Local\Temp" folder move:

Could not move "C:\Users\Doma\AppData\Local\Temp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4250388 B
Java, Flash, Steam htmlcache => 673 B
Windows/system/drivers => 324456 B
Edge => 0 B
Chrome => 0 B
Firefox => 103513829 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 83016 B
Public => 0 B
ProgramData => 0 B
systemprofile => 6420181 B
LocalService => 66708 B
NetworkService => 952 B
Doma => 29843120 B
Administrator => 8186625 B

RecycleBin => 12906 B
EmptyTemp: => 153.6 MB temporary data Removed.

================================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2017 01
Ran by Doma (administrator) on RAY (29-09-2017 18:19:13)
Running from C:\Users\Doma\Desktop
Loaded Profiles: Doma (Available Profiles: Doma & Administrator)
Platform: Microsoft Windows 7 Professional (X86) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Dassault Systemes) D:\Programy\CATIAA\intel_a\code\bin\CATSysDemon.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(TODO: <Company name>) C:\Disk\WebService.exe
(TODO: <Company name>) C:\Disk\WebService.exe
(PC Tools) C:\Disk\securedisk.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\UNS.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.4.3.227\WsAppService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Doma\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [354360 2009-08-07] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2012-12-29] ()
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-09-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [289248 2017-09-28] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\...\MountPoints2: {6fe578d4-58c4-11e2-add6-001e37bf6b2c} - F:\Launch.exe
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll => C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll [89872 2009-07-28] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-06]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2014-04-13]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sh4native Sh4Removalsdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33E4DDDF-96E4-4A9C-89EB-3F342BAB2E70}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{33E4DDDF-96E4-4A9C-89EB-3F342BAB2E70}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{554AA74B-A3DC-4588-A4FD-1E2443390A88}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{85870302-68BA-4C77-83AA-CF9DE3203E48}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{85870302-68BA-4C77-83AA-CF9DE3203E48}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-3222038749-3408278726-1471104988-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: njgj5f3a.default
FF ProfilePath: C:\Users\Doma\AppData\Roaming\Mozilla\Firefox\Profiles\njgj5f3a.default [2017-09-29]
FF user.js: detected! => C:\Users\Doma\AppData\Roaming\Mozilla\Firefox\Profiles\njgj5f3a.default\user.js [2017-06-29]
FF Extension: (Adblock Plus) - C:\Users\Doma\AppData\Roaming\Mozilla\Firefox\Profiles\njgj5f3a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-09-29]
FF Extension: (Activity Stream) - C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-09-27] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-08-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-05-07] ()
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-06-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-07-11] (Nullsoft, Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192784 2009-07-28] (Bioscrypt Inc.)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [150288 2009-07-28] (Bioscrypt Inc.)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1201400 2009-07-29] (AuthenTec, Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [276328 2017-09-28] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5881008 2017-09-28] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-09-14] (AVG Technologies CZ, s.r.o.)
R2 BBDemon; D:\Programy\CATIAA\intel_a\code\bin\CATSysDemon.exe [49152 2006-04-29] (Dassault Systemes) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2015-10-11] (Flexera Software LLC)
S3 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [45056 2009-08-07] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256544 2009-07-29] (McAfee, Inc.)
S3 hpqcaslwmiex; C:\Program Files\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34704 2017-09-27] (Google Inc)
R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135872 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [261128 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [151024 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [270344 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43992 2017-09-28] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35264 2017-09-28] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [117368 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [91976 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63280 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [766216 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [492552 2017-09-28] (AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\Windows\system32\drivers\avgStm.sys [140648 2017-09-28] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [290264 2017-09-28] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-07] (DT Soft Ltd)
S3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [55296 2016-07-07] (Leaf Networks)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [16688 2007-04-24] (IBM)
S2 PHYMEM; C:\Windows\system32\ami_ipower.sys [15992 2017-01-21] ()
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\system32\Drivers\RsvLock.sys [12528 2009-07-29] (SafeBoot International)
R0 SafeBoot; C:\Windows\system32\Drivers\SafeBoot.sys [109216 2009-07-29] () [File not signed]
S3 SANDRA; D:\Programy\ALT\sandra\SiSoft_Sandra_2010_11611_portable\SiSoftware Sandra Portable\WNt500x86\Sandra.sys [23112 2009-08-08] (SiSoftware)
R0 SbAlg; C:\Windows\system32\Drivers\SbAlg.sys [51408 2009-07-29] (SafeBoot N.V.)
R0 SbFsLock; C:\Windows\system32\Drivers\SbFsLock.sys [12960 2009-07-29] (SafeBoot International)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [40104 2016-10-20] (RapidSolution Software AG)
S3 esgiguard; \??\C:\Program Files\SpyHunter-v4.22.8.4668-Portable-+-integrovaný-crack\SpyHunter v4.22.8.4668 Portable\SpyHunter\esgiguard.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
S1 wfcre; system32\drivers\wfcre.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\Doma\AppData\Local\Temp\tmp25F7.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 18:19 - 2017-09-29 18:19 - 000018218 _____ C:\Users\Doma\Desktop\FRST.txt
2017-09-29 18:18 - 2017-09-29 18:18 - 000007111 _____ C:\Users\Doma\Desktop\aaaaaFixlog.txt
2017-09-29 18:03 - 2017-09-29 18:03 - 001795584 _____ (Farbar) C:\Users\Doma\Desktop\FRST.exe
2017-09-29 17:50 - 2017-09-29 18:17 - 000007291 _____ C:\Users\Doma\Desktop\Fixlog.txt
2017-09-29 17:49 - 2017-09-29 17:49 - 000112640 _____ (forum.viry.cz) C:\Users\Doma\Desktop\FRSTLauncher.exe
2017-09-29 15:43 - 2017-09-29 15:43 - 000000000 ____D C:\Users\Doma\Documents\ProcAlyzer Dumps
2017-09-29 15:32 - 2017-09-29 15:32 - 000000000 ____D C:\rsit
2017-09-29 15:32 - 2017-09-29 15:32 - 000000000 ____D C:\Program Files\trend micro
2017-09-29 14:03 - 2017-09-29 15:36 - 000000000 ____D C:\AdwCleaner
2017-09-29 14:02 - 2017-09-29 14:02 - 008249808 _____ (Malwarebytes) C:\Users\Doma\Desktop\adwcleaner_7.0.3.0.exe
2017-09-29 13:31 - 2017-09-28 19:24 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170929-133129.backup
2017-09-29 13:06 - 2017-09-29 18:19 - 000000000 ____D C:\FRST
2017-09-29 12:55 - 2017-09-29 12:55 - 000000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-09-29 12:55 - 2017-09-29 12:55 - 000000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-09-29 12:55 - 2017-09-29 12:55 - 000000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-09-29 12:54 - 2017-09-29 12:54 - 000002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-09-29 12:54 - 2017-09-29 12:54 - 000002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-09-29 12:54 - 2017-09-29 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-09-29 12:54 - 2017-05-23 09:22 - 000030128 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean.exe
2017-09-29 11:17 - 2017-09-29 11:17 - 000000079 _____ C:\Windows\wininit.ini
2017-09-29 10:34 - 2017-09-29 12:25 - 000265482 _____ C:\Windows\ntbtlog.txt
2017-09-29 10:31 - 2017-09-29 10:31 - 000001283 _____ C:\Users\Doma\Desktop\procexp – zástupce.lnk
2017-09-29 09:55 - 2017-09-29 09:56 - 000000000 ____D C:\Windows\system32\config\RCCBakup
2017-09-29 09:45 - 2017-09-29 09:45 - 000001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-29 09:45 - 2017-09-29 09:45 - 000001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-29 09:45 - 2017-09-29 09:45 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-28 23:26 - 2017-09-28 20:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170928-232626.backup
2017-09-28 22:25 - 2017-09-29 12:12 - 000000000 ____D C:\Users\Doma\AppData\Local\IIIQF
2017-09-28 21:10 - 2017-09-29 11:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-09-28 21:09 - 2017-09-28 21:09 - 000000000 ____D C:\Program Files\Lavasoft
2017-09-28 20:59 - 2017-09-28 20:59 - 000000000 ____D C:\ProgramData\adaware
2017-09-28 20:52 - 2017-09-29 12:55 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-09-28 20:52 - 2017-09-29 12:54 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-28 20:26 - 2017-09-28 20:26 - 000290264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys
2017-09-28 20:26 - 2017-09-28 20:26 - 000140648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys
2017-09-28 20:26 - 2017-09-28 20:26 - 000000336 ____H C:\Windows\Tasks\Antivirus Emergency Update.job
2017-09-28 20:26 - 2017-09-28 20:25 - 000766216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000492552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000091976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2017-09-28 20:26 - 2017-09-28 20:25 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-09-28 20:25 - 2017-09-28 20:25 - 000305936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-09-28 20:25 - 2017-09-28 20:25 - 000261128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2017-09-28 20:25 - 2017-09-28 20:25 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2017-09-28 20:21 - 2017-09-28 20:21 - 000000978 _____ C:\Users\Public\Desktop\AVG.lnk
2017-09-28 20:21 - 2017-09-28 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-09-28 20:20 - 2017-09-28 20:22 - 000000000 ____D C:\Program Files\AVG
2017-09-28 20:20 - 2017-09-28 20:20 - 000000368 ____H C:\Windows\Tasks\AVG EUpdate Task.job
2017-09-28 20:18 - 2017-09-29 18:11 - 000000000 ____D C:\Users\Doma\AppData\Local\AvgSetupLog
2017-09-28 20:18 - 2017-09-28 20:30 - 000000000 ____D C:\Users\Doma\AppData\Local\Avg
2017-09-28 19:24 - 2017-09-28 23:26 - 000454378 ____R C:\Windows\system32\Drivers\etc\hosts.20170929-100112.backup
2017-09-28 19:24 - 2017-09-28 20:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hostsss
2017-09-28 19:23 - 2017-09-28 19:23 - 000000000 _____ C:\Windows\system32\last.dump
2017-09-28 18:28 - 2017-09-28 18:28 - 000000000 ____D C:\Program Files\AVAST Software
2017-09-27 23:43 - 2017-09-27 23:43 - 000150287 _____ C:\Users\Doma\Desktop\bookmarks-2017-09-27.json
2017-09-27 22:42 - 2017-09-29 16:41 - 000000000 ____D C:\Windows\system32\vxgjcrtk
2017-09-27 20:44 - 2017-09-27 20:44 - 000000004 _____ C:\ProgramData\uyt.3gif
2017-09-27 20:41 - 2017-09-28 20:29 - 000000000 ____D C:\Disk
2017-09-27 20:41 - 2017-09-27 20:41 - 000000000 ____D C:\Windat
2017-09-27 20:39 - 2017-09-27 20:47 - 000001835 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-09-27 20:38 - 2017-09-27 20:47 - 000001876 _____ C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2017-09-27 20:38 - 2017-09-27 20:47 - 000001876 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2017-09-27 20:38 - 2017-09-27 20:47 - 000001823 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2017-09-27 19:58 - 2017-09-27 20:12 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coolmuster
2017-09-27 19:58 - 2017-09-27 20:12 - 000000000 ____D C:\Program Files\Coolmuster
2017-09-27 19:58 - 2017-09-27 19:58 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Coolmuster
2017-09-27 19:53 - 2017-09-27 20:23 - 000000000 ____D C:\Users\Doma\AppData\Roaming\GetRightToGo
2017-09-27 19:36 - 2017-09-27 19:36 - 000000000 ____D C:\ProgramData\wsr
2017-09-27 19:18 - 2017-09-27 19:18 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wsadb_01009.Wdf
2017-09-27 19:14 - 2017-09-27 19:14 - 000034704 _____ (Google Inc) C:\Windows\system32\Drivers\wsadb.sys
2017-09-27 19:11 - 2017-09-27 19:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-09-27 19:11 - 2017-09-27 19:12 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Wondershare
2017-09-27 19:11 - 2015-02-27 10:35 - 000000232 _____ C:\Windows\system32\dllhost.exe.config
2017-09-27 19:10 - 2017-09-27 19:39 - 000000000 ____D C:\ProgramData\Wondershare
2017-09-27 19:10 - 2017-09-27 19:39 - 000000000 ____D C:\Program Files\Wondershare
2017-09-26 21:19 - 2017-09-26 21:19 - 000000000 ____D C:\ProgramData\Macrovision
2017-09-18 22:43 - 2017-09-18 22:44 - 000000000 ____D C:\Users\Doma\Desktop\Mosnov 2017 vyber
2017-08-31 22:05 - 2017-09-26 19:09 - 000000316 _____ C:\Windows\Tasks\HPCeeScheduleForDoma.job
2017-08-31 22:05 - 2017-08-31 22:05 - 000000000 ____D C:\Users\Doma\AppData\Local\HP_Inc
2017-08-31 16:49 - 2017-08-31 16:49 - 000000000 ____D C:\Users\Doma\AppData\Local\Sebastien.warin.fr
2017-08-31 16:30 - 2017-08-31 17:10 - 000000000 ____D C:\Program Files\Stream What You Hear
2017-08-31 14:32 - 2017-08-31 14:32 - 000002177 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2017-08-31 14:32 - 2017-08-31 14:32 - 000000000 ____D C:\Users\Doma\AppData\Roaming\Hewlett-Packard
2017-08-31 14:32 - 2017-08-31 14:32 - 000000000 ____D C:\Users\Doma\AppData\Local\Hewlett-Packard
2017-08-31 14:32 - 2017-08-31 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-08-31 14:30 - 2017-08-31 17:18 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-08-31 14:30 - 2017-08-31 14:30 - 000000000 ____D C:\System.sav
2017-08-31 14:30 - 2017-08-31 14:30 - 000000000 ____D C:\ProgramData\HP Inc
2017-08-31 14:29 - 2017-08-31 14:29 - 000000000 ____D C:\Program Files\HP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 18:06 - 2009-07-14 06:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-29 18:06 - 2009-07-14 06:34 - 000014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-29 17:58 - 2017-08-24 17:50 - 000000290 __RSH C:\Users\Doma\ntuser.pol
2017-09-29 17:58 - 2013-01-06 21:24 - 000000000 ____D C:\Users\Doma
2017-09-29 17:58 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-29 17:56 - 2016-11-18 14:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-29 17:56 - 2009-07-14 04:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-09-29 17:10 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\system32\oobe
2017-09-29 16:43 - 2013-02-03 14:39 - 000000000 ____D C:\Program Files\Common Files\InstallShield
2017-09-29 16:43 - 2013-01-06 22:44 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-09-29 15:33 - 2015-07-02 21:33 - 000000390 _____ C:\Windows\Tasks\FrequencyCheck.job
2017-09-29 15:06 - 2015-07-10 23:02 - 000000000 ____D C:\Users\Doma\AppData\Roaming\uTorrent
2017-09-29 14:09 - 2009-07-14 06:53 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-29 13:53 - 2013-02-06 13:57 - 000000000 ____D C:\Users\Doma\AppData\Roaming\vlc
2017-09-29 13:51 - 2016-07-16 20:13 - 000000000 ____D C:\Users\Doma\AppData\Roaming\avidemux
2017-09-29 13:08 - 2017-02-11 15:22 - 000000286 _____ C:\native log.txt
2017-09-29 11:41 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2017-09-29 11:38 - 2017-02-11 16:47 - 000000000 ___HD C:\nssJI5bczG1fUuJo
2017-09-29 09:58 - 2017-02-05 15:00 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-29 09:04 - 2017-02-12 10:41 - 000000000 ___SD C:\Users\Doma\AppData\LocalLow\Temp
2017-09-28 21:48 - 2016-03-20 12:48 - 000000000 ____D C:\ProgramData\Avg
2017-09-28 21:20 - 1980-01-04 00:02 - 000000000 ____D C:\Users\Administrator
2017-09-28 20:30 - 2016-03-20 12:59 - 000000000 ____D C:\Users\Doma\AppData\Roaming\AVG
2017-09-28 18:34 - 2013-01-14 17:11 - 000007598 _____ C:\Users\Doma\AppData\Local\Resmon.ResmonCfg
2017-09-28 18:30 - 2013-01-06 23:12 - 000000000 ____D C:\ProgramData\AVAST Software
2017-09-28 00:33 - 2009-07-14 06:33 - 000525984 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-28 00:30 - 2013-01-06 23:26 - 000163368 _____ C:\Users\Doma\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-27 23:45 - 2013-03-10 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2017-09-27 21:49 - 2013-12-08 14:42 - 000000000 ____D C:\Users\Doma\AppData\Roaming\XnView
2017-09-27 21:49 - 2013-01-07 17:59 - 000000000 ____D C:\Users\Doma\AppData\Roaming\DAEMON Tools Lite
2017-09-27 20:47 - 2013-01-06 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2017-09-27 20:43 - 2016-11-20 17:47 - 000000000 ____D C:\Users\Doma\AppData\LocalLow\Mozilla
2017-09-19 18:10 - 2013-01-06 21:26 - 001584756 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-19 18:10 - 2009-07-14 10:44 - 000669164 _____ C:\Windows\system32\perfh005.dat
2017-09-19 18:10 - 2009-07-14 10:44 - 000141790 _____ C:\Windows\system32\perfc005.dat
2017-08-31 14:31 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\Help
2017-08-31 14:30 - 2013-01-06 22:46 - 000000000 ____D C:\Program Files\Hewlett-Packard
2017-08-31 14:30 - 2013-01-06 22:45 - 000000000 ____D C:\Users\Doma\AppData\Roaming\hpqLog
2017-08-31 14:28 - 2010-04-20 18:20 - 000000000 ____D C:\SwSetup

==================== Files in the root of some directories =======

2014-01-30 19:23 - 2014-05-30 21:52 - 000003744 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-01-06 23:25 - 2013-01-06 23:25 - 000000000 _____ () C:\Users\Doma\AppData\Local\AtStart.txt
2013-01-06 23:25 - 2013-01-06 23:25 - 000000000 _____ () C:\Users\Doma\AppData\Local\DSwitch.txt
2013-01-06 23:29 - 2016-04-24 11:26 - 000000000 _____ () C:\Users\Doma\AppData\Local\FnF4.txt
2017-04-11 21:52 - 2017-04-11 21:52 - 049740672 _____ (Sony) C:\Users\Doma\AppData\Local\pcc.exe
2013-01-06 23:25 - 2013-01-06 23:25 - 000000000 _____ () C:\Users\Doma\AppData\Local\QSwitch.txt
2013-01-14 17:11 - 2017-09-28 18:34 - 000007598 _____ () C:\Users\Doma\AppData\Local\Resmon.ResmonCfg
2017-01-20 22:17 - 2017-05-03 21:01 - 000000552 _____ () C:\Users\Doma\AppData\Local\TroubleshooterConfig.json
2015-10-11 09:48 - 2015-10-11 09:48 - 000000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-09-27 20:44 - 2017-09-27 20:44 - 000000004 _____ () C:\ProgramData\uyt.3gif

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\SafeBoot.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: C:\Windows\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup\avgsetupx.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\FrequencyCheck.job => c:\programdata\{c6e0f057-e1f6-618f-c6e0-0f057e1fc15f}\sp1 for ds catia v5 6r2014 win32_64.rar.exe <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleForDoma.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Doma\AppData\Roaming\ProXoft:RVBA [22]

==================== Security Center ==================

AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Doma\Desktop" je 382 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
"C:\Program Files\Winamp\winampa.exe"

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Je to ono a mazání proběhlo. Nastala nějaká změna?

je to bohuzel stejny, zase to funí na 100% , jedine kdy to prestane zatezovat securedisk na 100 % je kdyz vypnu wifi a zhodim prave securedisk pak je to normalni. kdyz zapnu sit tak zase 100 % . A jeste v nouzovem rezimu pri zapnute siti se to chova normalne.

Tak ještě jeden fixlist. Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\Disk\securedisk.exe

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

porad securedisk je na 100 %. furt plati, ze kdyz vypnu sit tak to prestane..

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-09-2017 01
Ran by Doma (29-09-2017 20:02:52) Run:2
Running from C:\Users\Doma\Desktop
Loaded Profiles: Doma (Available Profiles: Doma & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
C:\Disk\securedisk.exe

EmptyTemp:
End
*****************

C:\Disk\securedisk.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4326875 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 320325 B
Edge => 0 B
Chrome => 0 B
Firefox => 17337950 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
LocalService => 1172 B
NetworkService => 692 B
Doma => 205943 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 29.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:03:07 ====

Tohle by ho mělo smazat a zatěžování by mělo skončit. Patří k PCTools. Koukněte do msconfig (startmenu>přík. řádek (napsat) msconfig>Enter) a koukněte, zda není ve službách, nebo v Po startu a zrušte u jeho položky zatržítko.

po spusteni mam tyto programy nevim jestli je tam co hledame a ve sluzbach tam uz vubec nevim co zastavit. prosim mrknete do prilohy tam je rar s obrazky nevim co mam zastavit ..

VIRY.CZ

Securedisk.exe zatezuje CPU 100 % Prosim kontrola logu

Securedisk.exe zatezuje CPU 100 % Prosim kontrola logu

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log

Re: Securedisk.exe zatezuje CPU 100 % Prosim kontrola log