VIRY.CZ

Dobrý den, rád bych poprosil o kontrolu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Rodina at 2018-02-04 13:47:18
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 534 GB (56%) free of 954 GB
Total RAM: 4041 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:47:20, on 4.2.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Windows\VM305_STI.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\trend micro\Rodina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=16194
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE USB PC Camera VC305
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [ZoneAlarm Windows 10 Upgrader] "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ZoneAlarm Windows 10 Upgrader] "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9568 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
AvastUI.exe /nogui
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -startup
"taskhost.exe"
"C:\Program Files\Logitech\SetPoint\SetPoint.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
"C:\Windows\VM305_STI.EXE" USB PC Camera VC305
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe"
KHALMNPR.EXE /API
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.0.932331426\434692344" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" "C:\Users\Rodina\AppData\LocalLow\Mozilla\Temp-{34f96f2c-cc1d-4ed0-912f-bdd8b6a42925}" 4244 "\\.\pipe\gecko-crash-server-pipe.4244" gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.3.453208601\1070060909" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:2|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|155:4;high|192:38;{34f96f2c-cc1d-4ed0-912f-bdd8b6a42925}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4244 "\\.\pipe\gecko-crash-server-pipe.4244" tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.13.1175463577\865556385" -childID 2 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:2|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|155:4;high|192:38;{34f96f2c-cc1d-4ed0-912f-bdd8b6a42925}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4244 "\\.\pipe\gecko-crash-server-pipe.4244" tab
"C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="4244.34.1330420446\395121771" -childID 5 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:20|35:5|36:10|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|99:2|100:1|115:5000|125:0|127:0|138:10000|150:-1|158:24|159:32768|161:0|162:0|170:2|174:1048576|175:100|176:5000|178:600|180:1|188:20|191:4|195:0|204:60000| -boolPrefs 1:0|2:0|4:0|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:0|85:0|86:0|88:0|89:0|90:1|91:1|92:1|95:1|96:0|98:0|101:1|102:0|109:0|114:0|117:1|120:1|122:1|126:0|129:1|132:1|133:1|139:1|140:0|141:1|143:0|149:0|151:1|152:0|153:1|156:0|157:0|160:1|163:0|165:1|167:1|168:0|177:1|182:0|183:0|184:0|185:1|186:0|187:0|189:1|190:1|193:0|196:0|197:0|198:1|199:1|200:0|201:1|202:1|203:1|205:0|206:0|208:0|217:1|218:1|219:0|220:0|221:0| -stringPrefs "3:7;release|97:0;|142:3;1.0|154:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|155:4;high|192:38;{34f96f2c-cc1d-4ed0-912f-bdd8b6a42925}|" -schedulerPrefs 0001,2 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" 4244 "\\.\pipe\gecko-crash-server-pipe.4244" tab
C:\Windows\system32\svchost.exe -k SDRSVC
taskeng.exe {03E0D6CF-18DB-40E4-AD4D-E98615AD9BF0}
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516

"C:\Users\Rodina\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job - C:\Program Files (x86)\TuneUp Utilities 2008\OneClickStarter.exe /schedulestart

=========Mozilla firefox=========

ProfilePath - C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/?clid=22668"
prefs.js - "keyword.URL" - "http://search.seznam.cz/?sourceid=quick ... earchTerms}&"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.161.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.137 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
nppluginrichmediaplayer.dll

C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default\searchplugins\
seznam-avast.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-12-10 958328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-30 474688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-12-10 820672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-30 188992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-01-23 134416]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-12-29 246120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-03-26 291608]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17 1160408]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2013-03-27 73832]
"BigDog305"=C:\Windows\VM305_STI.EXE [2007-01-05 61440]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19 587288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2018-02-04 13:47:18 ----D---- C:\rsit
2018-02-04 13:39:23 ----D---- C:\ProgramData\SWCUTemp

======List of files/folders modified in the last 1 month======

2018-02-04 13:47:20 ----D---- C:\Program Files\trend micro
2018-02-04 13:40:19 ----A---- C:\Windows\SYSWOW64\log.txt
2018-02-04 13:39:23 ----D---- C:\ProgramData
2018-02-04 13:38:55 ----D---- C:\Windows\temp
2018-02-04 13:37:39 ----D---- C:\Windows\inf
2018-02-04 13:37:36 ----D---- C:\Windows
2018-02-04 13:35:51 ----D---- C:\Oblivione
2018-02-04 13:27:13 ----RD---- C:\Program Files (x86)
2018-02-04 13:26:42 ----D---- C:\Program Files
2018-02-04 13:07:48 ----D---- C:\Windows\system32\config
2018-02-04 12:57:35 ----RSD---- C:\Windows\Fonts
2018-02-04 12:57:30 ----D---- C:\Windows\Prefetch
2018-02-04 12:55:46 ----D---- C:\Program Files (x86)\DsNET Corp
2018-02-04 12:55:44 ----D---- C:\Windows\SysWOW64
2018-02-04 12:55:22 ----SHD---- C:\Windows\Installer
2018-02-04 12:55:20 ----SHD---- C:\Config.Msi
2018-02-04 12:55:20 ----SD---- C:\ProgramData\Microsoft
2018-02-04 12:55:20 ----D---- C:\Program Files (x86)\Microsoft
2018-02-04 12:24:57 ----SHD---- C:\System Volume Information
2018-02-03 16:16:26 ----D---- C:\Users\Rodina\AppData\Roaming\DAEMON Tools Lite
2018-02-03 02:29:07 ----D---- C:\Program Files (x86)\Battle for Wesnoth 1.12.6
2018-02-02 15:03:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-01-31 18:24:16 ----D---- C:\Program Files\Diablo II
2018-01-31 18:20:46 ----D---- C:\Program Files\Diablo
2018-01-31 08:57:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-30 13:01:30 ----D---- C:\Program Files (x86)\Common Files
2018-01-30 13:00:49 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2018-01-30 13:00:27 ----D---- C:\Program Files (x86)\Java
2018-01-30 12:57:42 ----D---- C:\Program Files (x86)\IrfanView
2018-01-26 22:41:38 ----D---- C:\Users\Rodina\AppData\Roaming\Skype
2018-01-26 17:27:57 ----D---- C:\Users\Rodina\AppData\Roaming\discord
2018-01-15 11:35:03 ----D---- C:\Windows\System32
2018-01-15 11:35:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-01-15 11:27:46 ----D---- C:\Windows\system32\catroot2
2018-01-11 04:18:31 ----D---- C:\Windows\system32\drivers
2018-01-09 20:21:06 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2018-01-09 20:21:04 ----D---- C:\Windows\system32\Macromed
2018-01-09 20:21:02 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2017-12-29 199448]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2017-12-29 343768]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2017-12-29 57696]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-12-29 84384]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-12-29 358672]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hcs.sys [2012-03-26 19224]
R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2012-11-15 458584]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2017-12-29 185096]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2017-12-29 321512]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2017-12-29 149344]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-09-01 41832]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-12-29 110336]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-12-29 1025176]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-01-10 457896]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-08-19 283064]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2013-02-21 613720]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2012-12-13 450136]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-01-10 146648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-12-29 204456]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2017-11-02 40034184]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2017-11-02 536456]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2017-09-02 96256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-12 4060560]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-01-23 51984]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-01-23 48912]
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-12-29 46976]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2017-03-02 34720]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver; C:\Windows\system32\DRIVERS\ISCTD64.sys [2012-07-24 46016]
S3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2007-01-23 35600]
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 MSICDSetup;MSICDSetup; \??\D:\CDriver64.sys []
S3 NTIOLib_1_0_3;NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys []
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2009-09-21 127488]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vvftav;vvftav; C:\Windows\system32\drivers\vvftav.sys [2007-02-02 300800]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001); C:\Windows\system32\drivers\WPRO_41_2001.sys [2012-11-07 34752]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-17 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2017-11-02 472456]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-12-29 301168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-29 165144]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-03-29 277784]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-29 363800]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2013-03-27 2447888]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-12-29 7538536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-07-18 317408]
S2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09 272384]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-01-30 194512]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2013-02-22 497920]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-11 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Ahoj

Su aj nejake problemy s PC alebo ide cisto o preventivku?

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Scan (Skenovanie) a pockaj na dokoncenie
• Klikni na Clean (Cistenie) a potvrd kliknutim na OK
• AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
• Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj

Problém s PC by ani nebyl žádný, až tedy na internetový prohlížeč, občas mi vyskakují nežádoucí reklamy i přes Adblock, nerozumím tomu.

# AdwCleaner 7.0.7.0 - Logfile created on Sun Feb 04 14:53:28 2018
# Updated on 2018/18/01 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Rodina\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DBF5819-8634-464E-92F4-1F29C1EFF773}
Deleted: [Key] - HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
Deleted: [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1609 B] - [2018/2/4 14:52:44]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Poprosim o log z FRST podla tohto navodu (vloz sem obidva logy): https://forum.viry.cz/viewtopic.php?f=13&t=152707

V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Rodina (administrator) on RODINA-ALFA (04-02-2018 16:12:35)
Running from C:\Users\Rodina\Desktop
Loaded Profiles: Rodina (Available Profiles: Rodina)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Vimicro) C:\Windows\VM305_STI.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134416 2007-01-23] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-29] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [BigDog305] => C:\Windows\VM305_STI.EXE [61440 2007-01-05] (Vimicro)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\ DisallowedCertificates: 9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7 (U)
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2014-09-30]
ShortcutTarget: Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2014-09-30]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{7BC9349B-20CD-4B80-AFB8-380D54034FFD}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=16194
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {425601D9-A272-4F29-8F7B-E92D232F7794} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {4A0D7262-8A4F-4E81-B8B5-3E7380D66778} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {677820B0-66A2-4D81-AB7A-2D46D631E302} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {68D0EC60-9074-4474-BD93-13BB40CEAA31} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {7146839C-31EB-44EB-BE30-B114A4188A50} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {C28F77C9-FFA9-4A09-AED0-F45DB0E3D83C} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {EA739903-DB5C-4808-9EDA-01B8A98D51BC} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {EFA536D3-FB83-41FA-9C38-5E1FCF44A862} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_16194
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-12-10] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-30] (Oracle Corporation)
BHO-x32: No Name -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-12-10] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-30] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2014-09-30] (Logitech Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default [2018-02-04]
FF Homepage: Mozilla\Firefox\Profiles\esdd1qti.default -> hxxps://www.seznam.cz/?clid=22668
FF NewTab: Mozilla\Firefox\Profiles\esdd1qti.default -> about:newtab
FF Extension: (Avast SafePrice) - C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default\Extensions\sp@avast.com.xpi [2017-12-06]
FF Extension: (Avast Online Security) - C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default\Extensions\wrc@avast.com.xpi [2017-11-01]
FF Extension: (Adblock Plus) - C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF SearchPlugin: C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default\searchplugins\seznam-avast.xml [2016-10-20]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-11] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-11] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4125149103-1521511784-2178673614-1000: @kb-ext.cz/PKIComponent -> C:\Users\Rodina\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2013-08-19] (Komerční banka, a.s.)
FF Plugin HKU\S-1-5-21-4125149103-1521511784-2178673614-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rodina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\18124305.js [2018-02-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\18124305.cfg [2018-02-02] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-08-03] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.mojebanka.cz/InternetBanking/?L=CS"
CHR Profile: C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default [2018-02-04]
CHR Extension: (Prezentace) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-18]
CHR Extension: (Dokumenty) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-26]
CHR Extension: (Disk Google) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]
CHR Extension: (Seznam pro Chrome - Email) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-01-26]
CHR Extension: (Seznam pro Chrome - Esko-) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-01-26]
CHR Extension: (YouTube) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Vyhledávání Google) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-23]
CHR Extension: (Avast SafePrice) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-01-08]
CHR Extension: (Tabulky) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-27]
CHR Extension: (Seznam pro Chrome - Esko) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-01-26]
CHR Extension: (Gmail) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR Extension: (Chrome Media Router) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-29] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-29] (AVAST Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [497920 2013-02-22] (TuneUp Software GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-29] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-29] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-29] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-29] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-29] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-29] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-29] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-29] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-29] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-29] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-19] (Disc Soft Ltd)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 vvftav; C:\Windows\System32\drivers\vvftav.sys [300800 2007-02-02] (Vimicro Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2012-11-07] ()
S3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [1541120 2007-03-08] (Vimicro Corporation)
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-04 16:12 - 2018-02-04 16:13 - 000021236 _____ C:\Users\Rodina\Desktop\FRST.txt
2018-02-04 16:12 - 2018-02-04 16:12 - 000000000 ____D C:\FRST
2018-02-04 16:10 - 2018-02-04 16:10 - 002393088 _____ (Farbar) C:\Users\Rodina\Desktop\FRST64.exe
2018-02-04 15:55 - 2018-02-04 15:55 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-04 15:50 - 2018-02-04 15:53 - 000000000 ____D C:\AdwCleaner
2018-02-04 15:49 - 2018-02-04 15:49 - 008206624 _____ (Malwarebytes) C:\Users\Rodina\Desktop\adwcleaner_7.0.7.0.exe
2018-02-04 14:07 - 2018-02-04 14:07 - 000000831 _____ C:\DelFix.txt
2018-02-04 12:32 - 2018-02-04 12:32 - 000000000 ____D C:\Users\Rodina\AppData\Local\AVAST Software
2018-01-26 17:27 - 2018-01-26 17:27 - 000000000 ____D C:\Users\Rodina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-04 16:12 - 2016-11-18 12:47 - 000000000 ____D C:\Users\Rodina\AppData\LocalLow\Mozilla
2018-02-04 16:01 - 2009-07-14 05:45 - 000051792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-04 16:01 - 2009-07-14 05:45 - 000051792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-04 16:00 - 2013-02-22 23:00 - 000000500 _____ C:\Windows\Tasks\1-Click Maintenance.job
2018-02-04 15:54 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-04 15:53 - 2017-04-21 08:10 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-02-04 15:53 - 2013-04-28 13:34 - 000000000 ____D C:\Users\Rodina\AppData\Roaming\CheckPoint
2018-02-04 13:47 - 2013-04-26 14:07 - 000000000 ____D C:\Program Files\trend micro
2018-02-04 13:37 - 2009-07-14 05:45 - 000418408 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-04 13:37 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-04 13:35 - 2013-02-27 23:23 - 000000000 ____D C:\Oblivione
2018-02-04 13:33 - 2014-12-10 23:30 - 000000000 ____D C:\Users\Rodina\Desktop\Project
2018-02-04 13:21 - 2013-02-22 16:00 - 000110224 _____ C:\Users\Rodina\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-04 13:19 - 2013-02-25 01:13 - 000000000 ____D C:\Users\Rodina\Documents\My Games
2018-02-04 12:56 - 2016-09-06 16:12 - 000000000 ____D C:\Users\Rodina\AppData\Local\Jagex
2018-02-04 12:55 - 2013-02-27 02:00 - 000000000 ____D C:\Program Files (x86)\DsNET Corp
2018-02-04 12:53 - 2014-03-09 11:02 - 000000000 ____D C:\Users\Rodina\Downloads\Reloaded
2018-02-03 16:16 - 2013-02-22 23:24 - 000000000 ____D C:\Users\Rodina\AppData\Roaming\DAEMON Tools Lite
2018-02-03 02:29 - 2017-12-10 15:56 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-02-03 02:29 - 2017-06-27 04:51 - 000003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458739073
2018-02-03 02:29 - 2017-06-17 22:51 - 000000000 ____D C:\Program Files (x86)\Battle for Wesnoth 1.12.6
2018-02-03 02:29 - 2016-04-24 16:57 - 000003080 _____ C:\Windows\System32\Tasks\{9652A645-F8F5-474A-B577-98194762A502}
2018-02-03 02:29 - 2016-04-16 15:10 - 000003080 _____ C:\Windows\System32\Tasks\{CBFCB417-EF30-44B0-9800-9B703D5D3A5C}
2018-02-03 02:29 - 2016-02-19 21:33 - 000003082 _____ C:\Windows\System32\Tasks\{6B4A1900-A739-4604-A0B4-16E1950FBD77}
2018-02-03 02:29 - 2015-10-16 09:12 - 000003082 _____ C:\Windows\System32\Tasks\{867C90EF-DF71-45DA-95E4-F3564D41E4F4}
2018-02-03 02:29 - 2015-05-06 16:17 - 000002996 _____ C:\Windows\System32\Tasks\{AE038F15-E611-49A2-914D-1CFF3C388222}
2018-02-03 02:29 - 2015-05-06 16:16 - 000003256 _____ C:\Windows\System32\Tasks\{CA81B40D-5C12-47BA-AD8C-FAFEA3A30C73}
2018-02-03 02:29 - 2015-05-06 15:58 - 000003180 _____ C:\Windows\System32\Tasks\{DFDBD586-21BA-4772-95E4-1F6B943A5889}
2018-02-03 02:29 - 2015-03-18 21:54 - 000003078 _____ C:\Windows\System32\Tasks\{D6D000CE-CF9A-45D1-8A86-DFAD9B56DC6C}
2018-02-03 02:29 - 2015-03-18 16:34 - 000003078 _____ C:\Windows\System32\Tasks\{7A84D0C2-89DA-4130-B291-2F114A2D4EBE}
2018-02-03 02:29 - 2015-02-14 13:03 - 000002902 _____ C:\Windows\System32\Tasks\{D325217C-D133-4225-A0F2-7F69AFFAFB0A}
2018-02-03 02:29 - 2015-02-14 13:03 - 000002902 _____ C:\Windows\System32\Tasks\{A4135ACA-4BCA-4143-A94A-356F3D97BA4C}
2018-02-03 02:29 - 2014-12-17 13:58 - 000003176 _____ C:\Windows\System32\Tasks\{EC9C2D46-F574-44C8-AD27-B2E3B536FE17}
2018-02-03 02:29 - 2014-07-29 21:45 - 000003398 _____ C:\Windows\System32\Tasks\{A7723CAE-5150-4874-ADD8-B21C09FEB316}
2018-02-03 02:29 - 2014-07-21 00:15 - 000003182 _____ C:\Windows\System32\Tasks\{1E1272A6-E49C-460A-9576-F7F478AAC5A5}
2018-02-03 02:29 - 2014-07-20 23:03 - 000003170 _____ C:\Windows\System32\Tasks\{E97ACBE5-ED7E-463B-AF0B-DEF5879876D4}
2018-02-03 02:29 - 2014-07-20 22:58 - 000003168 _____ C:\Windows\System32\Tasks\{1DD0D418-14C4-4491-87D6-214363488185}
2018-02-03 02:29 - 2014-07-20 22:54 - 000003150 _____ C:\Windows\System32\Tasks\{C9C7B615-BFC9-49A3-B3F3-074E786ACF3B}
2018-02-03 02:29 - 2013-10-15 15:14 - 000003044 _____ C:\Windows\System32\Tasks\{C6AB412B-2D04-45A0-ACCD-8592780FF154}
2018-02-03 02:29 - 2013-10-15 15:13 - 000003044 _____ C:\Windows\System32\Tasks\{097C44D7-0C9C-4596-A4D2-8D8EAA0B44FB}
2018-02-03 02:29 - 2013-07-13 17:03 - 000003138 _____ C:\Windows\System32\Tasks\{1B224B9B-3671-4725-BE39-DAB60317AA61}
2018-02-03 02:29 - 2013-07-13 16:31 - 000002902 _____ C:\Windows\System32\Tasks\{5E77FD14-B69F-49A8-9B5B-C2BCE1BF4490}
2018-02-03 02:29 - 2013-07-13 16:31 - 000002902 _____ C:\Windows\System32\Tasks\{445551DE-A5AC-4999-91F0-B21D4CB468DE}
2018-02-03 02:29 - 2013-07-13 16:30 - 000002902 _____ C:\Windows\System32\Tasks\{BC1159A4-5EFF-451B-9890-8DA21F8D534A}
2018-02-03 02:29 - 2013-07-13 16:30 - 000002902 _____ C:\Windows\System32\Tasks\{29CC9A38-BC47-4824-8722-4568B1308AD5}
2018-02-03 02:29 - 2013-07-13 16:16 - 000003040 _____ C:\Windows\System32\Tasks\{589DD857-6191-4977-8262-6C903A41EFA6}
2018-02-03 02:29 - 2013-05-08 11:32 - 000003186 _____ C:\Windows\System32\Tasks\{64BF5446-6532-424E-A543-C179979FB228}
2018-02-03 02:29 - 2013-04-26 13:37 - 000003250 _____ C:\Windows\System32\Tasks\{53DDC89C-8B98-4601-A5EB-E31B18B2255E}
2018-02-03 02:29 - 2013-02-26 12:17 - 000002902 _____ C:\Windows\System32\Tasks\{FA6069B3-E37B-4D30-B4D9-3EB2A9DE5FBD}
2018-02-03 02:29 - 2013-02-26 12:17 - 000002902 _____ C:\Windows\System32\Tasks\{28290B50-6288-4955-A9CC-AFF8CFBD734D}
2018-02-03 02:29 - 2013-02-24 20:53 - 000003162 _____ C:\Windows\System32\Tasks\{6B7ACBBC-0A80-4717-89F1-739AC94AD795}
2018-02-03 02:29 - 2013-02-24 14:35 - 000002966 _____ C:\Windows\System32\Tasks\{6C4A1BF5-136A-4CD1-A389-273A9E724E83}
2018-02-03 02:29 - 2013-02-24 14:22 - 000002968 _____ C:\Windows\System32\Tasks\{8738BFF0-79A8-47B6-8EE3-29F7C3FF5F44}
2018-02-03 02:29 - 2013-02-22 23:20 - 000002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-02-03 02:29 - 2013-02-22 23:00 - 000004146 _____ C:\Windows\System32\Tasks\1-Click Maintenance
2018-02-03 02:29 - 2013-02-22 21:05 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-03 02:29 - 2013-02-22 16:23 - 000003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-03 02:29 - 2013-02-22 16:23 - 000003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-02 15:03 - 2016-11-18 10:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-31 18:24 - 2014-04-06 14:47 - 000000000 ____D C:\Program Files\Diablo II
2018-01-31 18:20 - 2013-10-15 15:15 - 000000000 ____D C:\Program Files\Diablo
2018-01-31 08:57 - 2013-02-22 16:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-30 13:00 - 2013-10-16 14:33 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-01-30 13:00 - 2013-10-16 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-30 13:00 - 2013-07-22 15:35 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-30 12:59 - 2013-02-22 16:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2018-01-30 12:57 - 2013-02-24 20:49 - 000000000 ____D C:\Program Files (x86)\IrfanView
2018-01-26 22:41 - 2013-02-22 16:06 - 000000000 ____D C:\Users\Rodina\AppData\Roaming\Skype
2018-01-26 17:27 - 2016-12-16 22:58 - 000000000 ____D C:\Users\Rodina\AppData\Roaming\discord
2018-01-26 17:26 - 2016-12-16 22:57 - 000000000 ____D C:\Users\Rodina\AppData\Local\Discord
2018-01-18 18:47 - 2014-06-24 07:14 - 004910592 ___SH C:\Users\Rodina\Desktop\Thumbs.db
2018-01-15 11:35 - 2011-04-12 09:34 - 000672136 _____ C:\Windows\system32\perfh005.dat
2018-01-15 11:35 - 2011-04-12 09:34 - 000142732 _____ C:\Windows\system32\perfc005.dat
2018-01-15 11:35 - 2009-07-14 06:13 - 001593214 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-10 19:45 - 2013-04-27 21:33 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-10 19:45 - 2013-04-27 21:33 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-09 20:21 - 2013-02-22 21:05 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 20:21 - 2013-02-22 21:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 20:21 - 2013-02-22 21:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-09 20:21 - 2013-02-22 21:05 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-09 06:21 - 2013-02-22 16:23 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-07 13:36 - 2009-07-14 06:08 - 000032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-03-09 14:44 - 2014-03-09 14:44 - 000000600 _____ () C:\Users\Rodina\AppData\Roaming\winscp.rnd
2013-03-21 23:03 - 2014-09-24 21:30 - 000180224 _____ () C:\Users\Rodina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-27 23:23 - 2013-04-27 23:23 - 000000017 _____ () C:\Users\Rodina\AppData\Local\resmon.resmoncfg
2014-07-20 23:07 - 2017-07-12 10:56 - 000000022 ____H () C:\Users\Rodina\AppData\Local\xftredahs.dat
2016-12-20 14:08 - 2016-12-20 14:08 - 000000000 _____ () C:\Users\Rodina\AppData\Local\{4E9652A0-5F89-4BDB-8A82-F7BCC8F85225}
2015-07-19 19:59 - 2015-07-19 20:00 - 000000000 _____ () C:\Users\Rodina\AppData\Local\{EAA1BBAF-2256-4D79-AB0C-9FB90CF55A91}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-28 15:16

==================== End of FRST.txt ============================

V PC su 2 antivirusy (Avast a ZoneAlarm), jeden z nich odinstaluj (odporucam nechat Avast a odinstalovat ZoneAlarm). Napis, ktory si odinstaloval.

V PC su este zvysky po Kaspersky AV, ten si odinstaloval?

Doinstaluj vsetky dolezite aktualizacie cez Windows Update (vratane IE11).

Potom vloz novy log z FRST.

Odinstaloval jsem ZoneAlarm.
A Kaspersky AV ani nevím, že jsem kdy instaloval.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Rodina (administrator) on RODINA-ALFA (04-02-2018 20:43:19)
Running from C:\Users\Rodina\Desktop
Loaded Profiles: Rodina (Available Profiles: Rodina)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Vimicro) C:\Windows\VM305_STI.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134416 2007-01-23] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2017-12-29] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [BigDog305] => C:\Windows\VM305_STI.EXE [61440 2007-01-05] (Vimicro)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\ DisallowedCertificates: 9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7 (U)
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2014-09-30]
ShortcutTarget: Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2014-09-30]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{7BC9349B-20CD-4B80-AFB8-380D54034FFD}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=16194
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {425601D9-A272-4F29-8F7B-E92D232F7794} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {4A0D7262-8A4F-4E81-B8B5-3E7380D66778} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {677820B0-66A2-4D81-AB7A-2D46D631E302} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {68D0EC60-9074-4474-BD93-13BB40CEAA31} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {7146839C-31EB-44EB-BE30-B114A4188A50} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {C28F77C9-FFA9-4A09-AED0-F45DB0E3D83C} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {EA739903-DB5C-4808-9EDA-01B8A98D51BC} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> {EFA536D3-FB83-41FA-9C38-5E1FCF44A862} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_16194
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-12-10] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-30] (Oracle Corporation)
BHO-x32: No Name -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-12-10] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-30] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2014-09-30] (Logitech Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default [2018-02-04]
FF Homepage: Mozilla\Firefox\Profiles\esdd1qti.default -> hxxps://www.seznam.cz/?clid=22668
FF NewTab: Mozilla\Firefox\Profiles\esdd1qti.default -> about:newtab
FF Extension: (Avast SafePrice) - C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default\Extensions\sp@avast.com.xpi [2017-12-06]
FF Extension: (Avast Online Security) - C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default\Extensions\wrc@avast.com.xpi [2017-11-01]
FF Extension: (Adblock Plus) - C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF SearchPlugin: C:\Users\Rodina\AppData\Roaming\Mozilla\Firefox\Profiles\esdd1qti.default\searchplugins\seznam-avast.xml [2016-10-20]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-11] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-10-11] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4125149103-1521511784-2178673614-1000: @kb-ext.cz/PKIComponent -> C:\Users\Rodina\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2013-08-19] (Komerční banka, a.s.)
FF Plugin HKU\S-1-5-21-4125149103-1521511784-2178673614-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rodina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\18124305.js [2018-02-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\18124305.cfg [2018-02-02] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-08-03] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.mojebanka.cz/InternetBanking/?L=CS"
CHR Profile: C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default [2018-02-04]
CHR Extension: (Prezentace) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-18]
CHR Extension: (Dokumenty) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-26]
CHR Extension: (Disk Google) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02]
CHR Extension: (Seznam pro Chrome - Email) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-01-26]
CHR Extension: (Seznam pro Chrome - Esko-) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-01-26]
CHR Extension: (YouTube) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Vyhledávání Google) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-23]
CHR Extension: (Avast SafePrice) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-01-08]
CHR Extension: (Tabulky) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-27]
CHR Extension: (Seznam pro Chrome - Esko) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-01-26]
CHR Extension: (Gmail) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR Extension: (Chrome Media Router) - C:\Users\Rodina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2017-12-29] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2017-12-29] (AVAST Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [497920 2013-02-22] (TuneUp Software GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185096 2017-12-29] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321512 2017-12-29] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199448 2017-12-29] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343768 2017-12-29] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57696 2017-12-29] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [149344 2017-12-29] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2017-12-29] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [146648 2018-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110336 2017-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84384 2017-12-29] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1025176 2017-12-29] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [457896 2018-01-10] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [204456 2017-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [358672 2017-12-29] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-19] (Disc Soft Ltd)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
S3 vvftav; C:\Windows\System32\drivers\vvftav.sys [300800 2007-02-02] (Vimicro Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2012-11-07] ()
S3 ZSMC0305; C:\Windows\System32\Drivers\usbVM305.sys [1541120 2007-03-08] (Vimicro Corporation)
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-04 20:43 - 2018-02-04 20:43 - 000019789 _____ C:\Users\Rodina\Desktop\FRST.txt
2018-02-04 20:35 - 2018-02-04 20:35 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-04 20:32 - 2013-10-14 18:00 - 000028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2018-02-04 20:29 - 2018-02-04 20:29 - 024917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 019607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 014404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 012829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 006026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 004305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 002885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-02-04 20:29 - 2018-02-04 20:29 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-02-04 20:29 - 2018-02-04 20:29 - 002426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 002278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 002125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-02-04 20:29 - 2018-02-04 20:29 - 002052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-02-04 20:29 - 2018-02-04 20:29 - 001950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 001309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2018-02-04 20:29 - 2018-02-04 20:29 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2018-02-04 20:29 - 2018-02-04 20:29 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-02-04 20:29 - 2018-02-04 20:29 - 000389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-02-04 20:29 - 2018-02-04 20:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-02-04 20:29 - 2018-02-04 20:29 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-02-04 20:29 - 2018-02-04 20:29 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2018-02-04 20:29 - 2018-02-04 20:29 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2018-02-04 20:29 - 2018-02-04 20:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 005549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-04 20:28 - 2018-02-04 20:28 - 003969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-02-04 20:28 - 2018-02-04 20:28 - 003914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-02-04 20:28 - 2018-02-04 20:28 - 001903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-02-04 20:28 - 2018-02-04 20:28 - 001732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 001292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 000859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-02-04 20:28 - 2018-02-04 20:28 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 000231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-02-04 20:28 - 2018-02-04 20:28 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-02-04 20:28 - 2018-02-04 20:28 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-02-04 20:28 - 2018-02-04 20:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-02-04 20:12 - 2018-02-04 20:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-04 20:12 - 2018-02-04 20:12 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-04 20:12 - 2018-02-04 20:12 - 000000884 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-02-04 19:42 - 2018-02-04 19:42 - 000000000 ____D C:\Users\Rodina\AppData\LocalLow\AMD
2018-02-04 19:36 - 2018-02-04 19:36 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-02-04 19:36 - 2018-02-04 19:36 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR
2018-02-04 19:35 - 2018-02-04 19:35 - 000000000 ____D C:\Program Files (x86)\AMD
2018-02-04 19:16 - 2018-02-04 19:16 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-04 19:14 - 2018-02-04 19:14 - 000000000 ____D C:\Users\Rodina\AppData\Local\WindowsUpdate
2018-02-04 19:11 - 2014-05-14 17:23 - 002477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-02-04 19:11 - 2014-05-14 17:23 - 000700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-02-04 19:11 - 2014-05-14 17:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-02-04 19:11 - 2014-05-14 17:23 - 000058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2018-02-04 19:11 - 2014-05-14 17:23 - 000044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2018-02-04 19:11 - 2014-05-14 17:23 - 000038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2018-02-04 19:11 - 2014-05-14 17:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2018-02-04 19:11 - 2014-05-14 17:21 - 002620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2018-02-04 19:11 - 2014-05-14 17:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2018-02-04 19:11 - 2014-05-14 17:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2018-02-04 19:11 - 2014-05-14 09:23 - 000198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2018-02-04 19:11 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2018-02-04 19:11 - 2014-05-14 09:20 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2018-02-04 19:11 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2018-02-04 16:12 - 2018-02-04 20:43 - 000000000 ____D C:\FRST
2018-02-04 16:10 - 2018-02-04 16:10 - 002393088 _____ (Farbar) C:\Users\Rodina\Desktop\FRST64.exe
2018-02-04 15:50 - 2018-02-04 15:53 - 000000000 ____D C:\AdwCleaner
2018-02-04 15:49 - 2018-02-04 15:49 - 008206624 _____ (Malwarebytes) C:\Users\Rodina\Desktop\adwcleaner_7.0.7.0.exe
2018-02-04 14:07 - 2018-02-04 14:07 - 000000831 _____ C:\DelFix.txt
2018-02-04 12:32 - 2018-02-04 12:32 - 000000000 ____D C:\Users\Rodina\AppData\Local\AVAST Software
2018-02-01 01:12 - 2018-02-01 01:12 - 011770544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2018-02-01 01:12 - 2018-02-01 01:12 - 009574032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2018-02-01 01:12 - 2018-02-01 01:12 - 000173216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2018-02-01 01:12 - 2018-02-01 01:12 - 000161344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2018-02-01 01:12 - 2018-02-01 01:12 - 000143864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2018-02-01 01:12 - 2018-02-01 01:12 - 000009936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2018-02-01 01:12 - 2018-02-01 01:12 - 000009936 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 015728520 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 014318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 013242384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 012359728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 011825664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 001555488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000700296 _____ (AMD) C:\Windows\system32\atieclxx.exe
2018-02-01 01:11 - 2018-02-01 01:11 - 000536968 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2018-02-01 01:11 - 2018-02-01 01:11 - 000475016 _____ (AMD) C:\Windows\system32\atitmm64.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000472456 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2018-02-01 01:11 - 2018-02-01 01:11 - 000470920 _____ C:\Windows\system32\dgtrayicon.exe
2018-02-01 01:11 - 2018-02-01 01:11 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000449416 _____ C:\Windows\system32\GameManager64.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000405384 _____ C:\Windows\system32\atieah64.exe
2018-02-01 01:11 - 2018-02-01 01:11 - 000357256 _____ C:\Windows\SysWOW64\GameManager32.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000342920 _____ C:\Windows\system32\clinfo.exe
2018-02-01 01:11 - 2018-02-01 01:11 - 000325512 _____ C:\Windows\SysWOW64\atieah32.exe
2018-02-01 01:11 - 2018-02-01 01:11 - 000224136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000197000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000175288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000163720 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000153640 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000144776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000139656 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000120680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000115592 _____ (AMD) C:\Windows\system32\atimuixx.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000105736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000078728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2018-02-01 01:11 - 2018-02-01 01:11 - 000068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 065594248 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 041570184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2018-02-01 01:10 - 2018-02-01 01:10 - 031553416 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 025145224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 016034696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 015434120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 012924808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 002933128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 002541448 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 001462664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 001237896 _____ (AMD) C:\Windows\system32\SET9818.tmp
2018-02-01 01:10 - 2018-02-01 01:10 - 001237896 _____ (AMD) C:\Windows\system32\coinst_17.50.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 001055624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 001055624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000866184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000694152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000547208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000461192 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000436616 _____ C:\Windows\system32\amdgfxinfo64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000352136 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2018-02-01 01:10 - 2018-02-01 01:10 - 000305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2018-02-01 01:10 - 2018-02-01 01:10 - 000170888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000149896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000148360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000141704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000124296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000072072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2018-02-01 01:10 - 2018-02-01 01:10 - 000065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000036232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2018-02-01 01:10 - 2018-02-01 01:10 - 000033160 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2018-02-01 01:09 - 2018-02-01 01:09 - 051029384 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2018-02-01 01:09 - 2018-02-01 01:09 - 029519240 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2018-02-01 01:09 - 2018-02-01 01:09 - 013607304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2018-02-01 01:09 - 2018-02-01 01:09 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2018-02-01 01:09 - 2018-02-01 01:09 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2018-02-01 01:09 - 2018-02-01 01:09 - 000157064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2018-02-01 01:09 - 2018-02-01 01:09 - 000139144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2018-02-01 01:09 - 2018-02-01 01:09 - 000135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2018-02-01 01:09 - 2018-02-01 01:09 - 000117128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2018-02-01 01:08 - 2018-02-01 01:08 - 035689864 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2018-02-01 00:24 - 2018-02-01 00:24 - 000858720 _____ C:\Windows\SysWOW64\atiapfxx.blb
2018-02-01 00:24 - 2018-02-01 00:24 - 000858720 _____ C:\Windows\system32\atiapfxx.blb
2018-02-01 00:18 - 2018-02-01 00:18 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2018-02-01 00:17 - 2018-02-01 00:17 - 000204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2018-02-01 00:17 - 2018-02-01 00:17 - 000204952 _____ C:\Windows\system32\ativvsvl.dat
2018-02-01 00:17 - 2018-02-01 00:17 - 000157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2018-02-01 00:17 - 2018-02-01 00:17 - 000157144 _____ C:\Windows\system32\ativvsva.dat
2018-02-01 00:12 - 2018-02-01 00:12 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2018-01-31 19:11 - 2018-01-31 19:11 - 000155688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2018-01-31 19:11 - 2018-01-31 19:11 - 000126848 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2018-01-26 17:27 - 2018-01-26 17:27 - 000000000 ____D C:\Users\Rodina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-04 20:41 - 2016-11-18 12:47 - 000000000 ____D C:\Users\Rodina\AppData\LocalLow\Mozilla
2018-02-04 20:41 - 2011-04-12 09:34 - 000672136 _____ C:\Windows\system32\perfh005.dat
2018-02-04 20:41 - 2011-04-12 09:34 - 000142732 _____ C:\Windows\system32\perfc005.dat
2018-02-04 20:41 - 2009-07-14 06:13 - 001593214 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-04 20:41 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-04 20:40 - 2009-07-14 05:45 - 000051792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-04 20:40 - 2009-07-14 05:45 - 000051792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-04 20:36 - 2015-09-16 21:27 - 000001357 _____ C:\Users\Rodina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-02-04 20:36 - 2013-02-22 23:00 - 000000500 _____ C:\Windows\Tasks\1-Click Maintenance.job
2018-02-04 20:35 - 2012-10-10 10:11 - 000000000 ____D C:\Windows\Panther
2018-02-04 20:34 - 2017-04-21 08:10 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-02-04 20:34 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-04 20:33 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-02-04 20:12 - 2013-02-22 16:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-04 20:10 - 2016-11-18 10:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-04 20:05 - 2009-07-14 05:45 - 000418408 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-04 19:47 - 2017-04-21 08:11 - 000000000 ____D C:\Users\Rodina\AppData\Local\AMD
2018-02-04 19:36 - 2017-12-10 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-02-04 19:27 - 2017-04-21 08:09 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-04 19:26 - 2013-02-22 15:58 - 000000000 ____D C:\Users\Rodina
2018-02-04 19:25 - 2017-12-10 15:48 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-02-04 19:23 - 2012-10-10 10:09 - 000000000 ____D C:\AMD
2018-02-04 19:19 - 2016-09-08 18:28 - 000000000 ____D C:\Program Files (x86)\Arunderan
2018-02-04 19:18 - 2013-02-22 16:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2018-02-04 15:53 - 2013-04-28 13:34 - 000000000 ____D C:\Users\Rodina\AppData\Roaming\CheckPoint
2018-02-04 13:47 - 2013-04-26 14:07 - 000000000 ____D C:\Program Files\trend micro
2018-02-04 13:35 - 2013-02-27 23:23 - 000000000 ____D C:\Oblivione
2018-02-04 13:33 - 2014-12-10 23:30 - 000000000 ____D C:\Users\Rodina\Desktop\Project
2018-02-04 13:21 - 2013-02-22 16:00 - 000110224 _____ C:\Users\Rodina\AppData\Local\GDIPFONTCACHEV1.DAT
2018-02-04 13:19 - 2013-02-25 01:13 - 000000000 ____D C:\Users\Rodina\Documents\My Games
2018-02-04 12:55 - 2013-02-27 02:00 - 000000000 ____D C:\Program Files (x86)\DsNET Corp
2018-02-04 12:53 - 2014-03-09 11:02 - 000000000 ____D C:\Users\Rodina\Downloads\Reloaded
2018-02-03 16:16 - 2013-02-22 23:24 - 000000000 ____D C:\Users\Rodina\AppData\Roaming\DAEMON Tools Lite
2018-02-03 02:29 - 2017-06-27 04:51 - 000003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458739073
2018-02-03 02:29 - 2017-06-17 22:51 - 000000000 ____D C:\Program Files (x86)\Battle for Wesnoth 1.12.6
2018-02-03 02:29 - 2016-04-24 16:57 - 000003080 _____ C:\Windows\System32\Tasks\{9652A645-F8F5-474A-B577-98194762A502}
2018-02-03 02:29 - 2016-04-16 15:10 - 000003080 _____ C:\Windows\System32\Tasks\{CBFCB417-EF30-44B0-9800-9B703D5D3A5C}
2018-02-03 02:29 - 2016-02-19 21:33 - 000003082 _____ C:\Windows\System32\Tasks\{6B4A1900-A739-4604-A0B4-16E1950FBD77}
2018-02-03 02:29 - 2015-10-16 09:12 - 000003082 _____ C:\Windows\System32\Tasks\{867C90EF-DF71-45DA-95E4-F3564D41E4F4}
2018-02-03 02:29 - 2015-05-06 16:17 - 000002996 _____ C:\Windows\System32\Tasks\{AE038F15-E611-49A2-914D-1CFF3C388222}
2018-02-03 02:29 - 2015-05-06 16:16 - 000003256 _____ C:\Windows\System32\Tasks\{CA81B40D-5C12-47BA-AD8C-FAFEA3A30C73}
2018-02-03 02:29 - 2015-05-06 15:58 - 000003180 _____ C:\Windows\System32\Tasks\{DFDBD586-21BA-4772-95E4-1F6B943A5889}
2018-02-03 02:29 - 2015-03-18 21:54 - 000003078 _____ C:\Windows\System32\Tasks\{D6D000CE-CF9A-45D1-8A86-DFAD9B56DC6C}
2018-02-03 02:29 - 2015-03-18 16:34 - 000003078 _____ C:\Windows\System32\Tasks\{7A84D0C2-89DA-4130-B291-2F114A2D4EBE}
2018-02-03 02:29 - 2015-02-14 13:03 - 000002902 _____ C:\Windows\System32\Tasks\{D325217C-D133-4225-A0F2-7F69AFFAFB0A}
2018-02-03 02:29 - 2015-02-14 13:03 - 000002902 _____ C:\Windows\System32\Tasks\{A4135ACA-4BCA-4143-A94A-356F3D97BA4C}
2018-02-03 02:29 - 2014-12-17 13:58 - 000003176 _____ C:\Windows\System32\Tasks\{EC9C2D46-F574-44C8-AD27-B2E3B536FE17}
2018-02-03 02:29 - 2014-07-29 21:45 - 000003398 _____ C:\Windows\System32\Tasks\{A7723CAE-5150-4874-ADD8-B21C09FEB316}
2018-02-03 02:29 - 2014-07-21 00:15 - 000003182 _____ C:\Windows\System32\Tasks\{1E1272A6-E49C-460A-9576-F7F478AAC5A5}
2018-02-03 02:29 - 2014-07-20 23:03 - 000003170 _____ C:\Windows\System32\Tasks\{E97ACBE5-ED7E-463B-AF0B-DEF5879876D4}
2018-02-03 02:29 - 2014-07-20 22:58 - 000003168 _____ C:\Windows\System32\Tasks\{1DD0D418-14C4-4491-87D6-214363488185}
2018-02-03 02:29 - 2014-07-20 22:54 - 000003150 _____ C:\Windows\System32\Tasks\{C9C7B615-BFC9-49A3-B3F3-074E786ACF3B}
2018-02-03 02:29 - 2013-10-15 15:14 - 000003044 _____ C:\Windows\System32\Tasks\{C6AB412B-2D04-45A0-ACCD-8592780FF154}
2018-02-03 02:29 - 2013-10-15 15:13 - 000003044 _____ C:\Windows\System32\Tasks\{097C44D7-0C9C-4596-A4D2-8D8EAA0B44FB}
2018-02-03 02:29 - 2013-07-13 17:03 - 000003138 _____ C:\Windows\System32\Tasks\{1B224B9B-3671-4725-BE39-DAB60317AA61}
2018-02-03 02:29 - 2013-07-13 16:31 - 000002902 _____ C:\Windows\System32\Tasks\{5E77FD14-B69F-49A8-9B5B-C2BCE1BF4490}
2018-02-03 02:29 - 2013-07-13 16:31 - 000002902 _____ C:\Windows\System32\Tasks\{445551DE-A5AC-4999-91F0-B21D4CB468DE}
2018-02-03 02:29 - 2013-07-13 16:30 - 000002902 _____ C:\Windows\System32\Tasks\{BC1159A4-5EFF-451B-9890-8DA21F8D534A}
2018-02-03 02:29 - 2013-07-13 16:30 - 000002902 _____ C:\Windows\System32\Tasks\{29CC9A38-BC47-4824-8722-4568B1308AD5}
2018-02-03 02:29 - 2013-07-13 16:16 - 000003040 _____ C:\Windows\System32\Tasks\{589DD857-6191-4977-8262-6C903A41EFA6}
2018-02-03 02:29 - 2013-05-08 11:32 - 000003186 _____ C:\Windows\System32\Tasks\{64BF5446-6532-424E-A543-C179979FB228}
2018-02-03 02:29 - 2013-04-26 13:37 - 000003250 _____ C:\Windows\System32\Tasks\{53DDC89C-8B98-4601-A5EB-E31B18B2255E}
2018-02-03 02:29 - 2013-02-26 12:17 - 000002902 _____ C:\Windows\System32\Tasks\{FA6069B3-E37B-4D30-B4D9-3EB2A9DE5FBD}
2018-02-03 02:29 - 2013-02-26 12:17 - 000002902 _____ C:\Windows\System32\Tasks\{28290B50-6288-4955-A9CC-AFF8CFBD734D}
2018-02-03 02:29 - 2013-02-24 20:53 - 000003162 _____ C:\Windows\System32\Tasks\{6B7ACBBC-0A80-4717-89F1-739AC94AD795}
2018-02-03 02:29 - 2013-02-24 14:35 - 000002966 _____ C:\Windows\System32\Tasks\{6C4A1BF5-136A-4CD1-A389-273A9E724E83}
2018-02-03 02:29 - 2013-02-24 14:22 - 000002968 _____ C:\Windows\System32\Tasks\{8738BFF0-79A8-47B6-8EE3-29F7C3FF5F44}
2018-02-03 02:29 - 2013-02-22 23:20 - 000002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-02-03 02:29 - 2013-02-22 23:00 - 000004146 _____ C:\Windows\System32\Tasks\1-Click Maintenance
2018-02-03 02:29 - 2013-02-22 21:05 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-03 02:29 - 2013-02-22 16:23 - 000003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-03 02:29 - 2013-02-22 16:23 - 000003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-01 01:12 - 2012-07-28 02:13 - 000196400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SET79A3.tmp
2018-02-01 01:12 - 2012-07-28 02:13 - 000196400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2018-02-01 01:11 - 2012-09-28 02:22 - 016040912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SET3C16.tmp
2018-02-01 01:11 - 2012-09-28 02:22 - 016040912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2018-02-01 01:11 - 2012-07-28 03:13 - 001961272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\SET7AC0.tmp
2018-02-01 01:11 - 2012-07-28 03:13 - 001961272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2018-01-31 18:24 - 2014-04-06 14:47 - 000000000 ____D C:\Program Files\Diablo II
2018-01-31 18:20 - 2013-10-15 15:15 - 000000000 ____D C:\Program Files\Diablo
2018-01-30 13:00 - 2013-10-16 14:33 - 000097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-01-30 13:00 - 2013-10-16 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-30 13:00 - 2013-07-22 15:35 - 000000000 ____D C:\Program Files (x86)\Java
2018-01-30 12:57 - 2013-02-24 20:49 - 000000000 ____D C:\Program Files (x86)\IrfanView
2018-01-26 22:41 - 2013-02-22 16:06 - 000000000 ____D C:\Users\Rodina\AppData\Roaming\Skype
2018-01-26 17:27 - 2016-12-16 22:58 - 000000000 ____D C:\Users\Rodina\AppData\Roaming\discord
2018-01-26 17:26 - 2016-12-16 22:57 - 000000000 ____D C:\Users\Rodina\AppData\Local\Discord
2018-01-18 18:47 - 2014-06-24 07:14 - 004910592 ___SH C:\Users\Rodina\Desktop\Thumbs.db
2018-01-10 19:45 - 2013-04-27 21:33 - 000457896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-01-10 19:45 - 2013-04-27 21:33 - 000146648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-01-09 20:21 - 2013-02-22 21:05 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 20:21 - 2013-02-22 21:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 20:21 - 2013-02-22 21:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-09 20:21 - 2013-02-22 21:05 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-09 06:21 - 2013-02-22 16:23 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-07 13:36 - 2009-07-14 06:08 - 000032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-03-09 14:44 - 2014-03-09 14:44 - 000000600 _____ () C:\Users\Rodina\AppData\Roaming\winscp.rnd
2013-03-21 23:03 - 2014-09-24 21:30 - 000180224 _____ () C:\Users\Rodina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-27 23:23 - 2013-04-27 23:23 - 000000017 _____ () C:\Users\Rodina\AppData\Local\resmon.resmoncfg
2014-07-20 23:07 - 2017-07-12 10:56 - 000000022 ____H () C:\Users\Rodina\AppData\Local\xftredahs.dat
2016-12-20 14:08 - 2016-12-20 14:08 - 000000000 _____ () C:\Users\Rodina\AppData\Local\{4E9652A0-5F89-4BDB-8A82-F7BCC8F85225}
2015-07-19 19:59 - 2015-07-19 20:00 - 000000000 _____ () C:\Users\Rodina\AppData\Local\{EAA1BBAF-2256-4D79-AB0C-9FB90CF55A91}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-28 15:16

==================== End of FRST.txt ============================

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\ DisallowedCertificates: 9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7 (U)
  HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
  CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
  CHR HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
  
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
  HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
  HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
  HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=16194
  SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
  BHO-x32: No Name -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
  Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
  Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
  Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
  Toolbar: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
  
  FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
  FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
  FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\18124305.js [2018-02-02] <==== ATTENTION (Points to *.cfg file)
  FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\18124305.cfg [2018-02-02] <==== ATTENTION
  FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-08-03] <==== ATTENTION
  
  CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
  
  U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
  U1 aswbdisk; no ImagePath
  S3 catchme; \??\C:\ComboFix\catchme.sys [X]
  S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
  S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
  S3 MSICDSetup; \??\D:\CDriver64.sys [X]
  S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
  S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
  
  2016-12-20 14:08 - 2016-12-20 14:08 - 000000000 _____ () C:\Users\Rodina\AppData\Local\{4E9652A0-5F89-4BDB-8A82-F7BCC8F85225}
  2015-07-19 19:59 - 2015-07-19 20:00 - 000000000 _____ () C:\Users\Rodina\AppData\Local\{EAA1BBAF-2256-4D79-AB0C-9FB90CF55A91}
  
  ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
  Task: {0AA30FD1-3A38-4D15-8A90-6F93F322B9AA} - System32\Tasks\{1E1272A6-E49C-460A-9576-F7F478AAC5A5} => C:\Windows\system32\pcalua.exe -a C:\Users\Rodina\Downloads\DPL_ColorTemp_Effects_Installer.exe -d C:\Users\Rodina\Downloads
  Task: {265EA5A0-C646-4E1F-936C-7DCD8C4E06E1} - System32\Tasks\{1B224B9B-3671-4725-BE39-DAB60317AA61} => C:\Windows\system32\pcalua.exe -a C:\Users\Rodina\Downloads\csv11full.exe -d C:\Users\Rodina\Downloads
  Task: {297F67E4-E9A0-4BE3-8672-C1BF1439715F} - System32\Tasks\{64BF5446-6532-424E-A543-C179979FB228} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Guitar Pro 6\crack_x86.exe" -d "C:\Program Files (x86)\Guitar Pro 6"
  Task: {29F42279-D20C-4B75-AFC1-17C18A6ADAC7} - System32\Tasks\{E97ACBE5-ED7E-463B-AF0B-DEF5879876D4} => C:\Windows\system32\pcalua.exe -a C:\Users\Rodina\Downloads\DPL_TVSynch_FXs_Installer.exe -d C:\Users\Rodina\Downloads
  Task: {38FA2BB1-1DA3-49BE-B654-9CBEAEF6BE12} - System32\Tasks\{A4135ACA-4BCA-4143-A94A-356F3D97BA4C} => D:\INSTALL.EXE
  Task: {39247EE2-D232-427F-852E-85F1D274454E} - System32\Tasks\{5E77FD14-B69F-49A8-9B5B-C2BCE1BF4490} => D:\INSTALL.EXE
  Task: {615E85AA-FAC1-40BA-B539-BECD2ECB1A0F} - System32\Tasks\{8738BFF0-79A8-47B6-8EE3-29F7C3FF5F44} => C:\Users\Rodina\Desktop\Diablo 2 LOD Keygen.exe
  Task: {62622B9B-0D61-47C4-A837-38F1159B721A} - System32\Tasks\{D325217C-D133-4225-A0F2-7F69AFFAFB0A} => D:\INSTALL.EXE
  Task: {64501D5B-262E-41B9-A3BE-8B5CDE60ECC6} - System32\Tasks\{C6AB412B-2D04-45A0-ACCD-8592780FF154} => C:\Windows\system32\pcalua.exe -a E:\AUTORUN.EXE -d E:\
  Task: {99BE3225-888F-4771-A517-5FA57BACB64D} - System32\Tasks\{EC9C2D46-F574-44C8-AD27-B2E3B536FE17} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" -c /runtemp /addremove
  Task: {9B336D05-EE27-4AE4-91ED-5AB6A4AE97BA} - System32\Tasks\{29CC9A38-BC47-4824-8722-4568B1308AD5} => D:\INSTALL.EXE
  Task: {A06AC9B8-5706-4150-907C-2640D8BAAA72} - System32\Tasks\{28290B50-6288-4955-A9CC-AFF8CFBD734D} => E:\AUTORUN.EXE
  Task: {AA1DF2AE-3B9B-4152-A1A3-8E512CBB5B22} - System32\Tasks\{1DD0D418-14C4-4491-87D6-214363488185} => C:\Windows\system32\pcalua.exe -a C:\Users\Rodina\Downloads\DPL_TVNoise_FX_Installer.exe -d C:\Users\Rodina\Downloads
  Task: {B5F73A5F-965D-49D2-9D98-B198A33D5E0B} - System32\Tasks\{445551DE-A5AC-4999-91F0-B21D4CB468DE} => D:\INSTALL.EXE
  Task: {BA18885E-DDCC-40AF-90ED-132BDA31465C} - System32\Tasks\{589DD857-6191-4977-8262-6C903A41EFA6} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
  Task: {D4C0FCDB-C939-44FB-932D-A24F34B97CB0} - System32\Tasks\{CA81B40D-5C12-47BA-AD8C-FAFEA3A30C73} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Rockstar Games\Midnight Club 2\RegSetup.exe" -d "C:\Program Files (x86)\Rockstar Games\Midnight Club 2"
  Task: {E2B15724-3BF1-439D-A59C-7B54E8C935FA} - System32\Tasks\{6C4A1BF5-136A-4CD1-A389-273A9E724E83} => C:\Program Files (x86)\Diablo II\Diablo II.exe
  Task: {E2CE2DD6-A6CE-41E6-AFCF-68F1DDA90463} - System32\Tasks\{BC1159A4-5EFF-451B-9890-8DA21F8D534A} => D:\INSTALL.EXE
  Task: {E2E9D752-8A01-475D-9610-EC1ACCDD796B} - System32\Tasks\{6B7ACBBC-0A80-4717-89F1-739AC94AD795} => C:\Windows\system32\pcalua.exe -a C:\Users\Rodina\Downloads\cestina_pro_irfanview.exe -d C:\Users\Rodina\Downloads
  Task: {EC1009AE-7FCF-46AA-92BA-D974C3CF8502} - System32\Tasks\{FA6069B3-E37B-4D30-B4D9-3EB2A9DE5FBD} => E:\AUTORUN.EXE
  Task: {EF6F220B-595D-4C31-838D-403560F67146} - System32\Tasks\{097C44D7-0C9C-4596-A4D2-8D8EAA0B44FB} => C:\Windows\system32\pcalua.exe -a E:\INSTALL.EXE -d E:\
  AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [119]
  IE trusted site: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
  IE trusted site: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\...\mojeplatba.cz -> hxxps://www.mojeplatba.cz
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Rodina (04-02-2018 21:30:28) Run:1
Running from C:\Users\Rodina\Desktop
Loaded Profiles: Rodina (Available Profiles: Rodina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\ DisallowedCertificates: 9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7 (U)
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=16194
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
BHO-x32: No Name -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000 -> ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\18124305.js [2018-02-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\18124305.cfg [2018-02-02] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-08-03] <==== ATTENTION

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U1 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

2016-12-20 14:08 - 2016-12-20 14:08 - 000000000 _____ () C:\Users\Rodina\AppData\Local\{4E9652A0-5F89-4BDB-8A82-F7BCC8F85225}
2015-07-19 19:59 - 2015-07-19 20:00 - 000000000 _____ () C:\Users\Rodina\AppData\Local\{EAA1BBAF-2256-4D79-AB0C-9FB90CF55A91}

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
Task: {0AA30FD1-3A38-4D15-8A90-6F93F322B9AA} - System32\Tasks\{1E1272A6-E49C-460A-9576-F7F478AAC5A5} => C:\Windows\system32\pcalua.exe -a C:\Users\Rodina\Downloads\DPL_ColorTemp_Effects_Installer.exe -d C:\Users\Rodina\Downloads
Task: {265EA5A0-C646-4E1F-936C-7DCD8C4E06E1} - System32\Tasks\{1B224B9B-3671-4725-BE39-DAB60317AA61} => C:\Windows\system32\pcalua.exe -a C:\Users\Rodina\Downloads\csv11full.exe -d C:\Users\Rodina\Downloads
Task: {297F67E4-E9A0-4BE3-8672-C1BF1439715F} - System32\Tasks\{64BF5446-6532-424E-A543-C179979FB228} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Guitar Pro 6\crack_x86.exe" -d "C:\Program Files (x86)\Guitar Pro 6"
Task: {29F42279-D20C-4B75-AFC1-17C18A6ADAC7} - System32\Tasks\{E97ACBE5-ED7E-463B-AF0B-DEF5879876D4} => C:\Windows\system32\pcalua.exe -a C:\Users\Rodina\Downloads\DPL_TVSynch_FXs_Installer.exe -d C:\Users\Rodina\Downloads
Task: {38FA2BB1-1DA3-49BE-B654-9CBEAEF6BE12} - System32\Tasks\{A4135ACA-4BCA-4143-A94A-356F3D97BA4C} => D:\INSTALL.EXE
Task: {39247EE2-D232-427F-852E-85F1D274454E} - System32\Tasks\{5E77FD14-B69F-49A8-9B5B-C2BCE1BF4490} => D:\INSTALL.EXE
Task: {615E85AA-FAC1-40BA-B539-BECD2ECB1A0F} - System32\Tasks\{8738BFF0-79A8-47B6-8EE3-29F7C3FF5F44} => C:\Users\Rodina\Desktop\Diablo 2 LOD Keygen.exe
Task: {62622B9B-0D61-47C4-A837-38F1159B721A} - System32\Tasks\{D325217C-D133-4225-A0F2-7F69AFFAFB0A} => D:\INSTALL.EXE
Task: {64501D5B-262E-41B9-A3BE-8B5CDE60ECC6} - System32\Tasks\{C6AB412B-2D04-45A0-ACCD-8592780FF154} => C:\Windows\system32\pcalua.exe -a E:\AUTORUN.EXE -d E:\
Task: {99BE3225-888F-4771-A517-5FA57BACB64D} - System32\Tasks\{EC9C2D46-F574-44C8-AD27-B2E3B536FE17} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" -c /runtemp /addremove
Task: {9B336D05-EE27-4AE4-91ED-5AB6A4AE97BA} - System32\Tasks\{29CC9A38-BC47-4824-8722-4568B1308AD5} => D:\INSTALL.EXE
Task: {A06AC9B8-5706-4150-907C-2640D8BAAA72} - System32\Tasks\{28290B50-6288-4955-A9CC-AFF8CFBD734D} => E:\AUTORUN.EXE
Task: {AA1DF2AE-3B9B-4152-A1A3-8E512CBB5B22} - System32\Tasks\{1DD0D418-14C4-4491-87D6-214363488185} => C:\Windows\system32\pcalua.exe -a C:\Users\Rodina\Downloads\DPL_TVNoise_FX_Installer.exe -d C:\Users\Rodina\Downloads
Task: {B5F73A5F-965D-49D2-9D98-B198A33D5E0B} - System32\Tasks\{445551DE-A5AC-4999-91F0-B21D4CB468DE} => D:\INSTALL.EXE
Task: {BA18885E-DDCC-40AF-90ED-132BDA31465C} - System32\Tasks\{589DD857-6191-4977-8262-6C903A41EFA6} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {D4C0FCDB-C939-44FB-932D-A24F34B97CB0} - System32\Tasks\{CA81B40D-5C12-47BA-AD8C-FAFEA3A30C73} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Rockstar Games\Midnight Club 2\RegSetup.exe" -d "C:\Program Files (x86)\Rockstar Games\Midnight Club 2"
Task: {E2B15724-3BF1-439D-A59C-7B54E8C935FA} - System32\Tasks\{6C4A1BF5-136A-4CD1-A389-273A9E724E83} => C:\Program Files (x86)\Diablo II\Diablo II.exe
Task: {E2CE2DD6-A6CE-41E6-AFCF-68F1DDA90463} - System32\Tasks\{BC1159A4-5EFF-451B-9890-8DA21F8D534A} => D:\INSTALL.EXE
Task: {E2E9D752-8A01-475D-9610-EC1ACCDD796B} - System32\Tasks\{6B7ACBBC-0A80-4717-89F1-739AC94AD795} => C:\Windows\system32\pcalua.exe -a C:\Users\Rodina\Downloads\cestina_pro_irfanview.exe -d C:\Users\Rodina\Downloads
Task: {EC1009AE-7FCF-46AA-92BA-D974C3CF8502} - System32\Tasks\{FA6069B3-E37B-4D30-B4D9-3EB2A9DE5FBD} => E:\AUTORUN.EXE
Task: {EF6F220B-595D-4C31-838D-403560F67146} - System32\Tasks\{097C44D7-0C9C-4596-A4D2-8D8EAA0B44FB} => C:\Windows\system32\pcalua.exe -a E:\INSTALL.EXE -d E:\
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [119]
IE trusted site: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\...\mojeplatba.cz -> hxxps://www.mojeplatba.cz

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7" => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Windows 10 Upgrader" => removed successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\SOFTWARE\Policies\Google" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} => key not found
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}" => removed successfully
"HKLM\Software\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} => key not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully
"HKLM\Software\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found
"HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => removed successfully
HKLM\Software\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => key not found
"HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\18124305.js => moved successfully
C:\Program Files (x86)\mozilla firefox\18124305.cfg => moved successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
"HKLM\System\CurrentControlSet\Services\lmimirr" => removed successfully
lmimirr => service removed successfully
"HKLM\System\CurrentControlSet\Services\MBAMSwissArmy" => removed successfully
MBAMSwissArmy => service removed successfully
"HKLM\System\CurrentControlSet\Services\MSICDSetup" => removed successfully
MSICDSetup => service removed successfully
"HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_3" => removed successfully
NTIOLib_1_0_3 => service removed successfully
"HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C" => removed successfully
NTIOLib_1_0_C => service removed successfully
C:\Users\Rodina\AppData\Local\{4E9652A0-5F89-4BDB-8A82-F7BCC8F85225} => moved successfully
C:\Users\Rodina\AppData\Local\{EAA1BBAF-2256-4D79-AB0C-9FB90CF55A91} => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => removed successfully
HKLM\Software\Classes\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AA30FD1-3A38-4D15-8A90-6F93F322B9AA} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AA30FD1-3A38-4D15-8A90-6F93F322B9AA}" => removed successfully
C:\Windows\System32\Tasks\{1E1272A6-E49C-460A-9576-F7F478AAC5A5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1E1272A6-E49C-460A-9576-F7F478AAC5A5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{265EA5A0-C646-4E1F-936C-7DCD8C4E06E1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{265EA5A0-C646-4E1F-936C-7DCD8C4E06E1}" => removed successfully
C:\Windows\System32\Tasks\{1B224B9B-3671-4725-BE39-DAB60317AA61} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B224B9B-3671-4725-BE39-DAB60317AA61}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{297F67E4-E9A0-4BE3-8672-C1BF1439715F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{297F67E4-E9A0-4BE3-8672-C1BF1439715F}" => removed successfully
C:\Windows\System32\Tasks\{64BF5446-6532-424E-A543-C179979FB228} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{64BF5446-6532-424E-A543-C179979FB228}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29F42279-D20C-4B75-AFC1-17C18A6ADAC7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29F42279-D20C-4B75-AFC1-17C18A6ADAC7}" => removed successfully
C:\Windows\System32\Tasks\{E97ACBE5-ED7E-463B-AF0B-DEF5879876D4} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E97ACBE5-ED7E-463B-AF0B-DEF5879876D4}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38FA2BB1-1DA3-49BE-B654-9CBEAEF6BE12}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38FA2BB1-1DA3-49BE-B654-9CBEAEF6BE12}" => removed successfully
C:\Windows\System32\Tasks\{A4135ACA-4BCA-4143-A94A-356F3D97BA4C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A4135ACA-4BCA-4143-A94A-356F3D97BA4C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39247EE2-D232-427F-852E-85F1D274454E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39247EE2-D232-427F-852E-85F1D274454E}" => removed successfully
C:\Windows\System32\Tasks\{5E77FD14-B69F-49A8-9B5B-C2BCE1BF4490} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E77FD14-B69F-49A8-9B5B-C2BCE1BF4490}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{615E85AA-FAC1-40BA-B539-BECD2ECB1A0F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{615E85AA-FAC1-40BA-B539-BECD2ECB1A0F}" => removed successfully
C:\Windows\System32\Tasks\{8738BFF0-79A8-47B6-8EE3-29F7C3FF5F44} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8738BFF0-79A8-47B6-8EE3-29F7C3FF5F44}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62622B9B-0D61-47C4-A837-38F1159B721A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62622B9B-0D61-47C4-A837-38F1159B721A}" => removed successfully
C:\Windows\System32\Tasks\{D325217C-D133-4225-A0F2-7F69AFFAFB0A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D325217C-D133-4225-A0F2-7F69AFFAFB0A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64501D5B-262E-41B9-A3BE-8B5CDE60ECC6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64501D5B-262E-41B9-A3BE-8B5CDE60ECC6}" => removed successfully
C:\Windows\System32\Tasks\{C6AB412B-2D04-45A0-ACCD-8592780FF154} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6AB412B-2D04-45A0-ACCD-8592780FF154}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99BE3225-888F-4771-A517-5FA57BACB64D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99BE3225-888F-4771-A517-5FA57BACB64D}" => removed successfully
C:\Windows\System32\Tasks\{EC9C2D46-F574-44C8-AD27-B2E3B536FE17} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC9C2D46-F574-44C8-AD27-B2E3B536FE17}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B336D05-EE27-4AE4-91ED-5AB6A4AE97BA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B336D05-EE27-4AE4-91ED-5AB6A4AE97BA}" => removed successfully
C:\Windows\System32\Tasks\{29CC9A38-BC47-4824-8722-4568B1308AD5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{29CC9A38-BC47-4824-8722-4568B1308AD5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A06AC9B8-5706-4150-907C-2640D8BAAA72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A06AC9B8-5706-4150-907C-2640D8BAAA72}" => removed successfully
C:\Windows\System32\Tasks\{28290B50-6288-4955-A9CC-AFF8CFBD734D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28290B50-6288-4955-A9CC-AFF8CFBD734D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA1DF2AE-3B9B-4152-A1A3-8E512CBB5B22}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA1DF2AE-3B9B-4152-A1A3-8E512CBB5B22}" => removed successfully
C:\Windows\System32\Tasks\{1DD0D418-14C4-4491-87D6-214363488185} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1DD0D418-14C4-4491-87D6-214363488185}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5F73A5F-965D-49D2-9D98-B198A33D5E0B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5F73A5F-965D-49D2-9D98-B198A33D5E0B}" => removed successfully
C:\Windows\System32\Tasks\{445551DE-A5AC-4999-91F0-B21D4CB468DE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{445551DE-A5AC-4999-91F0-B21D4CB468DE}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA18885E-DDCC-40AF-90ED-132BDA31465C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA18885E-DDCC-40AF-90ED-132BDA31465C}" => removed successfully
C:\Windows\System32\Tasks\{589DD857-6191-4977-8262-6C903A41EFA6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{589DD857-6191-4977-8262-6C903A41EFA6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4C0FCDB-C939-44FB-932D-A24F34B97CB0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4C0FCDB-C939-44FB-932D-A24F34B97CB0}" => removed successfully
C:\Windows\System32\Tasks\{CA81B40D-5C12-47BA-AD8C-FAFEA3A30C73} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA81B40D-5C12-47BA-AD8C-FAFEA3A30C73}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2B15724-3BF1-439D-A59C-7B54E8C935FA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2B15724-3BF1-439D-A59C-7B54E8C935FA}" => removed successfully
C:\Windows\System32\Tasks\{6C4A1BF5-136A-4CD1-A389-273A9E724E83} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6C4A1BF5-136A-4CD1-A389-273A9E724E83}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2CE2DD6-A6CE-41E6-AFCF-68F1DDA90463}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2CE2DD6-A6CE-41E6-AFCF-68F1DDA90463}" => removed successfully
C:\Windows\System32\Tasks\{BC1159A4-5EFF-451B-9890-8DA21F8D534A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BC1159A4-5EFF-451B-9890-8DA21F8D534A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2E9D752-8A01-475D-9610-EC1ACCDD796B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2E9D752-8A01-475D-9610-EC1ACCDD796B}" => removed successfully
C:\Windows\System32\Tasks\{6B7ACBBC-0A80-4717-89F1-739AC94AD795} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6B7ACBBC-0A80-4717-89F1-739AC94AD795}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC1009AE-7FCF-46AA-92BA-D974C3CF8502}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC1009AE-7FCF-46AA-92BA-D974C3CF8502}" => removed successfully
C:\Windows\System32\Tasks\{FA6069B3-E37B-4D30-B4D9-3EB2A9DE5FBD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FA6069B3-E37B-4D30-B4D9-3EB2A9DE5FBD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF6F220B-595D-4C31-838D-403560F67146}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF6F220B-595D-4C31-838D-403560F67146}" => removed successfully
C:\Windows\System32\Tasks\{097C44D7-0C9C-4596-A4D2-8D8EAA0B44FB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{097C44D7-0C9C-4596-A4D2-8D8EAA0B44FB}" => removed successfully
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully
"HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz" => removed successfully
"HKU\S-1-5-21-4125149103-1521511784-2178673614-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojeplatba.cz" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9522583 B
Java, Flash, Steam htmlcache => 1236 B
Windows/system/drivers => 12516453 B
Edge => 0 B
Chrome => 14482734 B
Firefox => 205869733 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 73088 B
Public => 0 B
ProgramData => 0 B
systemprofile => 134665 B
systemprofile32 => 1306961 B
LocalService => 34778 B
NetworkService => 1720 B
Rodina => 236887856 B

RecycleBin => 0 B
EmptyTemp: => 466.6 MB temporary data Removed.

================================

Poprosim este o spustenie FRST s tytmto fixlistom

• Otvor poznamkovy blok (Win+R -> notepad -> enter)
• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CMD: type "C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\defaults\pref\18124305.js.xBAD"
  CMD: type "C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\18124305.cfg.xBAD"
  CMD: type "C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\firefox.cfg.xBAD"
  C:\Program Files (x86)\CheckPoint
  C:\ProgramData\CheckPoint
  C:\Users\Rodina\AppData\Roaming\CheckPoint
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Pockaj na dokoncenie
• Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj
• Ak by mal Fixlog.txt prilis vela znakov, zabal ho do archivu (rar, zip) a posli ako prilohu

Ako to vyzera s PC, nastala nejaka zmena, pripadne su este nejake problemy? Reklamy este vyskakuju?

PC se chová v pořádku, vypadá to, že i ty vyskakovací reklamy jsou fuč


Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Rodina (04-02-2018 21:54:52) Run:2
Running from C:\Users\Rodina\Desktop
Loaded Profiles: Rodina (Available Profiles: Rodina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CMD: type "C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\defaults\pref\18124305.js.xBAD"
CMD: type "C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\18124305.cfg.xBAD"
CMD: type "C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\firefox.cfg.xBAD"
C:\Program Files (x86)\CheckPoint
C:\ProgramData\CheckPoint
C:\Users\Rodina\AppData\Roaming\CheckPoint
End
*****************


========= type "C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\defaults\pref\18124305.js.xBAD" =========

pref("general.config.obscure_value", 0);pref("general.config.filename", "18124305.cfg");pref("network.proxy.type", 2);pref("network.proxy.autoconfig_url", "http://access-unstop.biz/wpad.dat?62283 ... e038042928");pref("network.proxy.autoconfig_url.include_path", true);
========= End of CMD: =========


========= type "C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\18124305.cfg.xBAD" =========

var certdb;
try { certdb = Components.classes["@mozilla.org/security/x509certdb;1"].getService(Components.interfaces.nsIX509CertDB2); }
catch (e)
{ certdb = Components.classes["@mozilla.org/security/x509certdb;1"].getService(Components.interfaces.nsIX509CertDB); }
cert = 'MIIDQzCCAiugAwIBAgIJAOblM3U/M59VMA0GCSqGSIb3DQEBCwUAMDgxGjAYBgNVBAMMEWFjY2Vzcy11bnN0b3AuYml6MRowGAYDVQQKDBFhY2Nlc3MtdW5zdG9wLmJpejAeFw0xNzEyMTgxNTIwNTdaFw0yNzEyMTYxNTIwNTdaMDgxGjAYBgNVBAMMEWFjY2Vzcy11bnN0b3AuYml6MRowGAYDVQQKDBFhY2Nlc3MtdW5zdG9wLmJpejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAqUgbJEosv7ETAXYxJJIepO/47+/Z3PHOc6BHpUQn72bqa1luEFjdiKreB3tW8KCBacm+wNoSpGsA6WQe7fP7LhWyB32c2dvJLHlN6npfge+eZqqLwJjxBxC6GfTwhQQ6F2KmL42HWT0PIFBi7zdv/CqCyjty2cfnrrVX7oLfq6R0nmYy4LgHHcVFw6IXa9INPKYS59zjRsE3t0764CzxhVSjrF1slRJ219+x+ksjS8i5Ul0cL36PBZXnGby1PqDAYB0Wvy1CQxr/BxMx8shmW5coO+UX2ZCazjFQ1QmDYywdhrGkm9D4J7hqaSsiWRTGFT1ra8oQ167HRJLBTXtECAwEAAaNQME4wHQYDVR0OBBYEFPz3C5++MShLNty2/Y3NWybN4zpTMB8GA1UdIwQYMBaAFPz3C5++MShLNty2/Y3NWybN4zpTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADZGvrEMhuL0UpQQjqw7lLGVRhJ5gxkyaJg/FfmBnH0AOeK2Rv8bLk23Fon7wiuukm8UGqiJeaFu96gmlyDTCZ1S88mL6g+cTQaYEX5oL0PTvy9+y5/0dDJdevG+9d3pYHpEKWZFL6EwlJW3I4Z5jCaUxjkfR5Hz9D7z9te/gBd29Udg+SIqI0WxDUWjZOggtTEKA2M1Ez1vq9S+dEMN62GN3ZKfCOQzBcQ6BrL3ZKx5rP/We4mg1HAdN2Txobsckk31/MNtuBf9kuT9YVyUzvqY7naDYO0/rtjFB0VPCR7idyJvaPURSXCUZ5KGpfYybU+91YQ/ZnefosPDbY3CLLs=';
certdb.addCertFromBase64(cert, "CT,C,C", "");
========= End of CMD: =========


========= type "C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\firefox.cfg.xBAD" =========


========= End of CMD: =========

"C:\Program Files (x86)\CheckPoint" => not found
C:\ProgramData\CheckPoint => moved successfully
C:\Users\Rodina\AppData\Roaming\CheckPoint => moved successfully

==== End of Fixlog 21:54:52 ====

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

# DelFix v1.013 - Logfile created 04/02/2018 at 22:08:14
# Updated 17/04/2016 by Xplode
# Username : Rodina - RODINA-ALFA
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Rodina\Desktop\adwcleaner_7.0.7.0.exe
Deleted : C:\Users\Rodina\Desktop\Fixlog.txt
Deleted : C:\Users\Rodina\Desktop\FRST64.exe

########## - EOF - ##########

Logy uz vyzeraju OK.

Velké díky za pomoc a kontrolu!