VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

JS miner - vytížený procesor

https://forum.viry.cz:443/viewtopic.php?t=154024

Stránka 1 z 1

JS miner - vytížený procesor

Napsal: 30 bře 2018 08:44
od mr_tricoder
Dobrý den, mám neusále vytížený procesor. Avast několikrát zablokoval komunikaci JS:miner na coinhive.com.

Přikládám FRST log


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by ATAcomp (administrator) on ATACOMP-PC (30-03-2018 09:36:24)
Running from C:\Users\ATAcomp\Desktop
Loaded Profiles: ATAcomp (Available Profiles: ATAcomp & host)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Fujitsu) C:\Program Files\Fujitsu Mouse WI910 Touch\DriverAP4.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-06-06] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [180224 2012-06-21] (Lenovo.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [95264 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-02-05] (AuthenTec)
HKLM\...\Run: [TPKMAPHELPER] => C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [992816 2007-02-26] (Lenovo)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2009-12-01] (Lenovo Group Ltd.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [62312 2010-03-26] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited)
HKLM\...\Run: [Fujitsu Mouse WI910 Touch] => C:\Program Files\Fujitsu Mouse WI910 Touch\DriverSt.exe [48128 2015-12-04] ()
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [433248 2012-05-30] (Lenovo)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-25] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-11-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2012-11-27]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\..\Interfaces\{090AADE9-126C-4DF1-8829-C168EC68B657}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1969540636-3590949601-557156478-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-25] (AVAST Software)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-03-04] (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-16] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: pfqetlg4.default
FF ProfilePath: C:\Users\ATAcomp\AppData\Roaming\Mozilla\Firefox\Profiles\pfqetlg4.default [2018-03-25]
FF Extension: (Avast SafePrice) - C:\Users\ATAcomp\AppData\Roaming\Mozilla\Firefox\Profiles\pfqetlg4.default\Extensions\sp@avast.com.xpi [2018-03-25]
FF Extension: (Avast Online Security) - C:\Users\ATAcomp\AppData\Roaming\Mozilla\Firefox\Profiles\pfqetlg4.default\Extensions\wrc@avast.com.xpi [2018-03-25]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\ATAcomp\AppData\Roaming\Mozilla\Firefox\Profiles\pfqetlg4.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-03-03] [Legacy]
FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-09-14] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-14] [Legacy] [not signed]
FF HKU\S-1-5-21-1969540636-3590949601-557156478-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: (ThinkVantage Password Manager) - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2012-11-27] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-16] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-16] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-1969540636-3590949601-557156478-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ATAcomp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-30] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default [2018-03-30]
CHR Extension: (Disk Google) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Vyhledávání Google) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06]
CHR Extension: (Gmail) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2010-02-05] () [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-03-16] (Adobe Systems Incorporated) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-25] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-25] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S2 dtsvc; C:\Windows\system32\DTS.exe [98304 2010-02-05] () [File not signed]
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-07-27] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2014-11-02] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [99904 2016-04-29] ()
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-06-06] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-06-06] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-06-06] (Lenovo Group Limited) [File not signed]
S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-28] (Lenovo Group Limited) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-03-25] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-25] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-25] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-25] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-25] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [169536 2018-03-25] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-03-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-03-25] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [70576 2018-03-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-03-25] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783608 2018-03-25] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-03-25] (AVAST Software)
R3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [205344 2018-03-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-03-25] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-08] (DT Soft Ltd)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2015-01-05] (LogMeIn, Inc.)
R3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [6959616 2010-10-18] (Intel Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 PnkBstrK; C:\Windows\system32\drivers\PnkBstrK.sys [22584 2016-04-29] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-05] (Duplex Secure Ltd.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [24872 2011-11-01] (Lenovo Group Limited)
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2012-11-27] (Lenovo) [File not signed]
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [171104 2017-07-27] (Oracle Corporation)
U3 a4m9ysti; C:\Windows\system32\Drivers\a4m9ysti.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U3 a5g5wn8q; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 09:36 - 2018-03-30 09:37 - 000019534 _____ C:\Users\ATAcomp\Desktop\FRST.txt
2018-03-30 09:34 - 2018-03-30 09:36 - 000000000 ____D C:\FRST
2018-03-30 09:33 - 2018-03-30 09:33 - 001764352 _____ (Farbar) C:\Users\ATAcomp\Desktop\FRST.exe
2018-03-30 09:29 - 2018-03-30 09:29 - 000001886 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\Users\Public\Foxit Software
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Foxit Software
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Foxit AgentInformation
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\ProgramData\Foxit Software
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\Program Files\Foxit Software
2018-03-30 09:01 - 2018-03-30 09:01 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\ATAcomp\Desktop\WiNlOgOn.exe
2018-03-30 08:58 - 2018-03-30 09:03 - 000002224 _____ C:\Users\ATAcomp\Desktop\Rkill.txt
2018-03-30 08:57 - 2018-03-30 08:57 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\ATAcomp\Desktop\rkill.com
2018-03-26 21:01 - 2018-03-29 21:50 - 000003346 _____ C:\sysiclog.txt
2018-03-26 20:11 - 2018-03-26 20:15 - 000000000 ____D C:\Windows\system32\appmgmt
2018-03-26 20:06 - 2018-03-26 20:06 - 000000063 _____ C:\Windows\Wininit.ini
2018-03-25 17:30 - 2018-03-25 17:30 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\AVAST Software
2018-03-25 17:29 - 2018-03-25 17:29 - 000001789 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-03-25 17:29 - 2018-03-25 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-03-25 17:29 - 2018-03-25 17:28 - 000783608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000205344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000169536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000070576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-25 17:28 - 2018-03-25 17:28 - 000319392 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-03-25 16:58 - 2018-03-25 20:23 - 000000000 ____D C:\Qoobox
2018-03-25 16:58 - 2011-06-26 08:45 - 000256000 _____ C:\Windows\PEV.exe
2018-03-25 16:58 - 2010-11-07 19:20 - 000208896 _____ C:\Windows\MBR.exe
2018-03-25 16:58 - 2009-04-20 06:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-03-25 16:58 - 2000-08-31 02:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-03-25 16:58 - 2000-08-31 02:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-03-25 16:58 - 2000-08-31 02:00 - 000098816 _____ C:\Windows\sed.exe
2018-03-25 16:58 - 2000-08-31 02:00 - 000080412 _____ C:\Windows\grep.exe
2018-03-25 16:58 - 2000-08-31 02:00 - 000068096 _____ C:\Windows\zip.exe
2018-03-25 16:57 - 2018-03-25 17:13 - 000000000 ____D C:\Windows\erdnt
2018-03-25 16:55 - 2018-03-25 16:57 - 005659794 ____R (Swearware) C:\Users\ATAcomp\Downloads\ComboFix.exe
2018-03-25 16:46 - 2018-03-25 16:46 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
2018-03-18 20:02 - 2018-03-26 20:56 - 000000000 ____D C:\Users\ATAcomp\AppData\Local\ESET
2018-03-18 19:58 - 2018-03-18 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-03-16 23:41 - 2018-03-16 23:41 - 000000000 ____D C:\Program Files\Common Files\Java
2018-03-16 23:40 - 2018-03-16 23:40 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Sun
2018-03-16 23:18 - 2018-03-16 23:18 - 000000764 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-16 23:06 - 2016-09-09 17:15 - 001029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2018-03-16 23:06 - 2016-09-09 17:15 - 000219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2018-03-16 23:06 - 2016-09-09 17:15 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2018-03-16 23:06 - 2016-09-09 17:15 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2018-03-16 23:06 - 2016-09-09 16:34 - 001172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-03-16 23:06 - 2016-09-09 16:32 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2018-03-16 23:06 - 2016-09-09 16:23 - 000682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2018-03-16 23:06 - 2016-09-09 16:21 - 001073152 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2018-03-16 23:06 - 2016-09-09 16:21 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2018-03-16 23:05 - 2016-11-02 18:06 - 000306408 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-03-16 23:05 - 2016-11-02 17:59 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-03-16 23:03 - 2016-10-12 18:02 - 000244968 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-03-16 23:02 - 2016-10-07 17:52 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-03-16 22:55 - 2016-09-10 18:27 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2018-03-16 22:53 - 2016-08-03 17:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-03-16 22:53 - 2016-08-03 16:21 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-03-16 22:53 - 2016-08-03 16:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-03-16 22:53 - 2016-08-03 16:20 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-03-16 22:51 - 2016-10-08 07:31 - 001209080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-03-16 22:51 - 2016-10-07 17:48 - 003613416 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-03-16 22:51 - 2016-10-07 17:48 - 003561192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-03-16 22:51 - 2016-10-07 17:41 - 000049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-03-16 22:51 - 2016-10-07 16:21 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-03-16 22:50 - 2016-10-04 16:22 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-03-16 22:48 - 2016-10-18 00:05 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2018-03-16 22:48 - 2016-10-18 00:04 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2018-03-16 22:48 - 2016-10-18 00:04 - 000739328 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-03-16 22:48 - 2016-10-18 00:04 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2018-03-16 22:48 - 2016-10-18 00:04 - 000413696 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000200704 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2018-03-16 22:48 - 2016-10-18 00:04 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2018-03-16 22:48 - 2016-09-15 02:01 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-03-16 22:46 - 2016-10-08 17:18 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-03-16 22:46 - 2016-10-08 17:18 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-03-16 22:46 - 2016-10-08 17:18 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-03-16 22:46 - 2016-10-08 17:18 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-03-16 22:46 - 2016-10-08 17:17 - 001262592 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-03-16 22:46 - 2016-10-08 17:17 - 000219136 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-03-16 22:46 - 2016-10-08 17:17 - 000205312 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-03-16 22:46 - 2016-10-08 17:15 - 000802816 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-03-16 22:46 - 2016-10-08 16:24 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-03-16 22:46 - 2016-10-08 16:18 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-03-16 22:46 - 2016-10-08 16:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-03-16 22:46 - 2016-10-08 16:17 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-03-16 22:46 - 2016-10-08 15:13 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-03-16 22:46 - 2016-10-07 17:52 - 000573952 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-03-16 22:46 - 2016-10-07 17:52 - 000089600 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2018-03-16 22:46 - 2016-10-07 17:51 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2018-03-16 22:45 - 2016-08-14 17:48 - 000627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2018-03-16 22:44 - 2016-09-15 01:53 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-03-16 22:43 - 2016-09-08 16:20 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2018-03-16 22:43 - 2016-09-08 16:20 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-03-16 22:42 - 2016-10-26 00:47 - 002073600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-03-01 21:43 - 2018-03-01 21:43 - 000001810 _____ C:\Users\ATAcomp\Desktop\PlugY, The Survival Kit.lnk
2018-03-01 21:43 - 2018-03-01 21:43 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlugY, The Survival Kit
2018-03-01 21:37 - 2018-03-01 21:37 - 000000646 _____ C:\Users\ATAcomp\Documents\installpath.reg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 09:27 - 2017-09-14 12:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-30 07:40 - 2009-04-13 11:21 - 001532722 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-30 07:40 - 2009-04-13 11:21 - 000645304 _____ C:\Windows\system32\perfh005.dat
2018-03-30 07:40 - 2009-04-13 11:21 - 000137942 _____ C:\Windows\system32\perfc005.dat
2018-03-30 07:40 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf
2018-03-30 07:37 - 2006-11-02 14:47 - 000003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-30 07:37 - 2006-11-02 14:47 - 000003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-29 21:50 - 2006-11-02 15:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-29 16:22 - 2012-11-27 16:32 - 000002140 _____ C:\Windows\bthservsdp.dat
2018-03-29 16:22 - 2006-11-02 15:01 - 000032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-29 16:21 - 2016-10-10 18:05 - 000002048 _____ C:\Users\ATAcomp\AppData\Roaming\mouse.dat
2018-03-29 16:21 - 2016-10-10 18:05 - 000000256 _____ C:\Users\ATAcomp\AppData\Roaming\setup.dat
2018-03-28 20:09 - 2013-01-04 18:38 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\vlc
2018-03-27 04:16 - 2017-06-21 21:09 - 000000000 ____D C:\Users\ATAcomp\AppData\Local\CrashDumps
2018-03-26 20:39 - 2017-09-10 23:07 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DK Multimedia
2018-03-26 20:39 - 2013-01-07 11:20 - 000000000 ____D C:\prog
2018-03-26 20:36 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\ModemLogs
2018-03-26 20:31 - 2015-11-09 19:11 - 000000000 ____D C:\Program Files\Steam
2018-03-26 20:27 - 2012-11-27 16:06 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-03-26 20:13 - 2016-12-05 08:00 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Opera Software
2018-03-26 20:13 - 2016-12-05 08:00 - 000000000 ____D C:\Users\ATAcomp\AppData\Local\Opera Software
2018-03-26 20:13 - 2016-12-05 07:59 - 000000000 ____D C:\Program Files\Opera
2018-03-26 20:13 - 2012-11-27 16:27 - 000000909 _____ C:\Users\ATAcomp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-26 20:11 - 2013-06-06 21:16 - 000000000 ____D C:\Program Files\Nokia
2018-03-26 20:09 - 2017-09-13 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Creator
2018-03-26 20:06 - 2018-02-14 20:37 - 000000000 ____D C:\ProgramData\ConMet
2018-03-26 20:06 - 2015-07-04 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2018-03-26 20:06 - 2015-07-04 22:12 - 000000000 ____D C:\Program Files\CPUID
2018-03-25 17:25 - 2013-01-04 18:36 - 000118272 _____ C:\Users\ATAcomp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-03-25 17:22 - 2013-01-17 07:36 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-25 17:08 - 2006-11-02 12:23 - 000000215 _____ C:\Windows\system.ini
2018-03-20 20:18 - 2013-01-04 21:21 - 000000000 ____D C:\bin
2018-03-18 21:50 - 2013-01-17 07:36 - 000000000 ____D C:\Program Files\AVAST Software
2018-03-18 20:36 - 2014-10-11 19:42 - 000000000 ____D C:\Users\host
2018-03-18 20:36 - 2012-11-27 16:27 - 000000000 ____D C:\Users\ATAcomp
2018-03-18 20:36 - 2012-11-27 16:10 - 000000000 ____D C:\ProgramData\Lenovo
2018-03-18 20:36 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\registration
2018-03-18 20:36 - 2006-11-02 12:22 - 039583744 _____ C:\Windows\system32\config\software_previous
2018-03-18 20:36 - 2006-11-02 12:22 - 033816576 _____ C:\Windows\system32\config\system_previous
2018-03-18 20:36 - 2006-11-02 12:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2018-03-18 20:36 - 2006-11-02 12:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2018-03-18 20:24 - 2006-11-02 12:22 - 038797312 _____ C:\Windows\system32\config\components_previous
2018-03-18 20:24 - 2006-11-02 12:22 - 001572864 _____ C:\Windows\system32\config\default_previous
2018-03-18 20:21 - 2012-11-27 16:27 - 000001356 _____ C:\Users\ATAcomp\AppData\Local\d3d9caps.dat
2018-03-17 08:53 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\rescache
2018-03-16 23:41 - 2013-01-16 21:31 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-03-16 23:41 - 2013-01-16 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-03-16 23:41 - 2013-01-16 21:31 - 000000000 ____D C:\Program Files\WinRAR
2018-03-16 23:39 - 2014-10-30 20:17 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-03-16 23:39 - 2014-10-30 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-16 23:38 - 2013-08-14 22:16 - 000000000 ____D C:\Program Files\Java
2018-03-16 23:25 - 2006-11-02 14:47 - 000266768 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-16 23:21 - 2006-11-02 14:37 - 000000000 ____D C:\Program Files\Windows Journal
2018-03-16 23:18 - 2016-12-06 07:12 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-03-16 23:18 - 2016-12-06 07:12 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-03-16 23:18 - 2016-12-06 07:11 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-16 23:18 - 2013-01-08 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-16 23:18 - 2013-01-08 19:43 - 000000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2016-10-10 18:05 - 2018-03-29 16:21 - 000002048 _____ () C:\Users\ATAcomp\AppData\Roaming\mouse.dat
2014-11-01 23:28 - 2014-11-02 21:42 - 000022328 _____ () C:\Users\ATAcomp\AppData\Roaming\PnkBstrK.sys
2016-10-10 18:05 - 2018-03-29 16:21 - 000000256 _____ () C:\Users\ATAcomp\AppData\Roaming\setup.dat
2012-11-27 16:27 - 2018-03-18 20:21 - 000001356 _____ () C:\Users\ATAcomp\AppData\Local\d3d9caps.dat
2013-01-04 18:36 - 2018-03-25 17:25 - 000118272 _____ () C:\Users\ATAcomp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-07 14:16 - 2013-01-07 14:16 - 000000600 _____ () C:\Users\ATAcomp\AppData\Local\PUTTY.RND
2017-05-09 22:16 - 2017-05-09 22:16 - 000006444 _____ () C:\Users\ATAcomp\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2018-03-26 20:06 - 2018-02-14 20:37 - 000017920 _____ () C:\Users\ATAcomp\AppData\Local\Temp\cmunst_.exe
2018-03-26 20:34 - 2012-08-30 19:19 - 004327024 _____ (Foxit Corporation) C:\Users\ATAcomp\AppData\Local\Temp\Foxit Updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 21:57

==================== End of FRST.txt ============================

Re: JS miner - vytížený procesor

Napsal: 30 bře 2018 10:19
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: JS miner - vytížený procesor

Napsal: 30 bře 2018 21:22
od mr_tricoder
Děkuji za odpověď.

# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 30 20:10:42 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows Vista (TM) Business (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\ATAcomp\AppData\Local\Rich Media Player
Deleted: C:\Users\ATAcomp\AppData\Roaming\Solvusoft
Deleted: C:\Users\ATAcomp\AppData\Local\Assistant


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-1969540636-3590949601-557156478-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted: [Key] - HKU\S-1-5-21-1969540636-3590949601-557156478-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileViewPro_is1
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FileViewPro_is1
Deleted: [Key] - HKLM\SOFTWARE\PIP
Deleted: [Key] - HKU\S-1-5-21-1969540636-3590949601-557156478-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-1969540636-3590949601-557156478-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinThruster_is1
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinThruster_is1
Deleted: [Key] - HKLM\SOFTWARE\systweak


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2254 B] - [2018/3/30 20:10:11]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Re: JS miner - vytížený procesor

Napsal: 30 bře 2018 21:31
od Rudy
Dejte nový log FRST.

Re: JS miner - vytížený procesor

Napsal: 30 bře 2018 21:51
od mr_tricoder
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by ATAcomp (administrator) on ATACOMP-PC (30-03-2018 22:46:54)
Running from C:\Users\ATAcomp\Desktop
Loaded Profiles: ATAcomp (Available Profiles: ATAcomp & host)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Lenovo.) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Fujitsu) C:\Program Files\Fujitsu Mouse WI910 Touch\DriverAP4.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-06-06] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [180224 2012-06-21] (Lenovo.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [95264 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-02-05] (AuthenTec)
HKLM\...\Run: [TPKMAPHELPER] => C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [992816 2007-02-26] (Lenovo)
HKLM\...\Run: [EZEJMNAP] => C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2009-12-01] (Lenovo Group Ltd.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [62312 2010-03-26] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3093816 2009-03-04] (Lenovo Group Limited)
HKLM\...\Run: [Fujitsu Mouse WI910 Touch] => C:\Program Files\Fujitsu Mouse WI910 Touch\DriverSt.exe [48128 2015-12-04] ()
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [433248 2012-05-30] (Lenovo)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-25] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-11-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2012-11-27]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\..\Interfaces\{090AADE9-126C-4DF1-8829-C168EC68B657}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1969540636-3590949601-557156478-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-03-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-03-25] (AVAST Software)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-03-04] (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-16] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: pfqetlg4.default
FF ProfilePath: C:\Users\ATAcomp\AppData\Roaming\Mozilla\Firefox\Profiles\pfqetlg4.default [2018-03-30]
FF Extension: (Avast SafePrice) - C:\Users\ATAcomp\AppData\Roaming\Mozilla\Firefox\Profiles\pfqetlg4.default\Extensions\sp@avast.com.xpi [2018-03-30]
FF Extension: (Avast Online Security) - C:\Users\ATAcomp\AppData\Roaming\Mozilla\Firefox\Profiles\pfqetlg4.default\Extensions\wrc@avast.com.xpi [2018-03-25]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\ATAcomp\AppData\Roaming\Mozilla\Firefox\Profiles\pfqetlg4.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-03-03] [Legacy]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-14] [Legacy] [not signed]
FF HKU\S-1-5-21-1969540636-3590949601-557156478-1000\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension
FF Extension: (ThinkVantage Password Manager) - C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2012-11-27] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-16] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-16] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-1969540636-3590949601-557156478-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ATAcomp\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-30] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default [2018-03-30]
CHR Extension: (Disk Google) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Vyhledávání Google) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Avast Online Security) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06]
CHR Extension: (Gmail) - C:\Users\ATAcomp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2010-02-05] () [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-03-16] (Adobe Systems Incorporated) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5909888 2018-03-25] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-25] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2010-02-05] () [File not signed]
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [50536 2010-07-27] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2014-11-02] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [99904 2016-04-29] ()
R2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-16] (Lenovo Group Limited)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2009-03-04] (Lenovo)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-06-06] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [950272 2008-06-06] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-06-06] (Lenovo Group Limited) [File not signed]
S2 TVT_UpdateMonitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [253952 2008-05-28] (Lenovo Group Limited) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-03-25] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-25] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-25] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-25] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-25] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [169536 2018-03-25] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-03-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-03-25] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [70576 2018-03-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-03-25] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783608 2018-03-25] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-03-25] (AVAST Software)
R3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [205344 2018-03-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-03-25] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-01-08] (DT Soft Ltd)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2015-01-05] (LogMeIn, Inc.)
R3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [6959616 2010-10-18] (Intel Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 PnkBstrK; C:\Windows\system32\drivers\PnkBstrK.sys [22584 2016-04-29] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-01-05] (Duplex Secure Ltd.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [24872 2011-11-01] (Lenovo Group Limited)
R2 tvtfilter; C:\Windows\System32\DRIVERS\tvtfilter.sys [33536 2012-11-27] (Lenovo) [File not signed]
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [171104 2017-07-27] (Oracle Corporation)
U3 axqoiqu1; C:\Windows\system32\Drivers\axqoiqu1.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U3 agxas1uo; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 22:46 - 2018-03-30 22:48 - 000019395 _____ C:\Users\ATAcomp\Desktop\FRST.txt
2018-03-30 22:07 - 2018-03-30 22:10 - 000000000 ____D C:\AdwCleaner
2018-03-30 10:28 - 2018-03-30 10:29 - 000000064 _____ C:\Users\ATAcomp\Documents\ProductKeys.txt
2018-03-30 09:34 - 2018-03-30 22:46 - 000000000 ____D C:\FRST
2018-03-30 09:33 - 2018-03-30 09:33 - 001764352 _____ (Farbar) C:\Users\ATAcomp\Desktop\FRST.exe
2018-03-30 09:29 - 2018-03-30 09:29 - 000001886 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\Users\Public\Foxit Software
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Foxit Software
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Foxit AgentInformation
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\ProgramData\Foxit Software
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2018-03-30 09:29 - 2018-03-30 09:29 - 000000000 ____D C:\Program Files\Foxit Software
2018-03-30 09:21 - 2018-03-30 09:21 - 008222496 _____ (Malwarebytes) C:\Users\ATAcomp\Desktop\adwcleaner_7.0.8.0.exe
2018-03-30 09:01 - 2018-03-30 09:01 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\ATAcomp\Desktop\WiNlOgOn.exe
2018-03-30 08:57 - 2018-03-30 08:57 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\ATAcomp\Desktop\rkill.com
2018-03-26 21:01 - 2018-03-30 22:13 - 000004302 _____ C:\sysiclog.txt
2018-03-26 20:11 - 2018-03-26 20:15 - 000000000 ____D C:\Windows\system32\appmgmt
2018-03-26 20:06 - 2018-03-26 20:06 - 000000063 _____ C:\Windows\Wininit.ini
2018-03-25 17:30 - 2018-03-25 17:30 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\AVAST Software
2018-03-25 17:29 - 2018-03-25 17:29 - 000001789 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-03-25 17:29 - 2018-03-25 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-03-25 17:29 - 2018-03-25 17:28 - 000783608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000205344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000169536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000070576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
2018-03-25 17:29 - 2018-03-25 17:28 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-03-25 17:28 - 2018-03-25 17:28 - 000319392 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-03-25 16:58 - 2018-03-25 20:23 - 000000000 ____D C:\Qoobox
2018-03-25 16:58 - 2011-06-26 08:45 - 000256000 _____ C:\Windows\PEV.exe
2018-03-25 16:58 - 2010-11-07 19:20 - 000208896 _____ C:\Windows\MBR.exe
2018-03-25 16:58 - 2009-04-20 06:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-03-25 16:58 - 2000-08-31 02:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-03-25 16:58 - 2000-08-31 02:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-03-25 16:58 - 2000-08-31 02:00 - 000098816 _____ C:\Windows\sed.exe
2018-03-25 16:58 - 2000-08-31 02:00 - 000080412 _____ C:\Windows\grep.exe
2018-03-25 16:58 - 2000-08-31 02:00 - 000068096 _____ C:\Windows\zip.exe
2018-03-25 16:57 - 2018-03-25 17:13 - 000000000 ____D C:\Windows\erdnt
2018-03-25 16:55 - 2018-03-25 16:57 - 005659794 ____R (Swearware) C:\Users\ATAcomp\Downloads\ComboFix.exe
2018-03-25 16:46 - 2018-03-25 16:46 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
2018-03-18 20:02 - 2018-03-26 20:56 - 000000000 ____D C:\Users\ATAcomp\AppData\Local\ESET
2018-03-18 19:58 - 2018-03-18 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2018-03-16 23:41 - 2018-03-16 23:41 - 000000000 ____D C:\Program Files\Common Files\Java
2018-03-16 23:40 - 2018-03-16 23:40 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Sun
2018-03-16 23:18 - 2018-03-16 23:18 - 000000764 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-16 23:06 - 2016-09-09 17:15 - 001029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2018-03-16 23:06 - 2016-09-09 17:15 - 000219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2018-03-16 23:06 - 2016-09-09 17:15 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2018-03-16 23:06 - 2016-09-09 17:15 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2018-03-16 23:06 - 2016-09-09 16:34 - 001172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-03-16 23:06 - 2016-09-09 16:32 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2018-03-16 23:06 - 2016-09-09 16:23 - 000682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2018-03-16 23:06 - 2016-09-09 16:21 - 001073152 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2018-03-16 23:06 - 2016-09-09 16:21 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2018-03-16 23:05 - 2016-11-02 18:06 - 000306408 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-03-16 23:05 - 2016-11-02 17:59 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-03-16 23:03 - 2016-10-12 18:02 - 000244968 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-03-16 23:02 - 2016-10-07 17:52 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-03-16 22:55 - 2016-09-10 18:27 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2018-03-16 22:53 - 2016-08-03 17:45 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2018-03-16 22:53 - 2016-08-03 16:21 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-03-16 22:53 - 2016-08-03 16:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-03-16 22:53 - 2016-08-03 16:20 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-03-16 22:51 - 2016-10-08 07:31 - 001209080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-03-16 22:51 - 2016-10-07 17:48 - 003613416 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-03-16 22:51 - 2016-10-07 17:48 - 003561192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-03-16 22:51 - 2016-10-07 17:41 - 000049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-03-16 22:51 - 2016-10-07 16:21 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-03-16 22:50 - 2016-10-04 16:22 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2018-03-16 22:48 - 2016-10-18 00:05 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2018-03-16 22:48 - 2016-10-18 00:04 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2018-03-16 22:48 - 2016-10-18 00:04 - 000739328 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-03-16 22:48 - 2016-10-18 00:04 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2018-03-16 22:48 - 2016-10-18 00:04 - 000413696 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000200704 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2018-03-16 22:48 - 2016-10-18 00:04 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2018-03-16 22:48 - 2016-10-18 00:04 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2018-03-16 22:48 - 2016-09-15 02:01 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-03-16 22:46 - 2016-10-08 17:18 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-03-16 22:46 - 2016-10-08 17:18 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-03-16 22:46 - 2016-10-08 17:18 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-03-16 22:46 - 2016-10-08 17:18 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-03-16 22:46 - 2016-10-08 17:17 - 001262592 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-03-16 22:46 - 2016-10-08 17:17 - 000219136 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-03-16 22:46 - 2016-10-08 17:17 - 000205312 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-03-16 22:46 - 2016-10-08 17:15 - 000802816 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-03-16 22:46 - 2016-10-08 16:24 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-03-16 22:46 - 2016-10-08 16:18 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-03-16 22:46 - 2016-10-08 16:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-03-16 22:46 - 2016-10-08 16:17 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-03-16 22:46 - 2016-10-08 15:13 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-03-16 22:46 - 2016-10-07 17:52 - 000573952 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-03-16 22:46 - 2016-10-07 17:52 - 000089600 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2018-03-16 22:46 - 2016-10-07 17:51 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2018-03-16 22:45 - 2016-08-14 17:48 - 000627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2018-03-16 22:44 - 2016-09-15 01:53 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-03-16 22:43 - 2016-09-08 16:20 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2018-03-16 22:43 - 2016-09-08 16:20 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-03-16 22:42 - 2016-10-26 00:47 - 002073600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-03-01 21:43 - 2018-03-01 21:43 - 000001810 _____ C:\Users\ATAcomp\Desktop\PlugY, The Survival Kit.lnk
2018-03-01 21:43 - 2018-03-01 21:43 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlugY, The Survival Kit
2018-03-01 21:37 - 2018-03-01 21:37 - 000000646 _____ C:\Users\ATAcomp\Documents\installpath.reg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-30 22:45 - 2018-02-22 17:54 - 000000000 ____D C:\Users\ATAcomp\AppData\LocalLow\Mozilla
2018-03-30 22:20 - 2009-04-13 11:21 - 001532722 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-30 22:20 - 2009-04-13 11:21 - 000645304 _____ C:\Windows\system32\perfh005.dat
2018-03-30 22:20 - 2009-04-13 11:21 - 000137942 _____ C:\Windows\system32\perfc005.dat
2018-03-30 22:20 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\inf
2018-03-30 22:12 - 2006-11-02 15:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-30 22:12 - 2006-11-02 14:47 - 000003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-30 22:12 - 2006-11-02 14:47 - 000003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-30 22:11 - 2012-11-27 16:32 - 000002140 _____ C:\Windows\bthservsdp.dat
2018-03-30 22:11 - 2006-11-02 15:01 - 000032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-03-30 21:49 - 2017-09-14 12:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-30 21:49 - 2015-05-05 07:44 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-03-30 10:29 - 2016-10-10 18:05 - 000002048 _____ C:\Users\ATAcomp\AppData\Roaming\mouse.dat
2018-03-30 10:29 - 2016-10-10 18:05 - 000000256 _____ C:\Users\ATAcomp\AppData\Roaming\setup.dat
2018-03-28 20:09 - 2013-01-04 18:38 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\vlc
2018-03-27 04:16 - 2017-06-21 21:09 - 000000000 ____D C:\Users\ATAcomp\AppData\Local\CrashDumps
2018-03-26 20:39 - 2017-09-10 23:07 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DK Multimedia
2018-03-26 20:39 - 2013-01-07 11:20 - 000000000 ____D C:\prog
2018-03-26 20:36 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\ModemLogs
2018-03-26 20:31 - 2015-11-09 19:11 - 000000000 ____D C:\Program Files\Steam
2018-03-26 20:27 - 2012-11-27 16:06 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2018-03-26 20:13 - 2016-12-05 08:00 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Opera Software
2018-03-26 20:13 - 2016-12-05 08:00 - 000000000 ____D C:\Users\ATAcomp\AppData\Local\Opera Software
2018-03-26 20:13 - 2012-11-27 16:27 - 000000909 _____ C:\Users\ATAcomp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-26 20:11 - 2013-06-06 21:16 - 000000000 ____D C:\Program Files\Nokia
2018-03-26 20:09 - 2017-09-13 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Creator
2018-03-26 20:06 - 2018-02-14 20:37 - 000000000 ____D C:\ProgramData\ConMet
2018-03-26 20:06 - 2015-07-04 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2018-03-26 20:06 - 2015-07-04 22:12 - 000000000 ____D C:\Program Files\CPUID
2018-03-25 17:25 - 2013-01-04 18:36 - 000118272 _____ C:\Users\ATAcomp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-03-25 17:22 - 2013-01-17 07:36 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-25 17:08 - 2006-11-02 12:23 - 000000215 _____ C:\Windows\system.ini
2018-03-20 20:18 - 2013-01-04 21:21 - 000000000 ____D C:\bin
2018-03-18 21:50 - 2013-01-17 07:36 - 000000000 ____D C:\Program Files\AVAST Software
2018-03-18 20:36 - 2014-10-11 19:42 - 000000000 ____D C:\Users\host
2018-03-18 20:36 - 2012-11-27 16:27 - 000000000 ____D C:\Users\ATAcomp
2018-03-18 20:36 - 2012-11-27 16:10 - 000000000 ____D C:\ProgramData\Lenovo
2018-03-18 20:36 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\registration
2018-03-18 20:36 - 2006-11-02 12:22 - 039583744 _____ C:\Windows\system32\config\software_previous
2018-03-18 20:36 - 2006-11-02 12:22 - 033816576 _____ C:\Windows\system32\config\system_previous
2018-03-18 20:36 - 2006-11-02 12:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2018-03-18 20:36 - 2006-11-02 12:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2018-03-18 20:24 - 2006-11-02 12:22 - 038797312 _____ C:\Windows\system32\config\components_previous
2018-03-18 20:24 - 2006-11-02 12:22 - 001572864 _____ C:\Windows\system32\config\default_previous
2018-03-18 20:21 - 2012-11-27 16:27 - 000001356 _____ C:\Users\ATAcomp\AppData\Local\d3d9caps.dat
2018-03-17 08:53 - 2006-11-02 13:18 - 000000000 ____D C:\Windows\rescache
2018-03-16 23:41 - 2013-01-16 21:31 - 000000000 ____D C:\Users\ATAcomp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-03-16 23:41 - 2013-01-16 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-03-16 23:41 - 2013-01-16 21:31 - 000000000 ____D C:\Program Files\WinRAR
2018-03-16 23:39 - 2014-10-30 20:17 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-03-16 23:39 - 2014-10-30 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-16 23:38 - 2013-08-14 22:16 - 000000000 ____D C:\Program Files\Java
2018-03-16 23:25 - 2006-11-02 14:47 - 000266768 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-16 23:21 - 2006-11-02 14:37 - 000000000 ____D C:\Program Files\Windows Journal
2018-03-16 23:18 - 2016-12-06 07:12 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-03-16 23:18 - 2016-12-06 07:12 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-03-16 23:18 - 2016-12-06 07:11 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-16 23:18 - 2013-01-08 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-16 23:18 - 2013-01-08 19:43 - 000000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2016-10-10 18:05 - 2018-03-30 10:29 - 000002048 _____ () C:\Users\ATAcomp\AppData\Roaming\mouse.dat
2014-11-01 23:28 - 2014-11-02 21:42 - 000022328 _____ () C:\Users\ATAcomp\AppData\Roaming\PnkBstrK.sys
2016-10-10 18:05 - 2018-03-30 10:29 - 000000256 _____ () C:\Users\ATAcomp\AppData\Roaming\setup.dat
2012-11-27 16:27 - 2018-03-18 20:21 - 000001356 _____ () C:\Users\ATAcomp\AppData\Local\d3d9caps.dat
2013-01-04 18:36 - 2018-03-25 17:25 - 000118272 _____ () C:\Users\ATAcomp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-07 14:16 - 2013-01-07 14:16 - 000000600 _____ () C:\Users\ATAcomp\AppData\Local\PUTTY.RND
2017-05-09 22:16 - 2017-05-09 22:16 - 000006444 _____ () C:\Users\ATAcomp\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2018-03-26 20:06 - 2018-02-14 20:37 - 000017920 _____ () C:\Users\ATAcomp\AppData\Local\Temp\cmunst_.exe
2018-03-26 20:34 - 2012-08-30 19:19 - 004327024 _____ (Foxit Corporation) C:\Users\ATAcomp\AppData\Local\Temp\Foxit Updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-30 22:19

==================== End of FRST.txt ============================

Re: JS miner - vytížený procesor

Napsal: 31 bře 2018 09:19
od mr_tricoder
přidávám

Re: JS miner - vytížený procesor

Napsal: 31 bře 2018 11:38
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
U3 axqoiqu1; C:\Windows\system32\Drivers\axqoiqu1.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 agxas1uo; no ImagePath
C:\Users\ATAcomp\AppData\Local\Temp
Task: {7BF02BB0-2866-4B90-8124-C153A3AE44E2} - System32\Tasks\{17DD8700-FBA9-4669-8A79-7EAC046F940C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe" -c /M{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}
Task: {A89CBAB0-EBD4-45DE-81CD-B9A807BD028B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C105AE8F-65B1-4D38-8799-FEE13145076E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {EEE6849A-4E6B-47CF-89F7-22F06B2261B3} - System32\Tasks\{13754263-EED2-42BA-B528-15C8135A6E0F} => C:\Windows\system32\pcalua.exe -a D:\Directx\dxsetup.exe
AlternateDataStreams: C:\ProgramData\TEMP:8927A071 [404]
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: JS miner - vytížený procesor

Napsal: 31 bře 2018 22:49
od mr_tricoder
Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by ATAcomp (31-03-2018 18:25:24) Run:1
Running from C:\Users\ATAcomp\Desktop
Loaded Profiles: ATAcomp (Available Profiles: ATAcomp & host)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
U3 axqoiqu1; C:\Windows\system32\Drivers\axqoiqu1.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U3 agxas1uo; no ImagePath
C:\Users\ATAcomp\AppData\Local\Temp
Task: {7BF02BB0-2866-4B90-8124-C153A3AE44E2} - System32\Tasks\{17DD8700-FBA9-4669-8A79-7EAC046F940C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe" -c /M{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}
Task: {A89CBAB0-EBD4-45DE-81CD-B9A807BD028B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C105AE8F-65B1-4D38-8799-FEE13145076E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {EEE6849A-4E6B-47CF-89F7-22F06B2261B3} - System32\Tasks\{13754263-EED2-42BA-B528-15C8135A6E0F} => C:\Windows\system32\pcalua.exe -a D:\Directx\dxsetup.exe
AlternateDataStreams: C:\ProgramData\TEMP:8927A071 [404]
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
axqoiqu1 => service not found.
agxas1uo => service not found.

"C:\Users\ATAcomp\AppData\Local\Temp" folder move:

Could not move "C:\Users\ATAcomp\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BF02BB0-2866-4B90-8124-C153A3AE44E2}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BF02BB0-2866-4B90-8124-C153A3AE44E2}" => removed successfully.
C:\Windows\System32\Tasks\{17DD8700-FBA9-4669-8A79-7EAC046F940C} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{17DD8700-FBA9-4669-8A79-7EAC046F940C}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A89CBAB0-EBD4-45DE-81CD-B9A807BD028B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A89CBAB0-EBD4-45DE-81CD-B9A807BD028B}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C105AE8F-65B1-4D38-8799-FEE13145076E}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C105AE8F-65B1-4D38-8799-FEE13145076E}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEE6849A-4E6B-47CF-89F7-22F06B2261B3}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEE6849A-4E6B-47CF-89F7-22F06B2261B3}" => removed successfully.
C:\Windows\System32\Tasks\{13754263-EED2-42BA-B528-15C8135A6E0F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{13754263-EED2-42BA-B528-15C8135A6E0F}" => removed successfully.
C:\ProgramData\TEMP => ":8927A071" ADS removed successfully.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14544423 B
Java, Flash, Steam htmlcache => 212606052 B
Windows/system/drivers => 55277003 B
Edge => 0 B
Chrome => 696110806 B
Firefox => 244085832 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 46833354 B
LocalService => 49632 B
NetworkService => 0 B
ATAcomp => 33054003 B
host => 182592 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-03-2018 18:37:09)

C:\Users\ATAcomp\AppData\Local\Temp => moved successfully

==== End of Fixlog 18:39:24 ====

Re: JS miner - vytížený procesor

Napsal: 01 dub 2018 10:39
od Rudy
Smazáno. Nastala nějaká změna?

Re: JS miner - vytížený procesor

Napsal: 01 dub 2018 13:33
od mr_tricoder
Odezva systemu se trochu zlepšila, děkuji.

vytížení procesoru dělá schvost.exe stabilně 50%.

v zipu je screen sledování prostředků.

Re: JS miner - vytížený procesor

Napsal: 01 dub 2018 14:01
od Rudy
Na zkoušku vypněte aut. aktualizace, příp. přeinstalujte Avast.

Re: JS miner - vytížený procesor

Napsal: 01 dub 2018 19:44
od mr_tricoder
děkuji za pomoc. Aktualizace zabraly při nečinnosti vytížení do 3%.

Re: JS miner - vytížený procesor

Napsal: 01 dub 2018 20:17
od Rudy
Aktualizace ponechte vypnuté do příštích pravidelných (2. středa v dubnu). Pak zapněte, obvykle se problém s aktualizací těmi novými vyřeší. V opačněm případě se ozvěte.

Re: JS miner - vytížený procesor

Napsal: 02 dub 2018 06:39
od mr_tricoder
děkuji za pomoc

Re: JS miner - vytížený procesor

Napsal: 02 dub 2018 10:24
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz