VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Přípona .coharos

https://forum.viry.cz:443/viewtopic.php?t=156252

Stránka 1 z 2

Přípona .coharos

Napsal: 13 srp 2019 15:54
od vasekpetr1
Prosím o pomoc s problémem, kdy se mi u něktrých souborů v adresářích určitých aplikací objevila přípona .coharos a aplikace jsou tak nepřístupné. Zkoušel jsem kontrolu Malwarebytes, ale ten nic škodlivého nenašel. Poraďte, jak postupovat, zda pomůže hrommadné přejmenování nebo co s tím? Mám Windows 7.
Děkuji.

Re: Přípona .coharos

Napsal: 13 srp 2019 16:56
od Rudy
Zdravím!
Pravděpodobně jste chytil tzv. Ransomware, což je malware, který zašifruje soubory. Ty pak nejdou spustit ani tehdy, když jim vrátíte původní příponu. Soubory musí být dešifrovány. To lze jen tehdy, je-li k dispozici dešiforvací klíč. Toto zde ale neprovádíme (nemáme právně ošetřen přimý přístup do PC, který je k tomu úkonu nutný). My tady jen PC můžeme vyčistit. Naši kolegové zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner se o to mohou pokusit, nezaručím vám ale, že mají k dispozici dešifrovací klíč. Důležité soubory je nutné zálohovat někam mimo PC. Pak je jen jednoduše nahradíte.

Re: Přípona .coharos

Napsal: 16 srp 2019 18:13
od vasekpetr1
To mám tedy radost!
Mám to na dvou počítačích a asi nejednodušší bude oba přeinstalovat, jenže kde mám jistotu, že to nebudu mít v PC za chvíli zase. Je proti tomu nějaká obrana?

Re: Přípona .coharos

Napsal: 16 srp 2019 18:55
od Rudy
Jediná jistota je nechodit na ty weby, z nichž jste to chytil. Nebo zálohovat soubory. PC vám můžeme vyčistit buď my, nebo kolegové, ale soubory nedešifrujeme. Chcete-li, dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Re: Přípona .coharos

Napsal: 16 srp 2019 19:55
od vasekpetr1
Mám dotaz: sám na nějaké choulostivé weby nechodím, ale mám tu na prázdninách vnoučka, který hraje hry na druhém PC, který je na domácí síti. Mohlo se něco dostat od něj?

Re: Přípona .coharos

Napsal: 16 srp 2019 20:50
od Rudy
Klidně mohlo. Tento šmejd (Ransomware) sice není klasický virus, nicméně se šíří po síti.

Re: Přípona .coharos

Napsal: 17 srp 2019 17:34
od vasekpetr1
Na této stránce uvádí, že by si s tím mohl poradit program Spyhunter 5. Zkusil jsem ho stáhnout, projel počítačem normálně i v nouzovém režimu, ale zašifrovaných souborů si nevšímá. Nevím, co dělám špatně.
P.S. mám free verzi.

Re: Přípona .coharos

Napsal: 17 srp 2019 17:51
od Rudy
Program si možná poradí s tím šmejdem, i když nevím, je to jen antispyware. K dešfrování je nutné mít dešifrovací klíč. V opačném případě jsou soubory ztraceny.

Re: Přípona .coharos

Napsal: 17 srp 2019 17:52
od vasekpetr1
FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2019
Ran by Petr (administrator) on PETR-PC (Acer Aspire 5100 ) (17-08-2019 18:45:44)
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr & DefaultAppPool (Available Profiles: Petr & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Sony Mobile Communications AB -> Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Sony Mobile Communications AB -> Sony) C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [ctfmon] => c:\Windows\System32\CTFMON.EXE [8704 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\Run: [] => [X]
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () [File not signed]
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1804648 2011-06-08] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\Run: [XperiaCompanionAgent] => C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe [2136416 2018-11-20] (Sony Mobile Communications AB -> Sony)
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {46a86ffc-026b-11e8-a349-000a3a83ac6a} - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {9a1d9e3a-bb2f-11e9-8838-000a3a83ac6a} - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {a2d5e627-0102-11e9-b265-000a3a83ac6a} - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {df439764-fb7e-11e8-a4a3-000a3a83ac6a} - G:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [ccc-core-static] -> msiexec /fums {35BDA760-4905-19AA-54A0-C118ABB5BF0C} /qb
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2012-10-17] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll [2012-10-17] (Broadcom Corporation -> Broadcom Corporation.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2018-02-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk [2017-12-26]
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) [File not signed]
Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2019-08-13]
ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe (Microsoft Corporation -> )

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CD84007-4C20-4DAA-9466-ED6C468C1541} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-12-27] (Google Inc -> Google Inc.)
Task: {1D6FAE52-6C1E-443B-85F9-FBA1C0B7FE0B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-16] (Adobe Inc. -> Adobe)
Task: {4BEE4EA6-B9E0-4C40-9D69-C27A60ECBED5} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {5CBC67D2-D0EE-416D-ACB0-FFF7EF4EAED3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-16] (Adobe Inc. -> Adobe)
Task: {99B6062F-24C7-462B-AF4E-D2DE5D8AA297} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-12-27] (Google Inc -> Google Inc.)
Task: {B5CFEA42-7DD4-4466-ADA1-8892807CC531} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {EC93609A-F188-4D08-8A70-92BBB1BF7187} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {FA194DFF-ED22-469D-BF93-002407A2D1D0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {FBC9C573-5B5A-4AF0-A79C-2FD9DAA1D287} - System32\Tasks\{62E42F89-8CF2-4CCF-89B6-DA8503AD75D2} => D:\UNISIM\Unisim.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AdwCleaner_onReboot.job => C:\Users\Petr\Downloads\adwcleaner_7.4(2).exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{77C611BC-68C1-4A00-906B-33F4B1C73CEB}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B05C8B7D-C522-4AB6-BA52-8119976C8021}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1144671694-925945238-655758262-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-1144671694-925945238-655758262-1000 -> DefaultScope {883B5E37-C3AF-427D-9709-41F463B7E917} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
SearchScopes: HKU\S-1-5-21-1144671694-925945238-655758262-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1144671694-925945238-655758262-1000 -> {883B5E37-C3AF-427D-9709-41F463B7E917} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0vf9bltc.default
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0vf9bltc.default [2019-08-17]
FF Homepage: Mozilla\Firefox\Profiles\0vf9bltc.default -> hxxps://www.google.com/
FF Extension: (ETP Search Volume Study) - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0vf9bltc.default\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-07-07]
FF Extension: (AdBlocker) - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0vf9bltc.default\Extensions\{ea167886-23c6-4115-9b7c-a33d9ed18b21}.xpi [2019-08-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-16] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2019-08-13]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-07-24] (Adobe Inc. -> Adobe Systems)
R2 Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [557056 2017-12-26] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9002288 2019-08-17] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-08-19] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5394136 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [411440 2019-08-17] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [386560 2006-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [1427808 2018-11-20] (Sony Mobile Communications AB -> Sony)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athr.sys [1096704 2009-07-14] (Microsoft Windows -> Atheros Communications, Inc.)
R3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [507704 2012-07-03] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [152400 2012-05-01] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [175144 2012-03-06] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [33832 2011-09-17] (Broadcom Corporation -> Broadcom Corporation.)
R3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [18728 2012-03-06] (Broadcom Corporation -> Broadcom Corporation.)
R3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [806320 2006-10-30] (Bison Electronics Inc. -> Bison Electronics. Inc. )
R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [62208 2017-12-26] (Microsoft Windows Hardware Compatibility Publisher -> ENE Technology Inc.)
R3 EnigmaFileMonDriver; C:\Windows\System32\drivers\EnigmaFileMonDriver.sys [60232 2019-08-17] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [42240 2017-12-26] (Microsoft Windows Hardware Compatibility Publisher -> ENE Technology Inc.)
R3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [76928 2017-12-26] (Microsoft Windows Hardware Compatibility Publisher -> ENE Technology Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [105200 2017-09-19] (Future Technology Devices International Ltd -> Future Technology Devices International Ltd.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [986624 2006-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R3 HSXHWAZL; C:\Windows\System32\DRIVERS\HSXHWAZL.sys [206848 2006-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-08-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [190624 2019-08-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [64296 2019-08-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [241760 2019-08-17] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [86768 2019-08-17] (Malwarebytes Corporation -> Malwarebytes)
R2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Conexant)
R3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [2313216 2017-12-26] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtnicxp.sys [43008 2009-07-14] (Microsoft Windows -> Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-14] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-14] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-14] (Microsoft Windows -> Conexant Systems, Inc.)
R3 winachsf; C:\Windows\System32\DRIVERS\HSX_CNXT.sys [659968 2006-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 XAudio; C:\Windows\System32\DRIVERS\xaudio.sys [8192 2006-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTWUSB; System32\Drivers\btwusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-17 18:45 - 2019-08-17 18:46 - 000018998 _____ C:\Users\Petr\Desktop\FRST.txt
2019-08-17 18:39 - 2019-08-17 18:40 - 000000000 ____D C:\FRST
2019-08-17 18:38 - 2019-08-17 18:38 - 001448960 _____ (Farbar) C:\Users\Petr\Desktop\FRST.exe
2019-08-17 14:27 - 2019-08-17 16:56 - 000064296 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-08-17 14:27 - 2019-08-17 14:27 - 000190624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-08-17 14:27 - 2019-08-17 14:27 - 000086768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-08-17 14:25 - 2019-08-17 16:55 - 000241760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-08-17 14:22 - 2019-08-17 14:22 - 007623880 _____ (Malwarebytes) C:\Users\Petr\Downloads\adwcleaner_7.4(2).exe
2019-08-17 08:27 - 2019-08-17 16:54 - 000060232 _____ (EnigmaSoft Limited) C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
2019-08-17 08:27 - 2019-08-17 08:27 - 000001198 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2019-08-17 08:27 - 2019-08-17 08:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-08-17 08:27 - 2019-08-17 08:27 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-08-17 08:26 - 2019-08-17 08:27 - 000000000 ____D C:\sh5ldr
2019-08-17 08:25 - 2019-08-17 08:25 - 000000000 ____D C:\Program Files\EnigmaSoft
2019-08-17 08:23 - 2019-08-17 08:24 - 006822192 _____ (EnigmaSoft Limited) C:\Users\Petr\Downloads\sh-remover.exe
2019-08-17 08:04 - 2019-08-17 08:04 - 011016960 _____ (Bitdefender LLC) C:\Users\Petr\Downloads\BDBartDecryptor.exe
2019-08-16 12:40 - 2019-07-30 04:16 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-08-16 12:40 - 2019-07-30 03:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-08-16 12:40 - 2019-07-19 05:34 - 002406912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-08-16 12:40 - 2019-07-13 10:34 - 000180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2019-08-16 12:40 - 2019-07-13 10:34 - 000162816 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2019-08-16 12:40 - 2019-07-13 10:34 - 000039936 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
2019-08-16 12:39 - 2019-08-05 23:55 - 000348800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-08-16 12:39 - 2019-08-04 03:21 - 020291584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-08-16 12:39 - 2019-08-04 03:15 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-08-16 12:39 - 2019-08-04 03:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-08-16 12:39 - 2019-08-04 03:04 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-08-16 12:39 - 2019-08-04 03:03 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-08-16 12:39 - 2019-08-04 03:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-08-16 12:39 - 2019-08-04 03:03 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-08-16 12:39 - 2019-08-04 03:02 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-08-16 12:39 - 2019-08-04 03:00 - 002301952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-08-16 12:39 - 2019-08-04 02:57 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-08-16 12:39 - 2019-08-04 02:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-08-16 12:39 - 2019-08-04 02:55 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-08-16 12:39 - 2019-08-04 02:54 - 000663040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-08-16 12:39 - 2019-08-04 02:54 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-08-16 12:39 - 2019-08-04 02:54 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-08-16 12:39 - 2019-08-04 02:53 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-08-16 12:39 - 2019-08-04 02:48 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-08-16 12:39 - 2019-08-04 02:45 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-08-16 12:39 - 2019-08-04 02:41 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-08-16 12:39 - 2019-08-04 02:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-08-16 12:39 - 2019-08-04 02:40 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-08-16 12:39 - 2019-08-04 02:38 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-08-16 12:39 - 2019-08-04 02:37 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-08-16 12:39 - 2019-08-04 02:36 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-08-16 12:39 - 2019-08-04 02:35 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-08-16 12:39 - 2019-08-04 02:32 - 004494848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-08-16 12:39 - 2019-08-04 02:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-08-16 12:39 - 2019-08-04 02:28 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-08-16 12:39 - 2019-08-04 02:28 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-08-16 12:39 - 2019-08-04 02:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-08-16 12:39 - 2019-08-04 02:27 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-08-16 12:39 - 2019-08-04 02:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-08-16 12:39 - 2019-08-04 02:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-08-16 12:39 - 2019-08-04 02:06 - 001331200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-08-16 12:39 - 2019-08-04 02:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-08-16 12:39 - 2019-07-30 04:19 - 004058848 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-08-16 12:39 - 2019-07-30 04:19 - 003965664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-08-16 12:39 - 2019-07-30 04:19 - 000191200 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-08-16 12:39 - 2019-07-30 04:19 - 000191200 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-08-16 12:39 - 2019-07-30 04:19 - 000137952 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-08-16 12:39 - 2019-07-30 04:19 - 000137440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-08-16 12:39 - 2019-07-30 04:19 - 000068832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-08-16 12:39 - 2019-07-30 04:17 - 001315904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000583680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-08-16 12:39 - 2019-07-30 04:16 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 04:15 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 03:56 - 000396800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-08-16 12:39 - 2019-07-30 03:56 - 000219648 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2019-08-16 12:39 - 2019-07-30 03:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2019-08-16 12:39 - 2019-07-30 03:56 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2019-08-16 12:39 - 2019-07-30 03:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-08-16 12:39 - 2019-07-30 03:53 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-08-16 12:39 - 2019-07-30 03:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-08-16 12:39 - 2019-07-30 03:53 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-08-16 12:39 - 2019-07-30 03:53 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-08-16 12:39 - 2019-07-30 03:53 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-08-16 12:39 - 2019-07-30 03:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-08-16 12:39 - 2019-07-30 03:51 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-08-16 12:39 - 2019-07-30 03:50 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-08-16 12:39 - 2019-07-30 03:48 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-08-16 12:39 - 2019-07-30 03:48 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-08-16 12:39 - 2019-07-30 03:48 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-08-16 12:39 - 2019-07-30 03:48 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-08-16 12:39 - 2019-07-30 03:48 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-08-16 12:39 - 2019-07-30 03:48 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-08-16 12:39 - 2019-07-30 03:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-08-16 12:39 - 2019-07-30 03:47 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-08-16 12:39 - 2019-07-30 03:47 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-08-16 12:39 - 2019-07-30 03:47 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-08-16 12:39 - 2019-07-30 03:47 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-08-16 12:39 - 2019-07-30 03:47 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-08-16 12:39 - 2019-07-30 03:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-08-16 12:39 - 2019-07-30 03:47 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-08-16 12:39 - 2019-07-30 03:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-08-16 12:39 - 2019-07-30 03:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-08-16 12:39 - 2019-07-30 03:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 03:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 03:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-08-16 12:39 - 2019-07-30 03:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-08-16 12:39 - 2019-07-24 04:34 - 002752000 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-08-16 12:39 - 2019-07-13 10:38 - 000242400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-08-16 12:39 - 2019-07-13 10:37 - 001312992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-08-16 12:39 - 2019-07-13 10:37 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-08-16 12:39 - 2019-07-13 10:37 - 000189152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-08-16 12:39 - 2019-07-13 10:34 - 001391616 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-08-16 12:39 - 2019-07-13 10:34 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-08-16 12:39 - 2019-07-13 10:34 - 000335360 _____ (Microsoft Corporation) C:\Windows\system32\P2PGraph.dll
2019-08-16 12:39 - 2019-07-13 10:34 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2019-08-16 12:39 - 2019-07-13 10:34 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2019-08-16 12:39 - 2019-07-13 10:34 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-08-16 12:39 - 2019-07-13 10:34 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-08-16 12:39 - 2019-07-13 10:34 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-08-16 12:39 - 2019-07-13 10:33 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-08-16 12:39 - 2019-07-13 10:33 - 000256512 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2019-08-16 12:39 - 2019-07-13 10:33 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2019-08-16 12:39 - 2019-07-13 10:33 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-08-16 12:39 - 2019-07-13 10:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2019-08-16 12:39 - 2019-07-13 10:33 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Groupinghc.dll
2019-08-16 12:39 - 2019-07-13 10:33 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2019-08-16 12:39 - 2019-07-13 10:33 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-08-16 12:39 - 2019-07-13 10:22 - 000353280 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2019-08-16 12:39 - 2019-07-13 10:22 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2019-08-16 12:39 - 2019-07-13 10:22 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2019-08-16 12:39 - 2019-07-13 10:15 - 006135808 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-08-16 12:39 - 2019-07-13 10:13 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcmonitor.dll
2019-08-16 12:39 - 2019-07-13 10:07 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-08-16 12:39 - 2019-07-04 03:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-08-13 16:23 - 2019-08-17 14:23 - 000000288 _____ C:\Windows\Tasks\AdwCleaner_onReboot.job
2019-08-13 16:22 - 2019-08-13 16:22 - 007623880 _____ (Malwarebytes) C:\Users\Petr\Downloads\adwcleaner_7.4(1).exe
2019-08-13 15:47 - 2019-08-17 14:13 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-08-13 15:46 - 2019-08-13 15:46 - 000002055 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-13 15:46 - 2019-08-13 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-13 15:46 - 2019-01-08 16:32 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-08-13 15:25 - 2019-08-13 15:25 - 007623880 _____ (Malwarebytes) C:\Users\Petr\Downloads\adwcleaner_7.4.exe
2019-08-13 14:02 - 2019-08-13 14:02 - 000109208 _____ C:\Users\Petr\AppData\Local\GDIPFONTCACHEV1.DAT
2019-08-09 10:28 - 2019-08-09 10:28 - 003170546 _____ C:\Users\Petr\Documents\Scan0002.pdf
2019-08-08 15:59 - 2019-08-08 15:59 - 000000000 ____D C:\Users\Petr\AppData\Local\Apps\2.0
2019-08-07 17:51 - 2019-08-07 17:51 - 000020955 _____ C:\Users\Petr\Documents\Rámcový jídelníček- Bohunka.xlsx
2019-08-01 15:02 - 2019-08-01 15:02 - 000021270 _____ C:\Users\Petr\Documents\Kopie - Rámcový jídelníček- Bohunka.xlsx
2019-07-24 18:31 - 2019-07-13 10:19 - 000288768 _____ (Microsoft Corporation) C:\Windows\system32\sipnotify.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-17 18:20 - 2017-12-26 11:21 - 000000000 ____D C:\Windows\system32\Macromed
2019-08-17 17:02 - 2009-07-14 06:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-08-17 17:02 - 2009-07-14 06:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-08-17 16:57 - 2017-12-26 10:56 - 000000000 ____D C:\Users\Petr\AppData\LocalLow\Mozilla
2019-08-17 16:53 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-17 14:45 - 2017-12-26 13:13 - 000000000 ____D C:\Program Files\VideoLAN
2019-08-17 14:24 - 2017-12-29 15:34 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-08-17 14:13 - 2019-04-04 11:52 - 001258624 _____ C:\Windows\ntbtlog.txt
2019-08-17 12:43 - 2019-07-15 15:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-08-17 12:43 - 2017-12-26 10:56 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-08-16 17:33 - 2017-12-30 14:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-16 17:26 - 2017-12-22 23:54 - 001713488 _____ C:\Windows\system32\PerfStringBackup.INI
2019-08-16 17:26 - 2009-07-14 10:44 - 000717054 _____ C:\Windows\system32\perfh005.dat
2019-08-16 17:26 - 2009-07-14 10:44 - 000159986 _____ C:\Windows\system32\perfc005.dat
2019-08-16 17:26 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2019-08-16 17:15 - 2009-07-14 06:33 - 000411216 _____ C:\Windows\system32\FNTCACHE.DAT
2019-08-16 17:10 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-08-16 13:22 - 2017-12-26 11:21 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-08-16 13:22 - 2017-12-26 11:21 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-08-16 12:30 - 2017-12-26 11:57 - 000000000 ____D C:\Windows\system32\MRT
2019-08-16 12:20 - 2017-12-26 11:56 - 131096328 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-08-13 15:26 - 2018-08-10 12:36 - 000000000 ____D C:\Users\Petr\AppData\Roaming\IObit
2019-08-13 15:26 - 2018-08-10 12:35 - 000000000 ____D C:\ProgramData\IObit
2019-08-13 15:24 - 2018-12-28 12:50 - 000000000 ____D C:\totalcmd
2019-08-13 14:53 - 2017-12-29 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-08-13 10:29 - 2018-12-28 12:50 - 000000000 ____D C:\Users\Petr\AppData\Roaming\GHISLER
2019-08-13 10:29 - 2017-12-26 15:09 - 000000000 ____D C:\Users\Petr\AppData\Roaming\HpUpdate
2019-08-13 10:27 - 2018-02-08 13:50 - 000000000 ____D C:\Users\Petr\AppData\LocalLow\Adblock Plus for IE
2019-08-13 10:25 - 2018-12-28 13:10 - 050497198 _____ C:\Users\Petr\AppData\Local\pcc.exe.coharos
2019-08-13 10:25 - 2018-04-04 15:25 - 000007941 _____ C:\Users\Petr\AppData\Local\Resmon.ResmonCfg.coharos
2019-08-13 10:25 - 2017-12-26 10:15 - 000000000 ____D C:\Users\Petr\AppData\Local\Microsoft Help
2019-08-13 08:46 - 2017-12-26 15:10 - 000000000 ____D C:\ProgramData\HP Photo Creations
2019-08-13 08:46 - 2017-12-26 09:36 - 000000000 ____D C:\temp
2019-08-13 08:45 - 2018-03-02 14:57 - 000000000 __SHD C:\ProgramData\DIBsection
2019-08-13 08:42 - 2018-01-06 19:02 - 000000000 ____D C:\AdwCleaner
2019-08-13 08:34 - 2018-03-02 14:57 - 000000000 ____D C:\Users\Petr\AppData\Local\MetaGeek,_LLC
2019-08-13 08:33 - 2019-07-05 12:39 - 002028960 ____H C:\Users\Petr\AppData\Local\IconCache.db.coharos
2019-08-13 08:33 - 2018-11-07 18:29 - 000000000 ____D C:\Users\Petr\AppData\Local\inSSIDer
2019-08-13 08:33 - 2018-01-15 15:29 - 000000000 ____D C:\Users\Petr\AppData\Local\IIIQF
2019-08-13 08:33 - 2017-12-26 09:14 - 000109542 _____ C:\Users\Petr\AppData\Local\GDIPFONTCACHEV1.DAT.coharos
2019-08-13 08:33 - 2017-12-26 08:51 - 000042206 _____ C:\Users\Petr\AppData\Local\HWVendorDetection.log.coharos
2019-08-08 15:51 - 2009-07-14 06:53 - 000032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-08-08 11:14 - 2017-12-27 18:47 - 000002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-07 15:54 - 2019-06-16 14:06 - 000000000 ____D C:\Users\Petr\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories ================

2017-12-26 08:51 - 2019-08-13 08:33 - 000042206 _____ () C:\Users\Petr\AppData\Local\HWVendorDetection.log.coharos
2018-12-28 13:10 - 2019-08-13 10:25 - 050497198 _____ () C:\Users\Petr\AppData\Local\pcc.exe.coharos
2018-04-04 15:25 - 2019-08-13 10:25 - 000007941 _____ () C:\Users\Petr\AppData\Local\Resmon.ResmonCfg.coharos

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2018-06-17 10:49
==================== End of FRST.txt ============================


Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-08-2019
Ran by Petr (17-08-2019 18:47:44)
Running from C:\Users\Petr\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2017-12-22 21:57:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1144671694-925945238-655758262-500 - Administrator - Disabled)
Guest (S-1-5-21-1144671694-925945238-655758262-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1144671694-925945238-655758262-1004 - Limited - Enabled)
Petr (S-1-5-21-1144671694-925945238-655758262-1000 - Administrator - Enabled) => C:\Users\Petr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3010 - Acer Incorporated)
Acer OrbiCam (HKLM\...\{4A57592C-FF92-4083-97A9-92783BD5AFB4}) (Version: - )
Adblock Plus pro IE (32-bit) (HKLM\...\{829B7328-74A3-4DF1-BCD2-C8415A36B486}) (Version: 1.6 - Eyeo GmbH)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.012.20036 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.238 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Atheros for Acer MyAllm Driver v7.1.0.90 Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{C0C3E596-F6ED-79FF-C1E2-920ED673B5F3}) (Version: 3.0.604.0 - ATI Technologies, Inc.)
Branding (HKLM\...\{630CC87A-57A3-45DC-A5A4-08CE98E0BCB7}) (Version: 1.00.0000 - Your Company Name) Hidden
Broadcom Driver Installation Program (HKLM\...\{88410D8F-8529-492B-B556-2394A29B811B}) (Version: 5.0 - Broadcom)
ccc-core-static (HKLM\...\{35BDA760-4905-19AA-54A0-C118ABB5BF0C}) (Version: 0108.2146.2565.38893 - Název společnosti:) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HP Deskjet 3050A J611 series Nápověda (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
inSSIDer (HKLM\...\{F06AB18D-6F98-48E8-9441-E3290244143D}) (Version: 2.1.4 - MetaGeek)
Malwarebytes verze 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x86 cs) (HKLM\...\Mozilla Firefox 68.0.2 (x86 cs)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2.7164 - Mozilla)
Služba Xperia Companion (HKLM\...\{AEEFEB49-3F89-4B0E-9031-56563B8F7D4E}) (Version: 2.3.7.0 - Sony) Hidden
SMSC Fast Infrared Driver (HKLM\...\{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}) (Version: 1.00.0000 - SMSC)
SpyHunter 5 (HKLM\...\SpyHunter5) (Version: 5.6.1.119 - EnigmaSoft Limited)
Studie zlepšení produktu HP Deskjet 3050A J611 series (HKLM\...\{507E61B9-AF70-4900-A0BC-ED534DE2B2B8}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.3.0 - Synaptics)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 9.21a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3400 - Broadcom)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Xperia Companion (HKLM\...\{128ab02b-3b93-4490-8304-8b16d7d1564f}) (Version: 2.3.7.0 - Sony)
Xperia Companion (HKLM\...\{8F6C5405-9677-4516-BCB0-775128C31874}) (Version: 2.3.7.0 - Sony) Hidden
Základní software zařízení HP Deskjet 3050A J611 series (HKLM\...\{0188AB09-99C9-4396-B565-7EEE0DE76488}) (Version: 25.0.571.0 - Hewlett-Packard Co.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2006-12-19] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-04 14:15 - 2018-03-04 14:15 - 000015360 _____ () [File not signed] C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3010.0__672b450de5a7e94a\Framework.Host.dll
2018-03-04 14:15 - 2018-03-04 14:15 - 000061440 _____ () [File not signed] C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3010.0__3036420f80dd6947\Framework.Library.dll
2018-03-04 14:15 - 2018-03-04 14:15 - 000032768 _____ () [File not signed] C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3010.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2018-03-04 14:15 - 2018-03-04 14:15 - 000009216 _____ () [File not signed] C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3010.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2018-03-04 14:15 - 2018-03-04 14:15 - 000006144 _____ () [File not signed] C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3010.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2018-03-04 14:15 - 2018-03-04 14:15 - 000032768 _____ (acer) [File not signed] C:\Windows\assembly\GAC_MSIL\Framework.Utility.CommonFunctions\3.0.3010.0__770d2a375f176870\Framework.Utility.CommonFunctions.dll
2017-12-26 09:08 - 2017-12-26 09:08 - 000028672 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2564.39163__90ba9c70f846762e\CCC.Implementation.dll
2017-12-26 09:08 - 2017-12-26 09:08 - 000049152 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2536.35577__90ba9c70f846762e\CLI.Foundation.dll
2017-12-26 09:08 - 2017-12-26 09:08 - 000020480 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2536.35591__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
2017-12-26 09:08 - 2017-12-26 09:08 - 000057344 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2564.39162__90ba9c70f846762e\LOG.Foundation.Implementation.dll
2017-12-26 09:08 - 2017-12-26 09:08 - 000032768 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2536.35581__90ba9c70f846762e\LOG.Foundation.Private.dll
2017-12-26 09:08 - 2017-12-26 09:08 - 000032768 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2536.35576__90ba9c70f846762e\LOG.Foundation.dll
2017-12-26 09:08 - 2017-12-26 09:08 - 000016384 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2536.35589__90ba9c70f846762e\MOM.Foundation.dll
2017-12-26 09:08 - 2017-12-26 09:08 - 000098304 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2564.39164__90ba9c70f846762e\MOM.Implementation.dll
2017-12-29 17:24 - 2017-12-29 17:24 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EsgShKernel => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2019-08-17 15:05 - 000000834 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1144671694-925945238-655758262-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: XperiaCompanionAgent => "C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A2837F35-3193-4C6E-AA3A-5C61CC3FFE56}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F3447924-249D-4E11-9060-76BF58A5453D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D3A5A30D-1C76-44EF-ACF7-8FB66506DFA2}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{324A1618-CDF4-4B4F-8B87-CDB3AEFEC5C9}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{987D486B-0850-4E08-8D55-EBE7739A7E22}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A0BEA6D2-1B34-4E06-869E-4F013E297387}] => (Allow) C:\Program Files\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony)
FirewallRules: [{70782B02-C51D-4379-9B2E-D6B1321FE34B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

16-08-2019 13:00:27 Windows Update
16-08-2019 20:59:09 Windows Update

==================== Faulty Device Manager Devices =============

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Periferní zařízení Bluetooth
Description: Periferní zařízení Bluetooth
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2019 06:43:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST.exe verze 14.8.2019.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 15ac

Čas spuštění: 01d5551a44c93e28

Čas ukončení: 16

Cesta k aplikaci: C:\Users\Petr\Downloads\FRST.exe

ID hlášení: f739d105-c10d-11e9-a9bf-000a3a83ac6a

Error: (08/16/2019 07:13:23 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Petr-PC)
Description: Aplikaci nebo službu Průzkumník Windows nelze ukončit.

Error: (08/13/2019 02:50:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {b0da8f8c-651c-42c9-9ee1-a5ed1272807a}

Error: (08/09/2019 05:26:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Unisim.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Název chybujícího modulu: USP10.dll, verze: 1.626.7601.24494, časové razítko: 0x5d0c4976
Kód výjimky: 0xc0000005
Posun chyby: 0x000463c1
ID chybujícího procesu: 0x16c8
Čas spuštění chybující aplikace: 0x01d54ec68f292bea
Cesta k chybující aplikaci: D:\UNISIM\Unisim.exe
Cesta k chybujícímu modulu: C:\Windows\system32\USP10.dll
ID zprávy: 0ea9249c-baba-11e9-b292-000a3a83ac6a

Error: (08/06/2019 05:40:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.19400 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1474

Čas spuštění: 01d54c351dc221a4

Čas ukončení: 31

Cesta k aplikaci: C:\Program Files\Internet Explorer\IEXPLORE.EXE

ID hlášení:

Error: (07/19/2019 01:10:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.19400 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 910

Čas spuštění: 01d53df49733920a

Čas ukončení: 20

Cesta k aplikaci: C:\Program Files\Internet Explorer\IEXPLORE.EXE

ID hlášení:

Error: (06/26/2019 05:27:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program iexplore.exe verze 11.0.9600.19377 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: a18

Čas spuštění: 01d52c3115d39803

Čas ukončení: 8

Cesta k aplikaci: C:\Program Files\Internet Explorer\iexplore.exe

ID hlášení:

Error: (06/20/2019 06:18:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IEXPLORE.EXE, verze: 11.0.9600.19377, časové razítko: 0x5ce88421
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.24475, časové razítko: 0x5cdd7feb
Kód výjimky: 0x80004005
Posun chyby: 0x0000845d
ID chybujícího procesu: 0x171c
Čas spuštění chybující aplikace: 0x01d52783c2d7f577
Cesta k chybující aplikaci: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Cesta k chybujícímu modulu: C:\Windows\system32\KERNELBASE.dll
ID zprávy: 0be69384-9377-11e9-8646-000a3a83ac6a


System errors:
=============
Error: (08/17/2019 04:55:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/17/2019 04:53:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:35:37, ‎17.‎8.‎2019) bylo neočekávané.

Error: (08/17/2019 02:26:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (08/17/2019 02:23:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SpyHunter 5 Kernel byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/17/2019 02:23:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba SAS Core Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (08/17/2019 02:23:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/17/2019 02:23:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (08/17/2019 02:23:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.


Windows Defender:
===================================
Date: 2019-04-11 08:47:18.825
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{0192EC02-4EAA-4D1A-943A-0ABAA00B8F32}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2018-04-08 07:48:44.478
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{888F6E33-D794-4DB2-99F8-123D448FB5E0}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2018-01-15 14:38:52.751
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=240761
Název:Misleading:Win32/Sofolview
ID:240761
Závažnost:Vysoké
Kategorie:Potenciálně nežádoucí software
Nalezeno v cestě:file:C:\Program Files\Solvusoft\DriverDoc\DriverDoc.exe;file:C:\Program Files\Solvusoft\SuiteService.exe;file:C:\Program Files\Solvusoft\Tray\SolvusoftTray.exe;file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft\DriverDoc\DriverDoc.lnk;file:C:\Users\Public\Desktop\DriverDoc.lnk;file:C:\Windows\System32\Tasks\DriverDoc Auto Start;file:C:\Windows\Tasks\DriverDoc Auto Start.job;process:pid:4000;process:pid:4000,ProcessStart:131604968012890625;process:pid:4292;process:pid:5108;process:pid:5108,ProcessStart:131604968026796875;regkey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D40FD73-4728-47F3-88F7-6C5D4CE54476};regkey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverDoc Auto Start;regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CommonToolkitTray_Solvusoft;regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files\Solvusoft\SuiteService.exe;regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHARED
Typ zjišťování:Konkrétní
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2018-01-15 14:37:36.205
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=240761
Název:Misleading:Win32/Sofolview
ID:240761
Závažnost:Vysoké
Kategorie:Potenciálně nežádoucí software
Nalezeno v cestě:file:C:\Program Files\Solvusoft\DriverDoc\DriverDoc.exe;file:C:\Program Files\Solvusoft\SuiteService.exe;file:C:\Program Files\Solvusoft\Tray\SolvusoftTray.exe;process:pid:4000;process:pid:4292;process:pid:5108
Typ zjišťování:Konkrétní
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2018-01-15 14:33:40.511
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=240761
Název:Misleading:Win32/Sofolview
ID:240761
Závažnost:Vysoké
Kategorie:Potenciálně nežádoucí software
Nalezeno v cestě:file:C:\Program Files\Solvusoft\SuiteService.exe;file:C:\Program Files\Solvusoft\Tray\SolvusoftTray.exe;process:pid:4000;process:pid:4292;process:pid:5108
Typ zjišťování:Konkrétní
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2018-08-17 11:45:32.561
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2018-08-10 14:24:54.082
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2018-07-30 15:27:57.934
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070003
Popis chyby:Systém nemůže nalézt uvedenou cestu.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2018-02-26 16:27:32.666
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor.
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

==================== Memory info ===========================

BIOS: Acer ACRSYS - 6040000 08/03/2006
Motherboard: Acer Navarro
Processor: AMD Turion(tm) 64 Mobile Technology MK-36
Percentage of memory in use: 90%
Total physical RAM: 2046.17 MB
Available physical RAM: 190.7 MB
Total Virtual: 4094.17 MB
Available Virtual: 673.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:53.21 GB) (Free:25.49 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (ACERDATA) (Fixed) (Total:53.7 GB) (Free:41 GB) NTFS
Drive f: (Nový svazek) (Fixed) (Total:4.88 GB) (Free:0.14 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 5EA4F703)
Partition 1: (Not Active) - (Size=4.9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=53.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=53.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Přípona .coharos

Napsal: 17 srp 2019 18:50
od Rudy
Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Přípona .coharos

Napsal: 18 srp 2019 09:09
od vasekpetr1
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-18-2019
# Duration: 00:00:04
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt.coharos - [2051 octets] - [24/02/2019 10:24:19]
AdwCleaner[C00].txt.coharos - [2125 octets] - [24/02/2019 10:24:42]
AdwCleaner[S01].txt.coharos - [1713 octets] - [05/03/2019 12:57:41]
AdwCleaner[C01].txt.coharos - [1899 octets] - [05/03/2019 12:58:08]
AdwCleaner[S02].txt.coharos - [1835 octets] - [05/03/2019 13:08:37]
AdwCleaner[S03].txt.coharos - [1896 octets] - [05/03/2019 13:09:12]
AdwCleaner[C03].txt.coharos - [2082 octets] - [05/03/2019 13:09:22]
AdwCleaner[S04].txt.coharos - [2018 octets] - [09/03/2019 12:22:38]
AdwCleaner[C04].txt.coharos - [2204 octets] - [09/03/2019 12:23:08]
AdwCleaner[S05].txt.coharos - [2140 octets] - [04/04/2019 12:05:27]
AdwCleaner[C05].txt.coharos - [2326 octets] - [04/04/2019 12:06:28]
AdwCleaner[S06].txt.coharos - [2426 octets] - [20/06/2019 13:13:44]
AdwCleaner[C06].txt.coharos - [2574 octets] - [20/06/2019 13:14:01]
AdwCleaner[S07].txt.coharos - [2550 octets] - [05/07/2019 10:55:13]
AdwCleaner[C07].txt.coharos - [2698 octets] - [05/07/2019 10:55:29]
AdwCleaner[S00].txt - [2554 octets] - [13/08/2019 15:26:23]
AdwCleaner[C00].txt - [2684 octets] - [13/08/2019 15:26:39]
AdwCleaner[S01].txt - [2490 octets] - [13/08/2019 16:23:07]
AdwCleaner[C01].txt - [2678 octets] - [13/08/2019 16:23:24]
AdwCleaner[S02].txt - [2612 octets] - [17/08/2019 14:23:19]
AdwCleaner[C02].txt - [2800 octets] - [17/08/2019 14:23:33]
AdwCleaner[S03].txt - [2734 octets] - [18/08/2019 09:51:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########

Re: Přípona .coharos

Napsal: 18 srp 2019 10:21
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\Run: [] => [X]
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {46a86ffc-026b-11e8-a349-000a3a83ac6a} - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {9a1d9e3a-bb2f-11e9-8838-000a3a83ac6a} - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {a2d5e627-0102-11e9-b265-000a3a83ac6a} - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {df439764-fb7e-11e8-a4a3-000a3a83ac6a} - G:\autorun.exe
Task: {0CD84007-4C20-4DAA-9466-ED6C468C1541} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-12-27] (Google Inc -> Google Inc.)
Task: {99B6062F-24C7-462B-AF4E-D2DE5D8AA297} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-12-27] (Google Inc -> Google Inc.)
SearchScopes: HKU\S-1-5-21-1144671694-925945238-655758262-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Problém je, že každý jednotlivý Ransomware je jiný a vyžaduje individuální přístup. K vašemu problému je cosi zde: https://translate.google.com/translate? ... rev=search .

Re: Přípona .coharos

Napsal: 18 srp 2019 12:04
od vasekpetr1
Fix result of Farbar Recovery Scan Tool (x86) Version: 14-08-2019
Ran by Petr (18-08-2019 12:44:06) Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\Run: [] => [X]
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {46a86ffc-026b-11e8-a349-000a3a83ac6a} - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {9a1d9e3a-bb2f-11e9-8838-000a3a83ac6a} - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {a2d5e627-0102-11e9-b265-000a3a83ac6a} - G:\autorun.exe
HKU\S-1-5-21-1144671694-925945238-655758262-1000\...\MountPoints2: {df439764-fb7e-11e8-a4a3-000a3a83ac6a} - G:\autorun.exe
Task: {0CD84007-4C20-4DAA-9466-ED6C468C1541} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-12-27] (Google Inc -> Google Inc.)
Task: {99B6062F-24C7-462B-AF4E-D2DE5D8AA297} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-12-27] (Google Inc -> Google Inc.)
SearchScopes: HKU\S-1-5-21-1144671694-925945238-655758262-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully.
"HKU\S-1-5-21-1144671694-925945238-655758262-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully.
HKU\S-1-5-21-1144671694-925945238-655758262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => removed successfully.
HKU\S-1-5-21-1144671694-925945238-655758262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46a86ffc-026b-11e8-a349-000a3a83ac6a} => removed successfully.
HKLM\Software\Classes\CLSID\{46a86ffc-026b-11e8-a349-000a3a83ac6a} => not found
HKU\S-1-5-21-1144671694-925945238-655758262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a1d9e3a-bb2f-11e9-8838-000a3a83ac6a} => removed successfully.
HKLM\Software\Classes\CLSID\{9a1d9e3a-bb2f-11e9-8838-000a3a83ac6a} => not found
HKU\S-1-5-21-1144671694-925945238-655758262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2d5e627-0102-11e9-b265-000a3a83ac6a} => removed successfully.
HKLM\Software\Classes\CLSID\{a2d5e627-0102-11e9-b265-000a3a83ac6a} => not found
HKU\S-1-5-21-1144671694-925945238-655758262-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df439764-fb7e-11e8-a4a3-000a3a83ac6a} => removed successfully.
HKLM\Software\Classes\CLSID\{df439764-fb7e-11e8-a4a3-000a3a83ac6a} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CD84007-4C20-4DAA-9466-ED6C468C1541}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CD84007-4C20-4DAA-9466-ED6C468C1541}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99B6062F-24C7-462B-AF4E-D2DE5D8AA297}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99B6062F-24C7-462B-AF4E-D2DE5D8AA297}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully.
HKU\S-1-5-21-1144671694-925945238-655758262-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62491774 B
Java, Flash, Steam htmlcache => 4306 B
Windows/system/drivers => 34326334 B
Edge => 0 B
Chrome => 114897 B
Firefox => 1096587238 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
LocalService => 0 B
NetworkService => 99148 B
Petr => 1003031438 B
DefaultAppPool.IIS APPPOOL => 0 B

RecycleBin => 127270246 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:52:20 ====

Re: Přípona .coharos

Napsal: 18 srp 2019 19:07
od Rudy
Smazáno, log by již měl být OK. Byly smazány jen zbytečnosti, nic jiného už není vidět. Ostatní v odkazu výše.

Re: Přípona .coharos

Napsal: 18 srp 2019 19:16
od vasekpetr1
Díky, zkusím zítra zavolat na neslape.cz a uvidím, jak se domluvíme.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz