VIRY.CZ

Náhle nestabilní PC, neustále zamrzá, RAM výtížena na MAX.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020
Ran by ritchi (administrator) on EXPLOITER (ATComputers AC OFFICEPRO) (28-02-2020 21:35:58)
Running from C:\Users\ritchi\Documents\viry
Loaded Profiles: ritchi (Available Profiles: ritchi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\RocketDock\RocketDock.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Winstep Software Technologies) [File not signed] C:\Program Files (x86)\Winstep\Nexus.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3665770440-1904150843-605179995-1000\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [17872000 2018-08-31] (Winstep Software Technologies) [File not signed]
HKU\S-1-5-21-3665770440-1904150843-605179995-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () [File not signed]
HKU\S-1-5-21-3665770440-1904150843-605179995-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3665770440-1904150843-605179995-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Windows -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {032C0566-2BC2-47D9-8457-91BA47D28EC3} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.9.1.12\SymErr.exe
Task: {18270250-6BD5-457E-A06C-54A8F8E169F0} - System32\Tasks\AdobeGCInvoker-1.0-EXPLOITER-ritchi => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {1D97A193-0FF1-4A96-96F8-15C6853077B2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_Plugin.exe [1456128 2019-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {29CE7C88-8799-4362-B810-6B50507DD3AD} - \Ad-Aware Update (Weekly) -> No File <==== ATTENTION
Task: {3DBF9AF1-21B5-4BEA-85F9-0AF3115235A9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {3E065948-48A1-4739-83CD-B70ACD464E8F} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.9.1.12\WSCStub.exe
Task: {46E4CC74-40F8-4EAE-9658-70B986ECE8AA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe [1456128 2019-01-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {63044813-5292-454A-8FDB-E0C19B48A095} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13769584 2018-09-19] (Piriform Ltd -> Piriform Ltd)
Task: {6E687190-1305-40F4-A853-C27B97AC0458} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-03-03] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D9A718AD-463E-4F00-BFDE-7F247235263E} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.9.1.12\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 10.255.255.20 10.255.255.10
Tcpip\..\Interfaces\{413CEC09-878A-43AC-B571-8F64574F499F}: [DhcpNameServer] 10.255.255.20 10.255.255.10
Tcpip\..\Interfaces\{612C84FF-90F9-4F3B-B4BB-A56A4FCB88B6}: [DhcpNameServer] 10.255.255.20 10.255.255.10
HKLM\System\...\Parameters\PersistentRoutes: [195.137.182.212,255.255.255.255,192.168.0.100,1]

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-09-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-09-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2018-10-10] () [File not signed]
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-12-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2018-10-10] () [File not signed]
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-12-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]

FireFox:
========
FF DefaultProfile: 82cmukkt.default
FF DefaultProfile: l9jlwg04.default
FF ProfilePath: C:\Users\ritchi\AppData\Roaming\Waterfox\Profiles\82cmukkt.default [2020-02-28]
FF Extension: (MEGA) - C:\Users\ritchi\AppData\Roaming\Waterfox\Profiles\82cmukkt.default\Extensions\firefox@mega.co.nz.xpi [2020-02-28] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json]
FF Extension: (AdBlock) - C:\Users\ritchi\AppData\Roaming\Waterfox\Profiles\82cmukkt.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2020-02-05]
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\ritchi\AppData\Roaming\Waterfox\Profiles\82cmukkt.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2020-01-22]
FF Extension: (uBlock Origin) - C:\Users\ritchi\AppData\Roaming\Waterfox\Profiles\82cmukkt.default\Extensions\uBlock0@raymondhill.net.xpi [2020-02-25]
FF Extension: (Google™ Translator) - C:\Users\ritchi\AppData\Roaming\Waterfox\Profiles\82cmukkt.default\Extensions\{059cddf1-f66c-4b63-a79a-c35ac7e6ac65}.xpi [2019-07-22]
FF Extension: (YouTube Downloader) - C:\Users\ritchi\AppData\Roaming\Waterfox\Profiles\82cmukkt.default\Extensions\{307f416a-39c0-49e0-8e96-cf802290e33c}.xpi [2019-12-27]
FF Extension: (Video DownloadHelper) - C:\Users\ritchi\AppData\Roaming\Waterfox\Profiles\82cmukkt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-05-30]
FF Extension: (YouTube-Downloader) - C:\Users\ritchi\AppData\Roaming\Waterfox\Profiles\82cmukkt.default\Extensions\{c11016db-e96e-4eb7-bc19-7121d96d0e2f}.xpi [2019-09-19]
FF ProfilePath: C:\Users\ritchi\AppData\Roaming\Mozilla\Firefox\Profiles\l9jlwg04.default [2020-02-28]
FF NetworkProxy: Mozilla\Firefox\Profiles\l9jlwg04.default -> type", 0
FF Extension: (Nimbus Screen Capture: Screenshots, Annotate) - C:\Users\ritchi\AppData\Roaming\Mozilla\Firefox\Profiles\l9jlwg04.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2020-02-25]
FF Extension: (Google Translator for Firefox) - C:\Users\ritchi\AppData\Roaming\Mozilla\Firefox\Profiles\l9jlwg04.default\Extensions\translator@zoli.bod.xpi [2019-12-07]
FF Extension: (uBlock Origin) - C:\Users\ritchi\AppData\Roaming\Mozilla\Firefox\Profiles\l9jlwg04.default\Extensions\uBlock0@raymondhill.net.xpi [2020-02-25]
FF Extension: (Video DownloadHelper) - C:\Users\ritchi\AppData\Roaming\Mozilla\Firefox\Profiles\l9jlwg04.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-12-07]
FF ProfilePath: C:\Users\ritchi\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\bqjhnwod.default [2020-02-28]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\ritchi\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\bqjhnwod.default\Extensions\langpack-cs@palemoon.org.xpi [2019-07-02] [Legacy] [not signed]
FF Extension: (ocDownloader) - C:\Users\ritchi\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\bqjhnwod.default\Extensions\ocdownloader@nextcloud.xpi [2019-05-12] [Legacy] [not signed]
FF Extension: (FireShot) - C:\Users\ritchi\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\bqjhnwod.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2018-12-03] [Legacy] [not signed]
FF Extension: (Google Translator for Pale Moon) - C:\Users\ritchi\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\bqjhnwod.default\Extensions\{ed31eaf0-5e61-49eb-89b3-808f4697c54e}.xpi [2018-12-18] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-02-18]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.1.12\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.1.12\coFFAddon [2019-06-16] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll [2019-01-12] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-09-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-09-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
StartMenuInternet: Firefox-6F940AC27A98DD61 - C:\Program Files\Waterfox\waterfox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

Opera:
=======
OPR Extension: (Video Downloader Multiformat) - C:\Users\ritchi\AppData\Roaming\Opera Software\Opera Stable\Extensions\beemgnphifpbdehfmohojkhlklfaddih [2018-11-03]
OPR Extension: (Video Downloader Plus) - C:\Users\ritchi\AppData\Roaming\Opera Software\Opera Stable\Extensions\gboebcadlnfamdgfgedimjdnnmkcpaem [2018-10-07]
OPR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\ritchi\AppData\Roaming\Opera Software\Opera Stable\Extensions\glaedmooikiamindhmfcfccncmmdagge [2019-01-04]
OPR Extension: (Google™ Translator (web-extension)) - C:\Users\ritchi\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgnebchahhepphmokjeohhoebakpfggp [2018-11-03]
OPR Extension: (Force Download) - C:\Users\ritchi\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2018-11-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft -> Alcohol Soft Development Team)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-02-27] (Malwarebytes Inc -> Malwarebytes)
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH -> TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S4 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService.exe [775680 2018-06-06] (Winstep Software Technologies) [File not signed]
R2 WirelessKB850NotificationService; C:\Windows\system32\WirelessKB850NotificationService.exe [174256 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 84291103; no ImagePath
R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Microsoft Windows -> Atheros Communications, Inc.)
R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6037504 2009-08-18] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609010.00C\ccSetx64.sys [174240 2017-03-16] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-05] (Symantec Corporation -> Symantec Corporation)
S3 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [33184 2011-03-09] (IObit Information Technology -> )
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Microsoft Windows -> Realtek Semiconductor Corporation )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2019-04-23] (Duplex Secure Ltd -> Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\system32\drivers\NSx64\1609010.00C\SRTSP64.SYS [770200 2017-03-16] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609010.00C\SRTSPX64.SYS [49312 2017-03-16] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609010.00C\SYMEFASI64.SYS [1716896 2017-03-16] (Symantec Corporation -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2019-06-16] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1609010.00C\Ironx64.SYS [291480 2017-03-16] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1609010.00C\SYMNETS.SYS [567512 2017-03-16] (Symantec Corporation -> Symantec Corporation)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
U3 ajxlhg6o; C:\Windows\System32\Drivers\ajxlhg6o.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-28 21:32 - 2020-02-28 21:36 - 000000000 ____D C:\FRST
2020-02-28 21:21 - 2020-02-28 21:34 - 000000000 ____D C:\Users\ritchi\Documents\viry
2020-02-28 21:03 - 2020-02-28 21:03 - 000388608 _____ (Trend Micro Inc.) C:\Users\ritchi\Downloads\hijackthis.exe
2020-02-28 20:39 - 2020-02-28 20:40 - 117380440 _____ (Microsoft Corporation) C:\Users\ritchi\Downloads\ndp48-x86-x64-allos-enu.exe
2020-02-28 20:30 - 2020-02-28 20:31 - 083943272 _____ (Microsoft Corporation) C:\Users\ritchi\Downloads\NDP472-KB4054530-x86-x64-AllOS-ENU.exe
2020-02-28 19:46 - 2020-02-28 19:46 - 000000000 ____D C:\Windows\CheckSur
2020-02-27 10:50 - 2020-02-27 10:50 - 000001049 _____ C:\Users\ritchi\Desktop\Adobe Photoshop CC 2018.lnk
2020-02-27 10:49 - 2020-02-27 10:49 - 000001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2018.lnk
2020-02-27 10:46 - 2020-02-27 10:46 - 000000000 ____D C:\Program Files\Adobe
2020-02-27 10:42 - 2020-02-27 10:42 - 000008554 _____ C:\Users\ritchi\Documents\cc_20200227_104245.reg
2020-02-27 10:34 - 2020-02-27 10:34 - 000000152 _____ C:\Users\ritchi\Desktop\27.2.2020 - oprava kompu.txt
2020-02-27 01:42 - 2020-02-27 01:42 - 000001957 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-02-27 01:42 - 2020-02-27 01:42 - 000001957 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-02-27 01:42 - 2020-02-27 01:42 - 000000000 ____D C:\Users\ritchi\AppData\Local\mbam
2020-02-27 01:42 - 2020-02-27 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-02-27 01:41 - 2020-02-27 01:41 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-02-27 01:40 - 2020-02-27 01:40 - 000000000 ____D C:\Program Files\Malwarebytes
2020-02-26 12:18 - 2020-02-26 12:18 - 008113696 _____ (Tim Kosse) C:\Users\ritchi\Downloads\FileZilla_3.47.1_win64-setup.exe
2020-02-26 11:59 - 2020-02-26 11:59 - 000001232 _____ C:\Users\ritchi\Desktop\WaterfoxPortable – zástupce.lnk
2020-02-26 00:10 - 2020-02-26 00:10 - 000000040 ____H C:\22D59BF6CE89
2020-02-26 00:06 - 2020-02-27 00:01 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-02-26 00:04 - 2020-02-27 00:01 - 000000000 ____D C:\Users\ritchi\AppData\Local\Adobe
2020-02-26 00:04 - 2020-02-26 00:24 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2020-02-26 00:04 - 2020-02-26 00:24 - 000002046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2020-02-26 00:04 - 2020-02-26 00:04 - 000002023 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2020-02-26 00:04 - 2020-02-26 00:04 - 000002023 _____ C:\ProgramData\Desktop\Adobe Acrobat DC.lnk
2020-02-25 23:44 - 2020-02-25 23:59 - 000540516 _____ C:\TDSSKiller.3.1.0.28_25.02.2020_23.44.46_log.txt
2020-02-25 23:42 - 2020-02-25 23:43 - 000201162 _____ C:\TDSSKiller.3.1.0.28_25.02.2020_23.42.22_log.txt
2020-02-25 22:25 - 2020-02-25 22:25 - 000006656 _____ C:\Users\ritchi\Documents\cc_20200225_222537.reg
2020-02-25 22:17 - 2020-02-25 22:17 - 000200522 _____ C:\TDSSKiller.3.1.0.28_25.02.2020_22.17.00_log.txt
2020-02-25 18:16 - 2020-02-25 18:16 - 074936505 _____ C:\Users\ritchi\AppData\Local\bE8JoB4gm.exe
2020-02-25 17:48 - 2020-02-28 08:53 - 000000000 ____D C:\Program Files\Waterfox
2020-02-25 17:48 - 2020-02-25 17:48 - 000000903 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2020-02-25 17:48 - 2020-02-25 17:48 - 000000891 _____ C:\Users\Public\Desktop\Waterfox.lnk
2020-02-25 17:48 - 2020-02-25 17:48 - 000000891 _____ C:\ProgramData\Desktop\Waterfox.lnk
2020-02-25 17:09 - 2020-02-28 00:38 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2020-02-25 17:09 - 2020-02-25 17:09 - 000000995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2020-02-25 17:01 - 2020-02-25 17:01 - 000000000 ____D C:\Users\ritchi\AppData\Roaming\Talkback
2020-02-25 11:18 - 2020-02-25 11:18 - 000000000 ____D C:\Users\ritchi\AppData\Local\TeamViewer
2020-02-25 11:16 - 2020-02-25 11:16 - 000000326 _____ C:\Users\ritchi\Desktop\25.2.2020.txt
2020-02-25 11:15 - 2020-02-25 11:15 - 000010655 _____ C:\Users\ritchi\Documents\9lab-log-2020-02-25 (11-06-36).txt
2020-02-25 09:16 - 2020-02-25 09:16 - 000002766 _____ C:\Users\ritchi\Documents\cc_20200225_091609.reg
2020-02-25 09:07 - 2020-02-25 09:09 - 001091416 _____ C:\TDSSKiller.3.1.0.28_25.02.2020_09.07.00_log.txt
2020-02-25 09:02 - 2020-02-25 09:05 - 000581122 _____ C:\TDSSKiller.3.1.0.28_25.02.2020_09.02.48_log.txt
2020-02-25 09:00 - 2020-02-25 09:01 - 000007070 _____ C:\TDSSKiller.3.1.0.28_25.02.2020_09.00.58_log.txt
2020-02-25 08:07 - 2020-02-25 08:07 - 000001498 _____ C:\Users\ritchi\Desktop\Opera.lnk
2020-02-25 08:06 - 2020-02-25 08:06 - 000001291 _____ C:\Users\ritchi\Desktop\OperaTor – zástupce.lnk
2020-02-25 08:04 - 2020-02-25 15:25 - 000000000 ____D C:\Users\ritchi\Documents\Zálohy-Profil
2020-02-25 05:17 - 2020-02-26 12:25 - 000280576 ___SH C:\Users\ritchi\Documents\Thumbs.db
2020-02-24 13:48 - 2020-02-25 05:07 - 000000000 ____D C:\ProgramData\clp
2020-02-24 13:20 - 2020-02-24 13:20 - 000000000 ____D C:\Program Files\Common Files\adaware
2020-02-24 13:16 - 2020-02-24 13:19 - 000546448 _____ C:\TDSSKiller.3.1.0.28_24.02.2020_13.16.08_log.txt
2020-02-24 13:13 - 2020-02-24 13:13 - 000007808 _____ C:\TDSSKiller.3.1.0.28_24.02.2020_13.13.05_log.txt
2020-02-24 09:43 - 2020-02-24 09:43 - 000000564 _____ C:\Users\ritchi\Desktop\24.2.2020.txt
2020-02-24 08:37 - 2020-02-24 08:37 - 000000000 ____D C:\Users\ritchi\AppData\Local\cache
2020-02-22 16:58 - 2020-02-22 16:58 - 013199355 _____ C:\Users\ritchi\Downloads\Baggy Ash Piss - ThisVid.com.mp4
2020-02-22 11:32 - 2020-02-25 18:16 - 000000000 ____D C:\Program Files (x86)\MSECACHE
2020-02-22 11:32 - 2020-02-22 11:32 - 074936505 _____ C:\Users\ritchi\AppData\Local\uB.exe
2020-02-22 11:32 - 2020-02-22 11:32 - 000000000 ____D C:\ProgramData\Isolated Storage
2020-02-22 11:18 - 2020-02-22 11:18 - 000000957 _____ C:\Users\ritchi\Documents\22.2.2020.txt
2020-02-22 11:13 - 2020-02-22 11:13 - 000009978 _____ C:\Users\ritchi\Documents\cc_20200222_111301.reg
2020-02-19 19:23 - 2020-02-19 19:23 - 000000113 _____ C:\Users\ritchi\Documents\inscenace.txt
2020-02-11 02:25 - 2020-02-11 02:25 - 010434721 _____ C:\Users\ritchi\Downloads\Eisensteig-Fetish-Party XTube Porn Video from whosnasty.mp4
2020-02-08 11:03 - 2020-02-08 11:03 - 016030642 _____ C:\Users\ritchi\Downloads\Slm Bb Madrid - necar33.tumblr.com - Tumbex.mp4
2020-02-08 05:16 - 2020-02-08 05:17 - 000170435 _____ C:\Users\ritchi\Downloads\BH VID.mp4
2020-02-02 00:25 - 2020-02-02 00:25 - 000000468 _____ C:\Users\ritchi\Documents\1.2.2020.txt
2020-01-29 05:49 - 2020-01-29 05:49 - 006745769 _____ C:\Users\ritchi\Downloads\JUNKIETRASH - junkietrashsquatter-on-bdsmlr.tumblr.com - Tum.mp4
2020-01-29 05:47 - 2020-01-29 05:47 - 001713247 _____ C:\Users\ritchi\Downloads\The Thunderbird Chronicles - orange-caps.tumblr.com - Tumbex.mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-28 21:06 - 2009-07-14 05:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-02-28 21:06 - 2009-07-14 05:45 - 000020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-02-28 21:00 - 2018-09-29 12:26 - 000000000 ____D C:\Users\ritchi\AppData\LocalLow\Mozilla
2020-02-28 20:58 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-28 20:43 - 2018-09-29 13:27 - 001557248 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-02-28 20:43 - 2009-07-14 16:18 - 000668372 _____ C:\Windows\system32\perfh005.dat
2020-02-28 20:43 - 2009-07-14 16:18 - 000141032 _____ C:\Windows\system32\perfc005.dat
2020-02-28 20:43 - 2009-07-14 06:13 - 001557248 _____ C:\Windows\system32\PerfStringBackup.INI
2020-02-28 20:43 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2020-02-28 19:31 - 2019-12-07 10:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-02-28 19:20 - 2018-09-29 13:34 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2020-02-28 09:46 - 2018-09-29 12:26 - 000000000 ____D C:\Users\ritchi\AppData\Roaming\Mozilla
2020-02-28 00:45 - 2018-10-06 11:58 - 000000000 ____D C:\Users\ritchi\AppData\Local\CrashDumps
2020-02-27 11:30 - 2018-09-29 13:57 - 000000000 ____D C:\ProgramData\Adobe
2020-02-27 11:26 - 2018-11-22 17:38 - 000000000 ____D C:\Users\ritchi\AppData\Roaming\uTorrent
2020-02-27 11:02 - 2018-09-29 13:58 - 000000000 ____D C:\Users\ritchi\AppData\Roaming\Adobe
2020-02-27 10:53 - 2018-09-29 20:54 - 000000000 ____D C:\Users\ritchi\AppData\Local\ESET
2020-02-27 10:49 - 2019-09-30 17:38 - 000000000 ____D C:\Users\ritchi\Documents\Adobe
2020-02-27 10:49 - 2018-09-29 14:19 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-02-27 01:41 - 2019-04-26 22:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-02-26 12:40 - 2018-09-29 14:54 - 000000000 ____D C:\Users\ritchi\AppData\Roaming\FileZilla
2020-02-26 12:28 - 2018-10-08 17:16 - 000001480 _____ C:\Users\ritchi\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2020-02-26 12:23 - 2019-01-05 17:26 - 000000000 _____ C:\screen.bmp
2020-02-26 12:18 - 2019-01-15 16:52 - 000001867 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2020-02-26 12:18 - 2019-01-15 16:52 - 000001867 _____ C:\ProgramData\Desktop\FileZilla Client.lnk
2020-02-26 12:18 - 2018-09-29 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2020-02-26 12:18 - 2018-09-29 14:54 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2020-02-26 08:37 - 2018-10-09 09:18 - 000000000 ____D C:\Program Files\Adware-Removal-Tool
2020-02-26 00:14 - 2019-05-18 16:36 - 000003462 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0-EXPLOITER-ritchi
2020-02-26 00:13 - 2018-09-29 13:40 - 000185352 _____ C:\Users\ritchi\AppData\Local\GDIPFONTCACHEV1.DAT
2020-02-26 00:13 - 2009-07-14 05:45 - 006318808 _____ C:\Windows\system32\FNTCACHE.DAT
2020-02-26 00:10 - 2018-09-29 14:05 - 000000000 ____D C:\Users\ritchi\AppData\LocalLow\Adobe
2020-02-25 23:32 - 2018-10-09 11:58 - 000290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2020-02-25 22:22 - 2018-09-29 11:30 - 000000000 ____D C:\Users\ritchi
2020-02-25 22:21 - 2019-04-23 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2020-02-25 22:21 - 2018-10-10 08:36 - 000000000 ____D C:\Users\ritchi\AppData\Roaming\LangSoft
2020-02-25 22:21 - 2018-09-29 13:57 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-02-25 22:21 - 2018-09-29 12:39 - 000000000 ____D C:\Users\ritchi\AppData\Local\Mozilla
2020-02-25 22:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2020-02-25 18:13 - 2019-04-26 23:32 - 000000000 ____D C:\ProgramData\Lavasoft
2020-02-25 17:09 - 2018-10-04 08:37 - 000000000 ____D C:\Users\ritchi\AppData\Local\Thunderbird
2020-02-25 15:26 - 2019-04-23 09:34 - 000000000 ____D C:\Program Files (x86)\FreeCodecPack
2020-02-25 15:26 - 2018-11-05 17:08 - 000000000 ____D C:\ProgramData\IObit
2020-02-25 15:26 - 2018-10-04 08:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-02-25 15:26 - 2009-07-14 04:20 - 000000000 __RSD C:\Windows\Media
2020-02-25 15:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\SysWOW64\ras
2020-02-25 15:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\ras
2020-02-25 12:03 - 2018-10-04 08:52 - 000000000 ____D C:\Users\ritchi\AppData\Roaming\TeamViewer
2020-02-25 11:02 - 2020-01-08 19:49 - 000000000 ____D C:\Users\ritchi\Documents\Máša-settopbox
2020-02-25 11:02 - 2019-10-21 14:19 - 000000000 ____D C:\Users\ritchi\Documents\Lednička
2020-02-25 11:02 - 2019-07-09 19:35 - 000000000 ____D C:\Users\ritchi\Documents\OEF-2019
2020-02-25 11:02 - 2019-05-12 17:45 - 000000000 ____D C:\Users\ritchi\Documents\STB
2020-02-25 11:02 - 2019-05-08 18:41 - 000000000 ____D C:\Users\ritchi\Documents\SSD disk
2020-02-25 11:02 - 2018-11-30 20:39 - 000000000 ____D C:\Users\ritchi\Documents\Vladěna - džíny
2020-02-25 11:02 - 2018-11-05 14:25 - 000000000 ____D C:\Users\ritchi\Documents\Tom-narozky
2020-02-25 09:06 - 2009-07-14 06:08 - 000032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-02-25 09:05 - 2018-10-09 09:17 - 000000000 ____D C:\TDSSKiller_Quarantine
2020-02-25 05:49 - 2019-06-16 13:36 - 000000000 ____D C:\Windows\system32\Tasks\Norton Security
2020-02-25 05:49 - 2019-04-23 09:50 - 000000000 ____D C:\Program Files (x86)\DsNET Corp
2020-02-25 05:49 - 2019-01-05 17:51 - 000000000 ____D C:\Users\ritchi\AppData\Roaming\Waterfox
2020-02-25 05:49 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\AppCompat
2020-02-25 05:47 - 2019-01-05 17:51 - 000000000 ____D C:\Users\ritchi\AppData\Local\Waterfox
2020-02-22 11:13 - 2019-11-04 11:25 - 000002796 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-02-22 09:30 - 2018-10-05 16:01 - 000000000 ____D C:\Users\ritchi\dwhelper
2020-02-21 16:14 - 2018-12-03 18:43 - 000000000 ____D C:\Program Files\Pale Moon
2020-02-16 06:27 - 2018-10-06 16:37 - 000000000 ____D C:\Windows\system32\MRT
2020-02-16 06:21 - 2019-11-04 09:33 - 120407888 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories ========

2019-01-24 17:27 - 2019-01-24 17:27 - 000000132 _____ () C:\Users\ritchi\AppData\Roaming\Adobe Formát AIFF CS6 – předvolby
2018-11-20 23:35 - 2019-04-17 15:37 - 000000132 _____ () C:\Users\ritchi\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2019-06-03 21:07 - 2019-12-08 18:40 - 000024126 _____ () C:\Users\ritchi\AppData\Roaming\SLOVA.WAV
2019-06-03 21:07 - 2019-12-08 18:40 - 000023726 _____ () C:\Users\ritchi\AppData\Roaming\TMP.WAV
2018-10-08 17:16 - 2020-02-26 12:28 - 000001480 _____ () C:\Users\ritchi\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2020-02-25 18:16 - 2020-02-25 18:16 - 074936505 _____ () C:\Users\ritchi\AppData\Local\bE8JoB4gm.exe
2019-03-12 13:19 - 2019-03-12 13:19 - 000004096 ____H () C:\Users\ritchi\AppData\Local\keyfile3.drm
2018-10-03 14:53 - 2020-02-25 22:08 - 000000615 _____ () C:\Users\ritchi\AppData\Local\oobelibMkey.log
2019-04-26 23:07 - 2019-04-26 23:07 - 000007633 _____ () C:\Users\ritchi\AppData\Local\Resmon.ResmonCfg
2020-02-22 11:32 - 2020-02-22 11:32 - 074936505 _____ () C:\Users\ritchi\AppData\Local\uB.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-02-17 01:35
==================== End of FRST.txt ========================

Zdravím!
Jak je na tom váš oper. systém s legalitou?

Kámošovo PC, odkoupeno z nějaký fabriky jako vyřazený, léta beželo v pohodě, systém by měl být legal

Pokud je to tak, potom ano. Na PC zakoupeném v běžném obchodě by byla,verze Ultimate nejspíš nelegální. Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-02-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-29-2020
# Duration: 00:00:00
# OS: Windows 7 Ultimate
# Cleaned: 0
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1295 octets] - [24/02/2020 13:35:13]
AdwCleaner[C00].txt - [1461 octets] - [24/02/2020 13:35:28]
AdwCleaner[S01].txt - [1417 octets] - [25/02/2020 09:31:02]
AdwCleaner[C01].txt - [1583 octets] - [25/02/2020 09:31:26]
AdwCleaner[S02].txt - [1539 octets] - [25/02/2020 23:39:15]
AdwCleaner[C02].txt - [1705 octets] - [25/02/2020 23:40:13]
AdwCleaner[S03].txt - [1775 octets] - [29/02/2020 12:05:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Task: {29CE7C88-8799-4362-B810-6B50507DD3AD} - \Ad-Aware Update (Weekly) -> No File <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx <not found>
S3 84291103; no ImagePath
U3 ajxlhg6o; C:\Windows\System32\Drivers\ajxlhg6o.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

EmptyTemp:
End

Uložte do C:\Users\ritchi\Documents\viry jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte. Log Addition, bohužel, v příloze není.

Log Addition se jevil dlouhý, tak jsem ho zabalil do RAR archivu, bohužel špatně.
Zde tedy náprava - původní log Addition v příloze, omlouvám se.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020
Ran by ritchi (29-02-2020 15:46:07) Run:1
Running from C:\Users\ritchi\Documents\viry
Loaded Profiles: ritchi (Available Profiles: ritchi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Task: {29CE7C88-8799-4362-B810-6B50507DD3AD} - \Ad-Aware Update (Weekly) -> No File <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.1.12\Exts\Chrome.crx <not found>
S3 84291103; no ImagePath
U3 ajxlhg6o; C:\Windows\System32\Drivers\ajxlhg6o.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29CE7C88-8799-4362-B810-6B50507DD3AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29CE7C88-8799-4362-B810-6B50507DD3AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully
HKLM\System\CurrentControlSet\Services\84291103 => removed successfully
84291103 => service removed successfully
ajxlhg6o => service not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35687413 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 561997 B
Edge => 0 B
Chrome => 0 B
Firefox => 532263357 B
Opera => 156924 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83693 B
systemprofile32 => 150049 B
LocalService => 216277 B
NetworkService => 283735 B
ritchi => 138434407 B

RecycleBin => 1333059693 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:46:26 ====

Tak ještě jednou. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
AlternateDataStreams: C:\Users\ritchi\Local Settings:{65003700-7900-6D00-5900-4D006E007700} [832]
AlternateDataStreams: C:\Users\ritchi\AppData\Local:{65003700-7900-6D00-5900-4D006E007700} [832]
AlternateDataStreams: C:\Users\ritchi\AppData\Local\Data aplikací:{65003700-7900-6D00-5900-4D006E007700} [832]
AlternateDataStreams: C:\Users\ritchi\AppData\Local\Temp:{65003700-7900-6D00-5900-4D006E007700} [832]
FirewallRules: [{624B067D-5490-41F8-96D7-0B7B376E559A}] => (Allow) K:\Opera\56.0.3051.36\opera.exe No File

EmptyTemp:
End

Uložte do C:\Users\ritchi\Documents\viry jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020
Ran by ritchi (01-03-2020 08:49:31) Run:2
Running from C:\Users\ritchi\Documents\viry
Loaded Profiles: ritchi (Available Profiles: ritchi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
AlternateDataStreams: C:\Users\ritchi\Local Settings:{65003700-7900-6D00-5900-4D006E007700} [832]
AlternateDataStreams: C:\Users\ritchi\AppData\Local:{65003700-7900-6D00-5900-4D006E007700} [832]
AlternateDataStreams: C:\Users\ritchi\AppData\Local\Data aplikac�:{65003700-7900-6D00-5900-4D006E007700} [832]
AlternateDataStreams: C:\Users\ritchi\AppData\Local\Temp:{65003700-7900-6D00-5900-4D006E007700} [832]
FirewallRules: [{624B067D-5490-41F8-96D7-0B7B376E559A}] => (Allow) K:\Opera\56.0.3051.36\opera.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt => removed successfully
C:\Users\ritchi\Local Settings => ":{65003700-7900-6D00-5900-4D006E007700}" ADS removed successfully
"C:\Users\ritchi\AppData\Local" => ":{65003700-7900-6D00-5900-4D006E007700}" ADS not found.
"C:\Users\ritchi\AppData\Local\Data aplikac�" => ":{65003700-7900-6D00-5900-4D006E007700}" ADS not found.
C:\Users\ritchi\AppData\Local\Temp => ":{65003700-7900-6D00-5900-4D006E007700}" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{624B067D-5490-41F8-96D7-0B7B376E559A}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7265313 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 327680 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
ritchi => 9141860 B

RecycleBin => 0 B
EmptyTemp: => 24 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 08:49:32 ====

Teď je to OK. Nastala nějaká změna?

Nastala VÝRAZNÁ změna... vytížení RAM v pohodě, PC nezamrzá a chová se normálně... Díky pane!
Můžu se ještě zeptat v čem tkvěl problém?

Řada zbytečností a dočasných souborů internetu. Nemáte zač!

VIRY.CZ

PC nestabilní, zamrzá - prosím o kontrolu logu -díky

PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky

Re: PC nestabilní, zamrzá - prosím o kontrolu logu -díky