Prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

malus
nováček
Příspěvky: 15
Registrován: březen 18
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod malus » 13 bře 2018 09:42

win+r - ComboFix/Uninstall nic nenašlo, na C:\ není

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018
Ran by Natálka (13-03-2018 09:32:27)
Running from C:\Users\Natálka\Desktop
Windows 8 (X64) (2013-12-24 21:58:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-761467974-795524095-2576382021-500 - Administrator - Disabled)
Guest (S-1-5-21-761467974-795524095-2576382021-501 - Limited - Disabled)
Natálka (S-1-5-21-761467974-795524095-2576382021-1002 - Administrator - Enabled) => C:\Users\Natálka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {3EB84D8C-4821-F4B8-2DD8-2831FAA29B21}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.01.1705, 18.03.2016 - AIMP DevTeam)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Avira (HKLM-x32\...\{59d593c9-028b-4f00-a84d-7a71f5a28ad7}) (Version: 1.2.106.18629 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{64874AE0-1F9C-426A-96FC-C53A57C97ADE}) (Version: 1.2.106.18629 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.27 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.12.5.31589 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{9D24954D-DDA8-45CC-829F-657ADC5A9BD3}) (Version: 2.0.4.54899 - Avira Operations GmbH & Co. KG)
Battle for Wesnoth 1.12.5 (HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\Battle for Wesnoth 1.12.5) (Version: 1.12.5 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{29989969-FED8-4EFB-8FB2-39429D37E471}) (Version: 5.1.5.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{FCD58C04-324A-40D1-BA9E-1A754DF1736D}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 8 (HKLM-x32\...\{2F8A00FC-1F12-44B2-AA37-F9A358EDC161}) (Version: 1.2.2 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 8.0.3.1345 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{C001689B-4EAD-4CB4-B5F7-4A85A32785DC}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{03619AEC-00EE-43CB-9F4F-25BE4C8C90D2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{D1E7D876-6B86-4B35-A93D-15B0D6C43EAF}) (Version: 8.5.4.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{3DFFDA17-EE5C-4C09-AB0B-29CD4A9E6C9C}) (Version: 12.8.47.1 - HP)
HP System Default Settings (HKLM-x32\...\{357FE1E9-5890-4697-95DD-B15E01B4AA2A}) (Version: 1.3.2 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HWiNFO32 Version 4.64 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.64 - Martin Malík - REALiX)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
LibreOffice 5.3.6.1 (HKLM\...\{968CE0B2-6DD2-4858-A0BC-5262A0606D07}) (Version: 5.3.6.1 - The Document Foundation)
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 57.0.4 (x64 cs) (HKLM\...\Mozilla Firefox 57.0.4 (x64 cs)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
OpenOffice 4.1.2 (HKLM-x32\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
Opera Stable 51.0.2830.55 (HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\Opera 51.0.2830.55) (Version: 51.0.2830.55 - Opera Software)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.33 - PDF Complete, Inc)
Quake 4(TM) (HKLM-x32\...\{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}) (Version: 1.2 - Název společnosti:) Hidden
Ralink Bluetooth Stack (HKLM\...\{B346BD6C-AE56-7DD3-175C-2374C7113BCB}) (Version: 11.0.752.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.2.612.2012 - Realtek)
RogueKiller version 12.12.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.8.0 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.25 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
ZoneAlarm Firewall (HKLM-x32\...\{6B677C8A-0051-41D4-B70A-4E721C2667D5}) (Version: 15.1.522.17528 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.522.17528 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{6E442303-774D-4AEC-A2BA-F2F523B0ACAC}) (Version: 15.1.522.17528 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-761467974-795524095-2576382021-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Natálka\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-03-12] ()
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2016-04-17] (AIMP DevTeam)
ContextMenuHandlers1: [BthSendToContextMenuExt] -> {CF373149-C3D9-4AEB-9CE8-BDD1D2FFFA5B} => C:\Windows\system32\BSAppShlExt.dll [2013-12-16] (TODO: <公司名>)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-02-01] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2010-03-15] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2016-04-17] (AIMP DevTeam)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2010-03-15] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-08-23] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-03-12] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-02-01] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2010-03-15] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2010-03-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08BC13C9-03A0-4637-B60A-03523DD8CE86} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {164AD254-3B21-48B1-A216-59F92723CD69} - System32\Tasks\Opera scheduled Autoupdate 1506745797 => C:\Users\Natálka\AppData\Local\Programs\Opera\launcher.exe [2018-03-08] (Opera Software)
Task: {29B45866-66DD-4613-9D46-90C39B467379} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-23] (Google Inc.)
Task: {3696D259-D03D-4C8C-896D-B0B52B2DFA66} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-17] (Adobe Systems Incorporated)
Task: {64C9C1E6-086D-480D-B8ED-56846CC8EA5F} - System32\Tasks\{9329A43A-AA41-450C-82CE-59321AB07DE7} => C:\Windows\system32\pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe -c -maintain pepperplugin
Task: {65656B34-4CE6-4739-95E5-7C336BB950EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {6DEDB9D3-27AA-409F-826E-35BD4C6F583C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-02-01] (Avira Operations GmbH & Co. KG)
Task: {7924AAC0-5192-4DF7-A9A6-544901D5AC20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {8299DC8C-EA42-4DAC-9C9B-BC1EA76FC430} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-08-26] (Synaptics Incorporated)
Task: {9565C158-F6C5-48A6-AFCD-6A4742632BDF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-25] ()
Task: {99752395-9CBE-441A-B8C0-CDD74B9542F6} - System32\Tasks\{876469A8-F0A0-4D06-8484-3C3E31CEEAED} => C:\Windows\system32\pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_Plugin.exe -c -maintain plugin
Task: {B45962B8-6B94-41BF-B7B2-0C23695447C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-01-30] (HP Inc.)
Task: {BB70D52B-D34C-4B4D-8659-01506C3A4140} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {BCC7E439-D79A-4647-9363-333D164A5812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {CED802AC-A153-42B5-A3CC-5B0D5A6DE8C0} - System32\Tasks\HPCeeScheduleForNatálka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-04-28] (Hewlett-Packard)
Task: {CEF9139B-2EAE-4FC2-BDF1-E631F76C0B74} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {F04C9114-CD24-4E26-9AD3-54E0B9C6E3C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {F5D43C20-B3E1-4A6D-B12B-18C6FA937B23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-23] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\7666729e-af2d-4a5d-b80a-3fbc26dbabf3.job => C:\Program Files (x86)\HD-V1.9\7666729e-af2d-4a5d-b80a-3fbc26dbabf3.exeǾ/agentregpath='HD-V1.9' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=5302A0BCBFAE42D89E61A4D0FBEEA0DEIE /verifier=7d8dab257f7d0305ffceffed62be2838 /installerversion=1_34_08_12 /installationtime=1408807585 /statsdomain=hxxp:/stats.inputgenserv.com /errorsdomain=hxxp:/errors.inputgenserv.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=hxxp:/logs.inputgenserv.com <==== ATTENTION
Task: C:\Windows\Tasks\a2698f4b-c4ac-4a42-bbaf-a84fe3f288b8.job => C:\Program Files (x86)\HD-V1.9\a2698f4b-c4ac-4a42-bbaf-a84fe3f288b8.exe <==== ATTENTION
Task: C:\Windows\Tasks\c3a11c58-3609-498f-a0a1-6bd3c2410bb4.job => C:\Program Files (x86)\HD-V1.9\c79a7363-58ba-4928-9c54-ce7f50adbb58-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleForNatálka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\RHAOLU.job => C:\Users\Natlka\AppData\Roaming\RHAOLU.exe <==== ATTENTION
Task: C:\Windows\Tasks\RUQOG.job => C:\Users\Natlka\AppData\Roaming\RUQOG.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-01-17 15:57 - 2012-01-17 15:57 - 000298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2017-03-17 18:10 - 2017-03-17 18:10 - 000959168 _____ () C:\Users\Natálka\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2013-12-16 14:46 - 2013-12-16 14:46 - 000029432 _____ () C:\Windows\system32\BsTrace.dll
2013-12-25 10:21 - 2010-03-15 11:28 - 000052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-12-16 14:45 - 2013-12-16 14:45 - 000371448 _____ () C:\Windows\system32\BsExtendFunc.dll
2013-12-16 14:45 - 2013-12-16 14:45 - 000016632 _____ () C:\Windows\system32\BsHelpCSps.dll
2013-12-16 14:45 - 2013-12-16 14:45 - 000062200 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2018-03-12 22:31 - 2018-03-12 22:31 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2018-03-13 07:41 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-13 07:41 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2012-08-23 20:08 - 2012-08-23 20:08 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-03 04:53 - 2014-02-22 09:11 - 001200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EOSNotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthmodem.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dtliteusbbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netr28x.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\rtbth.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xusb22.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [118]
AlternateDataStreams: C:\Users\Natálka\Desktop\JRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Natálka\Desktop\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Downloads\aimp_4.01.1705.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Natálka\Downloads\aimp_4.01.1705.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\11_47_68_81_495_CJ.xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\267-2012 - o stanovení Indikačního seznamu pro lázeňskou léčebně rehabilitační péči o dospělé, děti a dorost.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\CV-Europass-20161031-Pohludka-CS (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\E-CV_cz (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\FP-spec_2006.doc:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-761467974-795524095-2576382021-1002\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-03-12 22:25 - 2018-03-12 22:25 - 000000000 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-761467974-795524095-2576382021-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Natálka\Pictures\1008726-dna.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: SecureLine => 2
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: WinRM => 3
HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "Služba Acronis Scheduler2"
HKLM\...\StartupApproved\Run32: => "QLBController"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKLM\...\StartupApproved\Run32: => "PDF Complete"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\StartupApproved\StartupFolder: => "IMVU.lnk"
HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8006D399-DA87-4540-84C5-99938BFC525D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{813B4DCE-EE0E-45A2-9718-2A178B6A4F9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2C39EE9F-EAF2-4B1E-9E57-DEFA37AED585}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{2C19B9F9-F1A2-4D70-98D5-CF7559B01FAD}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{7C413B37-8ED1-45E2-B3F6-58F624877ECE}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{20A1FA01-6115-471C-BC9D-186F1812431F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9134CAAC-A961-4D51-996A-D77531C8695C}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{B032D43A-E3FE-49ED-84FC-D20B6FF76901}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{2A24FFD8-C3E6-4350-ADAF-49987C3FE2DF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-02-2018 22:10:02 Removed Avira Safe Shopping
03-03-2018 05:48:19 Naplánovaný kontrolní bod
11-03-2018 08:27:45 Odebráno: Microsoft Visual C++ 2005 Redistributable (x64)
12-03-2018 18:00:31 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2018 09:31:49 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Nelze číst data o výkonu ze služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (03/13/2018 09:31:49 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Nelze číst data o výkonu ze služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (03/13/2018 09:31:47 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Nelze číst data o výkonu ze služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (03/13/2018 09:28:49 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Nelze číst data o výkonu ze služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (03/13/2018 09:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamtray.exe, verze: 3.0.0.1284, časové razítko: 0x5a15a98e
Název chybujícího modulu: KERNELBASE.dll, verze: 6.2.9200.17581, časové razítko: 0x5644f0df
Kód výjimky: 0xc0000142
Posun chyby: 0x00078dd2
ID chybujícího procesu: 0x1200
Čas spuštění chybující aplikace: 0x01d3baa4f583e2c0
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Cesta k chybujícímu modulu: KERNELBASE.dll
ID zprávy: 37721021-2698-11e8-bfe6-b4b52f7cd1f6
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (03/13/2018 09:26:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/13/2018 09:26:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/13/2018 09:26:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/13/2018 09:26:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/13/2018 09:26:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/13/2018 09:26:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/13/2018 09:26:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/13/2018 09:26:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.


Windows Defender:
===================================
Date: 2017-03-07 22:26:07.790
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {11B25A50-6799-4C3F-A544-2579B15037CC}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2017-01-27 21:49:33.287
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {52715960-F40D-4339-BC93-5758DFDEF5A7}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2017-01-19 14:06:30.064
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {572E97D9-9082-46E1-A9F5-0FA3DD4F3A1B}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2017-01-17 22:33:41.839
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {77097CAB-E239-4A0A-8B21-B17FBD01FF9C}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2017-01-17 21:32:13.607
Description:
Vyhledávání Windows Defender bylo zastaveno před dokončením.
ID vyhledávání: {DAAE4288-D7CE-4FA1-9B44-E48C62949D1D}
Typ vyhledávání: Antimalwarový program
Parametry vyhledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2017-10-02 19:53:56.445
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.253.174.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.14202.0
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.

Date: 2017-10-02 19:53:56.445
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.253.174.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.14202.0
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.

Date: 2017-04-03 15:50:41.261
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 0.0.0.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Systém kontroly sítě
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 0.0.0.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2017-04-03 15:50:41.246
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.239.581.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13601.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2017-04-03 15:50:41.246
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.239.581.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.13601.0
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2017-06-30 12:48:32.252
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-06-30 12:30:02.389
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-06-30 11:27:57.669
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-06-30 11:17:10.897
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-06-30 11:11:07.171
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-06-30 08:39:06.012
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-06-30 07:44:28.706
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-06-29 21:04:35.848
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B840 @ 1.90GHz
Percentage of memory in use: 38%
Total physical RAM: 3976.22 MB
Available physical RAM: 2436.52 MB
Total Virtual: 5384.22 MB
Available Virtual: 3384.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:449.67 GB) (Free:160.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:12.88 GB) (Free:2.04 GB) NTFS

\\?\Volume{e004c7bb-f548-474c-b845-f1455a47527b}\ (WinRE) (Fixed) (Total:0.98 GB) (Free:0.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ============================

Reklama
malus
nováček
Příspěvky: 15
Registrován: březen 18
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod malus » 13 bře 2018 09:46

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2018
Ran by Natálka (administrator) on ASANA (13-03-2018 09:30:47)
Running from C:\Users\Natálka\Desktop
Loaded Profiles: Natálka (Available Profiles: Natálka)
Platform: Windows 8 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-06] (IDT, Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [388344 2016-05-01] (IVT Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2018-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-02-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144240 2017-12-29] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\MountPoints2: {7527eedc-28d8-11e6-bf61-b4b52f7cd1f6} - "H:\Setup.exe"
HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\MountPoints2: {c28198b1-c6d5-11e6-bf84-b4b52f7cd1f6} - "E:\WD SmartWare.exe" autoplay=true
Lsa: [Notification Packages] DPPassFilter scecli
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60995FAD-3B10-4B12-85B3-147732B2D6F0}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{60995FAD-3B10-4B12-85B3-147732B2D6F0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-761467974-795524095-2576382021-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-761467974-795524095-2576382021-1002 -> {4B8F42B0-D65B-4B88-AA96-070A40C69E2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-761467974-795524095-2576382021-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-761467974-795524095-2576382021-1002 -> {C9F45261-B24D-48BB-A215-E1FFD62D0BFE} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13014
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2013-12-16] (Skype Technologies)

FireFox:
========
FF DefaultProfile: vnjsbqzf.default-1511166607899
FF ProfilePath: C:\Users\Natálka\AppData\Roaming\Mozilla\Firefox\Profiles\vnjsbqzf.default-1511166607899 [2018-03-13]
FF Homepage: Mozilla\Firefox\Profiles\vnjsbqzf.default-1511166607899 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\vnjsbqzf.default-1511166607899 -> about:newtab
FF Extension: (Avira Browser Safety) - C:\Users\Natálka\AppData\Roaming\Mozilla\Firefox\Profiles\vnjsbqzf.default-1511166607899\Extensions\abs@avira.com [2018-03-12]
FF Extension: (Avira Password Manager) - C:\Users\Natálka\AppData\Roaming\Mozilla\Firefox\Profiles\vnjsbqzf.default-1511166607899\Extensions\passwordmanager@avira.com [2018-03-12]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-07-09] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-17] ()
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-22] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-22] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2012-10-26] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-761467974-795524095-2576382021-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Natálka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default [2018-03-13]
CHR Extension: (Prezentace) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Dokumenty) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Disk Google) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-22]
CHR Extension: (YouTube) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-22]
CHR Extension: (Tanki Online) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\chnamgoimgnbgkabfjkikldbfdhhfhdo [2016-06-22]
CHR Extension: (Tabulky) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-02-19]
CHR Extension: (HTTPS Everywhere) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2018-02-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-02]
CHR Extension: (Gmail) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-25]
CHR Profile: C:\Users\Natálka\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-13]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2012-10-26]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Natálka\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-01-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1136744 2018-02-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-02-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-02-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1533608 2018-02-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [449240 2018-02-05] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [338728 2018-02-06] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2018-01-22] (Avira Operations GmbH & Co. KG)
R3 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1579880 2016-05-01] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2016-05-01] (IVT Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [488824 2012-10-26] (DigitalPersona, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-25] (HP Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2014-02-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2014-02-22] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1795136 2018-02-01] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-06] (IDT, Inc.) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107584 2017-12-29] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2017-12-28] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1057648 2017-12-29] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2016-10-11] (The OpenVPN Project)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [60920 2018-02-01] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [178840 2018-02-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [169864 2018-02-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2018-02-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2018-02-01] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [38048 2018-02-01] (Avira Operations GmbH & Co. KG)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [50272 2013-12-16] (Ralink Corporation)
S0 cjxtpv; no ImagePath
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-10-04] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-10-04] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-03-22] (REALiX(tm))
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-03-13] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2018-03-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [46008 2018-03-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-03-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2018-03-13] (Malwarebytes)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [1660560 2016-05-13] (MediaTek Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 phantomtap; C:\Windows\system32\DRIVERS\phantomtap.sys [35664 2018-02-06] (The OpenVPN Project)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204936 2016-05-01] (Ralink Technology, Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2017-09-27] (Duplex Secure Ltd.)
S0 vhjrap; no ImagePath
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [461240 2017-12-28] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S0 ysyfer; no ImagePath
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-03-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-03-12] (Zemana Ltd.)
S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
U3 iswSvc; no ImagePath
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]
S3 SNP2UVC; \SystemRoot\system32\DRIVERS\snp2uvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-13 09:30 - 2018-03-13 09:31 - 000021843 _____ C:\Users\Natálka\Desktop\FRST.txt
2018-03-13 09:30 - 2018-03-13 09:30 - 000000000 ____D C:\FRST
2018-03-13 09:29 - 2018-03-13 09:29 - 002402816 _____ (Farbar) C:\Users\Natálka\Desktop\FRST64.exe
2018-03-13 09:26 - 2018-03-13 09:26 - 000000000 ____D C:\Users\Natálka\AppData\Local\CrashDumps
2018-03-13 07:42 - 2018-03-13 09:26 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-13 07:42 - 2018-03-13 09:26 - 000094144 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-03-13 07:42 - 2018-03-13 09:26 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-03-13 07:42 - 2018-03-13 09:25 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-13 07:42 - 2018-03-13 07:42 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-13 07:41 - 2018-03-13 07:41 - 000001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-13 07:41 - 2018-03-13 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-13 07:41 - 2018-03-13 07:41 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-03-13 07:41 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-12 23:56 - 2018-03-12 23:56 - 005660720 ____R (Swearware) C:\Users\Natálka\Downloads\ComboFix.exe
2018-03-12 23:12 - 2018-03-13 00:03 - 000000000 ___SD C:\32788R22FWJFW
2018-03-12 22:54 - 2018-03-12 22:54 - 000000000 ____D C:\Windows\erdnt
2018-03-12 22:52 - 2018-03-12 22:52 - 000001361 _____ C:\Users\Natálka\Desktop\zem.txt
2018-03-12 22:31 - 2018-03-13 09:31 - 000034249 _____ C:\Windows\ZAM.krnl.trace
2018-03-12 22:31 - 2018-03-13 09:31 - 000020164 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-12 22:31 - 2018-03-12 22:31 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-03-12 22:31 - 2018-03-12 22:31 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-03-12 22:31 - 2018-03-12 22:31 - 000001158 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-03-12 22:31 - 2018-03-12 22:31 - 000000000 ____D C:\Users\Natálka\AppData\Local\Zemana
2018-03-12 22:31 - 2018-03-12 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-03-12 22:31 - 2018-03-12 22:31 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-03-12 22:29 - 2018-03-12 22:29 - 000006006 _____ C:\Users\Natálka\Desktop\zoek-results.txt
2018-03-12 22:25 - 2018-03-12 22:25 - 000000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2018-03-12 22:19 - 2018-03-12 22:15 - 000024064 _____ C:\Windows\zoek-delete.exe
2018-03-12 22:15 - 2018-03-12 22:15 - 000000000 ____D C:\zoek_backup
2018-03-12 21:33 - 2018-03-12 21:33 - 000002850 _____ C:\Users\Natálka\Desktop\rk.txt
2018-03-12 20:47 - 2018-03-12 21:33 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-12 20:47 - 2018-03-12 20:47 - 000000862 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-03-12 20:47 - 2018-03-12 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-12 20:44 - 2018-03-12 20:46 - 036485480 _____ (Adlice Software ) C:\Users\Natálka\Desktop\setup.exe
2018-03-12 18:12 - 2018-03-12 18:12 - 000000000 ____D C:\ProgramData\Sophos
2018-03-12 18:11 - 2018-03-12 18:11 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2018-03-12 18:11 - 2018-03-12 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2018-03-12 18:11 - 2018-03-12 18:11 - 000000000 ____D C:\Program Files (x86)\Sophos
2018-03-12 18:05 - 2018-03-12 18:05 - 000001867 _____ C:\Users\Natálka\Desktop\JRT.txt
2018-03-12 17:16 - 2018-03-12 17:16 - 000000000 ____D C:\Users\Natálka\Desktop\TCPView
2018-03-12 12:47 - 2018-03-12 12:47 - 000001198 _____ C:\Users\Natálka\Desktop\mLo.txt
2018-03-12 10:36 - 2018-03-12 10:36 - 008222496 _____ (Malwarebytes) C:\Users\Natálka\Desktop\AdwCleaner.exe
2018-03-12 08:40 - 2018-03-12 08:40 - 006625600 _____ (Zemana Ltd. ) C:\Users\Natálka\Desktop\Zemana.AntiMalware.Setup.exe
2018-03-12 08:40 - 2018-03-12 08:40 - 001168896 _____ C:\Users\Natálka\Desktop\zoek.exe
2018-03-12 08:39 - 2018-03-12 08:44 - 193947136 _____ (Sophos Limited) C:\Users\Natálka\Desktop\Sophos Virus Removal Tool.exe
2018-03-11 13:18 - 2018-03-11 13:18 - 000388608 _____ (Trend Micro Inc.) C:\Users\Natálka\Downloads\HijackThis.exe
2018-03-11 11:42 - 2018-03-11 11:42 - 000000000 _____ C:\Windows\SysWOW64\config.nt
2018-03-11 11:35 - 2018-03-11 11:35 - 000326144 _____ (AVAST Software) C:\Users\Natálka\Downloads\aswclear.exe
2018-03-11 08:26 - 2018-03-11 08:26 - 000002259 _____ C:\Windows\epplauncher.mif
2018-03-11 08:22 - 2018-03-11 08:23 - 015085248 _____ (Microsoft Corporation) C:\Users\Natálka\Downloads\mseinstall.exe
2018-03-06 18:18 - 2018-03-06 18:20 - 173009582 _____ C:\Users\Natálka\Downloads\First Aid 4 Souls _Selected Ambient Works 5_Angelfield_2018.rar
2018-02-28 07:35 - 2018-02-28 07:36 - 003096761 _____ C:\Users\Natálka\Downloads\u.zip
2018-02-26 19:11 - 2018-02-26 19:18 - 304255054 _____ C:\Users\Natálka\Downloads\FLUILIQUID MIXECM-I.C.H. Beatbuster-Deep HouseChilloutLoungeLatinHouseSpace SoundRockDub.wav
2018-02-26 18:38 - 2018-02-26 18:40 - 066629710 _____ C:\Users\Natálka\Downloads\Marc Romboy Stephan Bodzin - Atlas (Adriatique Remix).wav
2018-02-26 18:31 - 2018-02-26 18:34 - 098607182 _____ C:\Users\Natálka\Downloads\Adriatique - Soul Valley (Original Mix).wav
2018-02-26 18:24 - 2018-02-26 18:28 - 072679502 _____ C:\Users\Natálka\Downloads\Marianto - Simple World (Thodoris Triantafillou CJ Jeff Remix).wav
2018-02-26 09:42 - 2018-02-26 09:43 - 065171534 _____ C:\Users\Natálka\Downloads\Klanglos - Hard Times.wav
2018-02-26 08:38 - 2018-02-26 08:39 - 064356402 _____ C:\Users\Natálka\Downloads\127147-2074716.zip
2018-02-19 20:23 - 2018-02-19 20:23 - 000000021 _____ C:\Users\Natálka\Documents\michal mail.txt
2018-02-19 19:48 - 2018-02-19 19:49 - 000441294 _____ C:\Windows\system32\Drivers\vsconfig.xml
2018-02-19 19:48 - 2018-02-19 19:48 - 000000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2018-02-19 19:48 - 2018-02-19 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2018-02-19 19:45 - 2018-02-19 19:48 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2018-02-19 19:45 - 2018-02-19 19:45 - 000000000 ____D C:\ProgramData\CheckPoint
2018-02-19 19:04 - 2018-02-19 19:04 - 000000000 ____D C:\ProgramData\Avira Operations Gmbh & Co. KG
2018-02-19 17:16 - 2018-03-12 20:47 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-02-19 17:15 - 2018-02-19 17:21 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-19 17:06 - 2018-02-19 17:06 - 000448512 _____ (OldTimer Tools) C:\Users\Natálka\Desktop\TFC.exe
2018-02-19 17:00 - 2018-02-19 17:02 - 026953288 _____ (Adlice Software) C:\Users\Natálka\Desktop\RogueKiller_portable64.exe
2018-02-19 17:00 - 2018-02-19 17:01 - 001790024 _____ (Malwarebytes) C:\Users\Natálka\Downloads\JRT (1).exe
2018-02-19 16:59 - 2018-02-19 17:11 - 192006648 _____ (Sophos Limited) C:\Users\Natálka\Downloads\Sophos Virus Removal Tool (1).exe
2018-02-19 16:59 - 2018-02-19 16:59 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-02-19 16:59 - 2018-02-19 16:59 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2018-02-19 16:58 - 2018-02-01 18:33 - 000178840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2018-02-19 16:58 - 2018-02-01 18:33 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2018-02-19 16:58 - 2018-02-01 18:33 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2018-02-19 16:58 - 2018-02-01 18:33 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2018-02-19 16:58 - 2018-02-01 18:33 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2018-02-19 16:58 - 2018-02-01 18:33 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2018-02-19 16:57 - 2018-02-19 16:57 - 000050688 _____ (Atribune.org) C:\Users\Natálka\Desktop\ATF-Cleaner.exe
2018-02-19 16:52 - 2018-02-19 16:52 - 005105672 _____ (Check Point Software Technologies Ltd.) C:\Users\Natálka\Desktop\zafwSetupWeb_151_522_17528.exe
2018-02-19 16:50 - 2018-02-19 19:04 - 000000000 ____D C:\Windows\System32\Tasks\Avira
2018-02-19 16:44 - 2018-03-11 08:29 - 000000000 ____D C:\Program Files (x86)\Avira
2018-02-19 16:44 - 2018-02-22 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-02-19 16:44 - 2018-02-22 22:09 - 000000000 ____D C:\ProgramData\Avira
2018-02-19 16:44 - 2018-02-19 16:44 - 000001198 _____ C:\Users\Public\Desktop\Avira.lnk
2018-02-19 16:43 - 2018-02-19 16:43 - 005571896 _____ (Avira Operations GmbH & Co. KG) C:\Users\Natálka\Downloads\avira_en_fass0_5a8af08b064ea__ws.exe
2018-02-15 17:03 - 2018-02-15 17:09 - 000000000 ____D C:\Users\Natálka\Downloads\Label - Involve Records [2012 - 2017]
2018-02-15 15:40 - 2018-02-15 15:43 - 000000000 ____D C:\Users\Natálka\Downloads\Boston 168 [2015 - 2018]
2018-02-15 15:07 - 2018-02-15 15:26 - 000000000 ____D C:\Users\Natálka\Downloads\VA - Rewired (2006) - lossless
2018-02-15 14:58 - 2018-02-15 14:58 - 000000000 ____D C:\Users\Natálka\Downloads\Cyberkrist_And_Equilium_-_Crossworld-Vinyl-1998-UPE
2018-02-15 14:36 - 2018-02-15 14:36 - 000000000 ____D C:\Users\Natálka\Downloads\Eco - 2 винила
2018-02-15 14:34 - 2018-02-15 14:34 - 000000000 ____D C:\Users\Natálka\Downloads\VA_-_Future_Psychedelia-1996-FLAC
2018-02-14 17:39 - 2018-02-14 17:39 - 005514616 _____ (COMODO) C:\Users\Natálka\Downloads\cfw_installer_6106_53.exe
2018-02-14 16:58 - 2018-02-01 20:41 - 000027680 _____ (PDF Complete, Inc.) C:\Windows\system32\pdfc_port.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-13 09:29 - 2013-12-27 17:06 - 000001060 _____ C:\Windows\SysWOW64\bscs.ini
2018-03-13 09:26 - 2012-09-09 06:14 - 000000000 ____D C:\ProgramData\PDFC
2018-03-13 09:24 - 2012-07-26 08:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-13 09:12 - 2013-12-24 23:05 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-761467974-795524095-2576382021-1002
2018-03-12 22:33 - 2013-12-24 22:58 - 000000000 ____D C:\Users\Natálka
2018-03-12 18:11 - 2017-11-24 14:11 - 000004052 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1506745797
2018-03-12 18:11 - 2017-09-30 05:30 - 000001323 _____ C:\Users\Natálka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2018-03-12 18:08 - 2012-07-26 06:37 - 000000000 ____D C:\Windows\Inf
2018-03-12 17:16 - 2017-03-17 18:11 - 000000000 ___RD C:\Users\Natálka\OneDrive
2018-03-12 13:41 - 2012-09-09 06:46 - 000219278 _____ C:\Windows\system32\perfh005.dat
2018-03-12 13:41 - 2012-09-09 06:46 - 000073452 _____ C:\Windows\system32\perfc005.dat
2018-03-12 13:41 - 2012-07-26 08:28 - 000285112 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-12 10:58 - 2016-03-24 18:03 - 000000000 ____D C:\AdwCleaner
2018-03-12 09:47 - 2017-06-30 12:40 - 000000000 ____D C:\Users\Natálka\AppData\LocalLow\Mozilla
2018-03-11 10:00 - 2016-04-02 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2018-03-11 09:55 - 2016-05-07 13:58 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-11 09:46 - 2014-04-30 13:01 - 000000000 ____D C:\Windows\Minidump
2018-03-11 09:33 - 2012-07-26 06:26 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-03-11 07:53 - 2017-03-01 20:21 - 000000352 _____ C:\Windows\Tasks\HPCeeScheduleForNatálka.job
2018-03-10 18:04 - 2017-03-01 20:21 - 000003170 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNatálka
2018-03-01 21:16 - 2012-07-26 09:12 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-01 21:16 - 2012-07-26 09:12 - 000000000 ____D C:\Windows\AUInstallAgent
2018-02-28 02:17 - 2017-10-23 10:49 - 000002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-21 07:17 - 2013-12-24 23:53 - 000007633 _____ C:\Users\Natálka\AppData\Local\resmon.resmoncfg
2018-02-20 17:21 - 2012-07-26 09:12 - 000000000 ____D C:\Windows\rescache
2018-02-20 07:23 - 2013-12-26 00:12 - 000000000 ____D C:\Windows\system32\MRT
2018-02-20 07:12 - 2017-10-11 04:33 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-02-20 07:11 - 2013-12-26 00:12 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-02-19 19:00 - 2016-04-02 17:45 - 000000000 ____D C:\ProgramData\Comodo
2018-02-19 18:35 - 2017-05-18 19:04 - 000000000 ____D C:\Users\Natálka\AppData\Roaming\Foxit Software
2018-02-19 18:33 - 2017-05-18 19:04 - 000000000 ____D C:\ProgramData\Foxit Software
2018-02-19 18:31 - 2016-04-10 11:05 - 000000000 ____D C:\Users\Natálka\AppData\Roaming\Comodo
2018-02-19 17:29 - 2016-02-23 12:40 - 000512152 _____ C:\Windows\system32\FNTCACHE.DAT
2018-02-19 16:37 - 2017-06-30 11:34 - 000000000 ____D C:\Users\Natálka\AppData\Roaming\AVAST Software
2018-02-19 16:37 - 2013-12-24 23:08 - 000000000 ____D C:\ProgramData\AVAST Software
2018-02-19 15:23 - 2012-07-26 08:59 - 000000000 ____D C:\Windows\CbsTemp
2018-02-14 18:13 - 2012-07-26 09:12 - 000000000 ____D C:\Windows\system32\NDF
2018-02-14 16:58 - 2016-09-21 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2018-02-14 16:58 - 2012-09-09 06:14 - 000000000 ____D C:\Program Files (x86)\PDF Complete
2018-02-14 00:25 - 2016-11-04 23:06 - 000000000 ____D C:\Users\Natálka\AppData\Roaming\vlc
2018-02-13 18:18 - 2016-10-04 14:32 - 000000000 ____D C:\Users\Natálka\AppData\Roaming\DAEMON Tools Lite

==================== Files in the root of some directories =======

2017-06-04 14:46 - 2017-06-04 14:46 - 000003584 _____ () C:\Users\Natálka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-17 20:45 - 2016-04-17 20:46 - 000000026 _____ () C:\Users\Natálka\AppData\Local\isoworkshop.ini
2013-12-24 23:53 - 2018-02-21 07:17 - 000007633 _____ () C:\Users\Natálka\AppData\Local\resmon.resmoncfg
2016-05-16 19:56 - 2016-05-16 19:56 - 000010255 _____ () C:\Users\Natálka\AppData\Local\WiDiSetupLog.20160516.205601.txt
2016-05-16 20:00 - 2016-05-16 20:00 - 000010694 _____ () C:\Users\Natálka\AppData\Local\WiDiSetupLog.20160516.210014.txt
2014-12-21 19:08 - 2014-12-21 19:08 - 000000000 _____ () C:\Users\Natálka\AppData\Local\{2ACD436E-74CD-45C2-8129-00C69212AB03}

Some files in TEMP:
====================
2018-03-13 09:28 - 2018-03-13 09:28 - 002153984 _____ (Opera Software) C:\Users\Natálka\AppData\Local\Temp\Opera_installer_180313082844846.dll
2018-03-13 09:30 - 2018-03-13 09:30 - 002153984 _____ (Opera Software) C:\Users\Natálka\AppData\Local\Temp\Opera_installer_180313083003726.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-12 09:39

==================== End of FRST.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 13 bře 2018 17:58

win+r - ComboFix/Uninstall nic nenašlo, na C:\ není

OTC si použil?

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
Nech jen Aviru , u ostatních vypni rez. ochrany.

C:\Program Files\COMODO\COMODO Internet Security --- to tam dělá co?
Zkus odinstalovat pomocí Revo Uninstaller free.

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {F5D43C20-B3E1-4A6D-B12B-18C6FA937B23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-23] (Google Inc.)
Task: C:\Windows\Tasks\7666729e-af2d-4a5d-b80a-3fbc26dbabf3.job => C:\Program Files (x86)\HD-V1.9\7666729e-af2d-4a5d-b80a-3fbc26dbabf3.exeǾ/agentregpath='HD-V1.9' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=5302A0BCBFAE42D89E61A4D0FBEEA0DEIE /verifier=7d8dab257f7d0305ffceffed62be2838 /installerversion=1_34_08_12 /installationtime=1408807585 /statsdomain=hxxp:/stats.inputgenserv.com /errorsdomain=hxxp:/errors.inputgenserv.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=hxxp:/logs.inputgenserv.com <==== ATTENTION
Task: C:\Windows\Tasks\a2698f4b-c4ac-4a42-bbaf-a84fe3f288b8.job => C:\Program Files (x86)\HD-V1.9\a2698f4b-c4ac-4a42-bbaf-a84fe3f288b8.exe <==== ATTENTION
Task: C:\Windows\Tasks\c3a11c58-3609-498f-a0a1-6bd3c2410bb4.job => C:\Program Files (x86)\HD-V1.9\c79a7363-58ba-4928-9c54-ce7f50adbb58-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\RHAOLU.job => C:\Users\Natlka\AppData\Roaming\RHAOLU.exe <==== ATTENTION
Task: C:\Windows\Tasks\RUQOG.job => C:\Users\Natlka\AppData\Roaming\RUQOG.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [118]
HKU\S-1-5-21-761467974-795524095-2576382021-1002\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\MountPoints2: {7527eedc-28d8-11e6-bf61-b4b52f7cd1f6} - "H:\Setup.exe"
HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\MountPoints2: {c28198b1-c6d5-11e6-bf84-b4b52f7cd1f6} - "E:\WD SmartWare.exe" autoplay=true
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-761467974-795524095-2576382021-1002 -> {4B8F42B0-D65B-4B88-AA96-070A40C69E2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-761467974-795524095-2576382021-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-761467974-795524095-2576382021-1002 -> {C9F45261-B24D-48BB-A215-E1FFD62D0BFE} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13014
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S0 cjxtpv; no ImagePath
S0 vhjrap; no ImagePath
S0 ysyfer; no ImagePath
U3 iswSvc; no ImagePath
C:\32788R22FWJFW
C:\Users\Natálka\Downloads\ComboFix.exe
C:\Users\Natálka\AppData\Local\{2ACD436E-74CD-45C2-8129-00C69212AB03}

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\system32\DRIVERS\cmdatp.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

malus
nováček
Příspěvky: 15
Registrován: březen 18
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod malus » 13 bře 2018 19:50

Dobrý . . OTC jsem použil.
Comodo je zřejmě zbytek. Nicméně když kouknu do Prg fl tak tuto složku tam nevidím. Zkusím Revo uninstaler.

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018
Ran by Natálka (13-03-2018 19:35:55) Run:1
Running from C:\Users\Natálka\Desktop
Loaded Profiles: Natálka (Available Profiles: Natálka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {F5D43C20-B3E1-4A6D-B12B-18C6FA937B23} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-23] (Google Inc.)
Task: C:\Windows\Tasks\7666729e-af2d-4a5d-b80a-3fbc26dbabf3.job => C:\Program Files (x86)\HD-V1.9\7666729e-af2d-4a5d-b80a-3fbc26dbabf3.exeÇľ/agentregpath='HD-V1.9' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=5302A0BCBFAE42D89E61A4D0FBEEA0DEIE /verifier=7d8dab257f7d0305ffceffed62be2838 /installerversion=1_34_08_12 /installationtime=1408807585 /statsdomain=hxxp:/stats.inputgenserv.com /errorsdomain=hxxp:/errors.inputgenserv.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=hxxp:/logs.inputgenserv.com <==== ATTENTION
Task: C:\Windows\Tasks\a2698f4b-c4ac-4a42-bbaf-a84fe3f288b8.job => C:\Program Files (x86)\HD-V1.9\a2698f4b-c4ac-4a42-bbaf-a84fe3f288b8.exe <==== ATTENTION
Task: C:\Windows\Tasks\c3a11c58-3609-498f-a0a1-6bd3c2410bb4.job => C:\Program Files (x86)\HD-V1.9\c79a7363-58ba-4928-9c54-ce7f50adbb58-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\RHAOLU.job => C:\Users\Natlka\AppData\Roaming\RHAOLU.exe <==== ATTENTION
Task: C:\Windows\Tasks\RUQOG.job => C:\Users\Natlka\AppData\Roaming\RUQOG.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [118]
HKU\S-1-5-21-761467974-795524095-2576382021-1002\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\MountPoints2: {7527eedc-28d8-11e6-bf61-b4b52f7cd1f6} - "H:\Setup.exe"
HKU\S-1-5-21-761467974-795524095-2576382021-1002\...\MountPoints2: {c28198b1-c6d5-11e6-bf84-b4b52f7cd1f6} - "E:\WD SmartWare.exe" autoplay=true
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-761467974-795524095-2576382021-1002 -> {4B8F42B0-D65B-4B88-AA96-070A40C69E2E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-761467974-795524095-2576382021-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-761467974-795524095-2576382021-1002 -> {C9F45261-B24D-48BB-A215-E1FFD62D0BFE} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13014
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S0 cjxtpv; no ImagePath
S0 vhjrap; no ImagePath
S0 ysyfer; no ImagePath
U3 iswSvc; no ImagePath
C:\32788R22FWJFW
C:\Users\Natálka\Downloads\ComboFix.exe
C:\Users\Natálka\AppData\Local\{2ACD436E-74CD-45C2-8129-00C69212AB03}

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5D43C20-B3E1-4A6D-B12B-18C6FA937B23}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5D43C20-B3E1-4A6D-B12B-18C6FA937B23}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\Windows\Tasks\7666729e-af2d-4a5d-b80a-3fbc26dbabf3.job => moved successfully
C:\Windows\Tasks\a2698f4b-c4ac-4a42-bbaf-a84fe3f288b8.job => moved successfully
C:\Windows\Tasks\c3a11c58-3609-498f-a0a1-6bd3c2410bb4.job => moved successfully
C:\Windows\Tasks\RHAOLU.job => moved successfully
C:\Windows\Tasks\RUQOG.job => moved successfully
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully
"HKU\S-1-5-21-761467974-795524095-2576382021-1002\Software\Classes\regfile" => removed successfully
"HKU\S-1-5-21-761467974-795524095-2576382021-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7527eedc-28d8-11e6-bf61-b4b52f7cd1f6}" => removed successfully
HKLM\Software\Classes\CLSID\{7527eedc-28d8-11e6-bf61-b4b52f7cd1f6} => not found
"HKU\S-1-5-21-761467974-795524095-2576382021-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c28198b1-c6d5-11e6-bf84-b4b52f7cd1f6}" => removed successfully
HKLM\Software\Classes\CLSID\{c28198b1-c6d5-11e6-bf84-b4b52f7cd1f6} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => removed successfully
HKLM\Software\Classes\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => not found
"HKU\S-1-5-21-761467974-795524095-2576382021-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8F42B0-D65B-4B88-AA96-070A40C69E2E}" => removed successfully
HKLM\Software\Classes\CLSID\{4B8F42B0-D65B-4B88-AA96-070A40C69E2E} => not found
"HKU\S-1-5-21-761467974-795524095-2576382021-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => removed successfully
HKLM\Software\Classes\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => not found
"HKU\S-1-5-21-761467974-795524095-2576382021-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9F45261-B24D-48BB-A215-E1FFD62D0BFE}" => removed successfully
HKLM\Software\Classes\CLSID\{C9F45261-B24D-48BB-A215-E1FFD62D0BFE} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => removed successfully
HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => removed successfully
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKLM\System\CurrentControlSet\Services\cjxtpv" => removed successfully
cjxtpv => service removed successfully
"HKLM\System\CurrentControlSet\Services\vhjrap" => removed successfully
vhjrap => service removed successfully
"HKLM\System\CurrentControlSet\Services\ysyfer" => removed successfully
ysyfer => service removed successfully
"HKLM\System\CurrentControlSet\Services\iswSvc" => removed successfully
iswSvc => service removed successfully
C:\32788R22FWJFW => moved successfully
C:\Users\Natálka\Downloads\ComboFix.exe => moved successfully
C:\Users\Natálka\AppData\Local\{2ACD436E-74CD-45C2-8129-00C69212AB03} => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45855468 B
Java, Flash, Steam htmlcache => 2065460 B
Windows/system/drivers => 91094 B
Edge => 0 B
Chrome => 17739408 B
Firefox => 1245184 B
Opera => 44574867 B

Temp, IE cache, history, cookies, recent:
Default => 10338 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 10636 B
NetworkService => 0 B
Natálka => 8994848 B
zbyněk => 0 B

RecycleBin => 0 B
EmptyTemp: => 123 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:37:33 ====

malus
nováček
Příspěvky: 15
Registrován: březen 18
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod malus » 13 bře 2018 20:02

Na Virus total nemám co testovat. Protože, položka cmdatp.sys v zadaném umístění neexistuje.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 13 bře 2018 20:20

je skrytý , patří ke Comodo , asi v revu nenajdeš Comodo, takže domažeme pomocí scriptu.

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
Task: {CEF9139B-2EAE-4FC2-BDF1-E631F76C0B74} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EOSNotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthmodem.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dtliteusbbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netr28x.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\rtbth.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xusb22.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Natálka\Desktop\JRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Natálka\Desktop\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Downloads\aimp_4.01.1705.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Natálka\Downloads\aimp_4.01.1705.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\11_47_68_81_495_CJ.xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\267-2012 - o stanovení Indikačního seznamu pro lázeňskou léčebně rehabilitační péči o dospělé, děti a dorost.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\CV-Europass-20161031-Pohludka-CS (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\E-CV_cz (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\FP-spec_2006.doc:$CmdZnID [26]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X]
C:\Users\Natálka\AppData\Roaming\Comodo
C:\ProgramData\Comodo
C:\Program Files\COMODO

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Pak napiš co problémy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

malus
nováček
Příspěvky: 15
Registrován: březen 18
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod malus » 13 bře 2018 20:39

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018
Ran by Natálka (13-03-2018 20:30:49) Run:2
Running from C:\Users\Natálka\Desktop
Loaded Profiles: Natálka (Available Profiles: Natálka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
Task: {CEF9139B-2EAE-4FC2-BDF1-E631F76C0B74} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EOSNotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthmodem.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dtliteusbbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netr28x.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\rtbth.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\xusb22.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Natálka\Desktop\JRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Natálka\Desktop\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Downloads\aimp_4.01.1705.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Natálka\Downloads\aimp_4.01.1705.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\11_47_68_81_495_CJ.xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\267-2012 - o stanovení Indikačního seznamu pro lázeňskou léčebně rehabilitační péči o dospělé, děti a dorost.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\CV-Europass-20161031-Pohludka-CS (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\E-CV_cz (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Natálka\Documents\FP-spec_2006.doc:$CmdZnID [26]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X]
C:\Users\Natálka\AppData\Roaming\Comodo
C:\ProgramData\Comodo
C:\Program Files\COMODO

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEF9139B-2EAE-4FC2-BDF1-E631F76C0B74}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEF9139B-2EAE-4FC2-BDF1-E631F76C0B74}" => removed successfully
C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => removed successfully
C:\Windows\system32\acmigration.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\aeinv.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\aepic.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\appraiser.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\centel.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\CompatTelRunner.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\devinv.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\EOSNotify.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\generaltel.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\invagent.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\MpSigStub.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\pcadm.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\pcaevts.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\pcalua.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\pcasvc.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\sppobjs.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\sppsvc.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\sppwinob.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\WdfCoInstaller01009.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\WinUSBCoInstaller2.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\WpdMtp.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\WpdMtpUS.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\FlashPlayerApp.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\FlashPlayerInstaller.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\Drivers\bthmodem.sys => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\Drivers\dtlitescsibus.sys => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\Drivers\dtliteusbbus.sys => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\Drivers\netr28x.sys => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\Drivers\rtbth.sys => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\Drivers\wdcsam64.sys => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\Drivers\winusb.sys => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\Drivers\xusb22.sys => ":$CmdTcID" ADS removed successfully
C:\Users\Natálka\Desktop\JRT.exe => ":$CmdTcID" ADS removed successfully
C:\Users\Natálka\Desktop\JRT.exe => ":$CmdZnID" ADS removed successfully
C:\Users\Natálka\Downloads\aimp_4.01.1705.exe => ":$CmdTcID" ADS removed successfully
C:\Users\Natálka\Downloads\aimp_4.01.1705.exe => ":$CmdZnID" ADS removed successfully
C:\Users\Natálka\Documents\11_47_68_81_495_CJ.xls => ":$CmdZnID" ADS removed successfully
C:\Users\Natálka\Documents\267-2012 - o stanovení Indikačního seznamu pro lázeňskou léčebně rehabilitační péči o dospělé, děti a dorost.pdf => ":$CmdZnID" ADS removed successfully
C:\Users\Natálka\Documents\CV-Europass-20161031-Pohludka-CS (1).pdf => ":$CmdZnID" ADS removed successfully
C:\Users\Natálka\Documents\E-CV_cz (1).doc => ":$CmdZnID" ADS removed successfully
C:\Users\Natálka\Documents\FP-spec_2006.doc => ":$CmdZnID" ADS removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3 => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1 => not found
"HKLM\System\CurrentControlSet\Services\ATP" => removed successfully
ATP => service removed successfully
C:\Users\Natálka\AppData\Roaming\Comodo => moved successfully
C:\ProgramData\Comodo => moved successfully
"C:\Program Files\COMODO" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6362727 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3544 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 25989682 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 4910 B
NetworkService => 0 B
Natálka => 8742425 B
zbyněk => 0 B

RecycleBin => 0 B
EmptyTemp: => 47.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:31:21 ====

malus
nováček
Příspěvky: 15
Registrován: březen 18
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod malus » 13 bře 2018 20:47

Základní problém, tedy mnou neiniciované spouštění prázdného okénka se od včerejška neopakovalo. Chod je plynuly a zpomaleni či sekání, když jsem se připojoval k síti ustalo.
Start je nepatrně svižnější.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 13 bře 2018 22:09

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

malus
nováček
Příspěvky: 15
Registrován: březen 18
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu  Vyřešeno

Příspěvekod malus » 14 bře 2018 06:58

Problémy nejsou. Tobě jaro3 děkuji. Klobouček

Výmaz
# DelFix v1.013 - Logfile created 14/03/2018 at 06:52:45
# Updated 17/04/2016 by Xplode
# Username : Natálka - ASANA
# Operating System : Windows 8 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Natálka\Desktop\Addition.txt
Deleted : C:\Users\Natálka\Desktop\AdwCleaner.exe
Deleted : C:\Users\Natálka\Desktop\Fixlog.txt
Deleted : C:\Users\Natálka\Desktop\FRST.txt
Deleted : C:\Users\Natálka\Desktop\FRST64.exe
Deleted : C:\Users\Natálka\Desktop\JRT.exe
Deleted : C:\Users\Natálka\Desktop\JRT.txt
Deleted : C:\Users\Natálka\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\Natálka\Desktop\TFC.exe
Deleted : C:\Users\Natálka\Desktop\zoek-results.txt
Deleted : C:\Users\Natálka\Desktop\zoek.exe
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\Natálka\Downloads\JRT (1).exe
Deleted : C:\Users\Natálka\Downloads\HijackThis.exe
Deleted : C:\Users\Natálka\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Cleaning system restore ...

Deleted : RP #169 [Removed Avira Safe Shopping | 02/22/2018 21:10:02]
Deleted : RP #170 [Naplánovaný kontrolní bod | 03/03/2018 04:48:19]
Deleted : RP #171 [Odebráno: Microsoft Visual C++ 2005 Redistributable (x64) | 03/11/2018 07:27:45]
Deleted : RP #172 [JRT Pre-Junkware Removal | 03/12/2018 17:00:31]

New restore point created !

########## - EOF - ##########


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 15 hostů