Prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

stomas
nováček
Příspěvky: 39
Registrován: září 17
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod stomas » 17 zář 2017 18:45

Zoek z nějakého důvodu neproběhl. Zkusil jsem dbakrát a vždycky se na stejném místě "Firefox extensions" zastavil. Jeho okno nešlo zavřít, pořád hlási, že program běží. Spustil jsem tedy Zemana Antimalw.

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.9.17
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
BIOS Mode : Legacy
CUID : 123FE5B4746A413167C667
Scan Type : Skenování systému
Duration : 1m 2s
Scanned Objects : 166579
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

wrc@avast.com
Status : Skenováno
Object : %appdata%\mozilla\firefox\profiles\0ypjyitu.default-1505462904125\extensions\wrc@avast.com.xpi
MD5 : B783F45D3E264115E541989FE1BECDE4
Publisher : -
Size : 706895
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Opravit
Related Objects :
Rozšíření prohlížeče - wrc@avast.com
Soubor - %appdata%\mozilla\firefox\profiles\0ypjyitu.default-1505462904125\extensions\wrc@avast.com.xpi


Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0
Naposledy upravil(a) stomas dne 17 zář 2017 18:55, celkem upraveno 1 x.

Reklama
stomas
nováček
Příspěvky: 39
Registrován: září 17
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod stomas » 17 zář 2017 18:51

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:50:10, on 17.9.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18500)

FIREFOX: 55.0.3 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\Users\Tomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\TREZOR Bridge\trezord.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Users\Tomas\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\mshta.exe
C:\Program Files (x86)\LG Software\LG Smart Share\Update\SmartShareTray.exe
C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
C:\Program Files (x86)\LG Software\LG Smart Share\DMC\Aggregation.exe
C:\Users\Tomas\AppData\Local\Temp\PEVZ.EXE
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\Tomas\Desktop\pc-help-malw-problem\0_log_HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJBE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-700 Series"
O4 - HKCU\..\Run: [AIMP3] C:\Program Files (x86)\AIMP3\AIMP3.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\Tomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: TREZOR Bridge.lnk = C:\Program Files (x86)\TREZOR Bridge\trezord.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 13129 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 17 zář 2017 20:32

zoek spustit v nouz. režimu.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)


Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Jsou nějaké problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

stomas
nováček
Příspěvky: 39
Registrován: září 17
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod stomas » 17 zář 2017 21:39

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Tomas on ne 17.09.2017 at 21:28:28,96.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\Tomas\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== Older Logs ======================

C:\zoek-results2017-09-17-082518.log 3556 bytes
C:\zoek-results2017-09-17-102603.log 2441 bytes
C:\zoek-results2017-09-17-185901.log 2664 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125\jetpack deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2017-09-17 16:38:22 8563D6EAB71FB6DDE6EF6A21D325EDF8 17106 ----a-w- C:\Windows\ZAM_Guard.krnl.trace
2017-09-17 16:38:22 05CD0E75FCA0D1D3DE211BB4D21D7942 44487 ----a-w- C:\Windows\ZAM.krnl.trace
2017-09-16 18:57:34 3821A599E06206ADF869FE3962238E7E 684987749 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\Tomas\AppData\Local\Temp ====
2017-09-16 20:07:17 E476C3567D767A1D62B2A91F1CED8697 1732864 ----a-w- C:\Users\Tomas\AppData\Local\Temp\dllnt_dump.dll
2017-09-16 19:07:28 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Tomas\AppData\Local\Temp\jrt\nfo\nircmdc.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2017-09-08 20:04:29 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\SysWOW64\last.dump
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2017-09-17 16:38:17 21E13F2CB269DEFEAE5E1D09887D47BB 203680 ----a-w- C:\Windows\Sysnative\drivers\zamguard64.sys
2017-09-17 16:38:17 21E13F2CB269DEFEAE5E1D09887D47BB 203680 ----a-w- C:\Windows\Sysnative\drivers\zam64.sys
2017-09-16 20:07:55 0D5A09B08568760AE85A801FCBC0F83D 28272 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
====== C:\Windows\Tasks ======
2017-09-17 16:49:58 6BA9EEA9AAE9D72ED1C54FCDADA8905B 3216 ----a-w- C:\Windows\Sysnative\Tasks\{CBC42554-8394-4B0D-9872-57784349DD85}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2017-09-17 16:38:16 -------- d-----w- C:\PROGRA~2\Zemana AntiMalware
2017-09-16 19:19:51 -------- d-----w- C:\PROGRA~2\Sophos
2017-09-01 14:30:23 -------- d-----w- C:\PROGRA~2\TREZOR Bridge
======= C: =====
2017-09-15 07:16:56 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\Tomas\AppData\Roaming ======
2017-09-17 16:38:17 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Zemana
2017-09-17 16:37:47 -------- d-----w- C:\Users\Tomas\AppData\Local\Zemana
2017-09-16 19:00:00 -------- d-----w- C:\Users\Tomas\AppData\Local\Apple
2017-09-16 18:53:55 -------- d-----w- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-15 19:17:59 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps
2017-09-10 14:16:13 -------- d-----w- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2017-09-01 14:30:29 -------- d-----w- C:\Users\Tomas\AppData\Roaming\TREZOR Bridge
2017-09-01 14:30:24 -------- d-----w- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TREZOR Bridge
====== C:\Users\Tomas ======
2017-09-17 16:38:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-09-17 16:37:25 819104D9E5C269038EC23A7408D47AF4 6625600 ----a-w- C:\Users\Tomas\Desktop\Zemana.AntiMalware.Setup.exe
2017-09-17 16:37:02 819104D9E5C269038EC23A7408D47AF4 6625600 ----a-w- C:\Users\Tomas\Downloads\Zemana.AntiMalware.Setup.exe
2017-09-16 20:07:12 -------- d-----w- C:\ProgramData\RogueKiller
2017-09-16 19:25:15 63D563551761A98B034DBDB305AE9BC4 26685000 ----a-w- C:\Users\Tomas\Downloads\RogueKiller_portable64.exe
2017-09-16 19:24:15 AA1F6EE0F9111DB7038D78F7348BFD73 22313544 ----a-w- C:\Users\Tomas\Downloads\RogueKiller_portable32.exe
2017-09-16 19:20:12 -------- d-----w- C:\ProgramData\Sophos
2017-09-16 19:19:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-09-16 19:18:38 B33A5D3351386D4C13CE5306FC4D06A0 176602304 ----a-w- C:\Users\Tomas\Downloads\Sophos Virus Removal Tool.exe
2017-09-16 19:07:18 E40542C4CC75E658A4615BFEFB308570 1790024 ----a-w- C:\Users\Tomas\Downloads\JRT(1).exe
2017-09-16 19:06:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Tomas\Downloads\JRT.exe
2017-09-15 07:16:30 -------- d-----w- C:\Users\Tomas\Start Menu

====== C: exe-files ==
2017-09-17 16:38:16 8888AC05C53B020C0C00F73B0C40C874 1201505 ----a-w- C:\Program Files (x86)\Zemana AntiMalware\unins000.exe
2017-09-17 16:38:16 864FA7B8856FE853D381045771DB30E9 15775888 ----a-w- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
2017-09-17 16:37:25 819104D9E5C269038EC23A7408D47AF4 6625600 ----a-w- C:\Users\Tomas\Desktop\Zemana.AntiMalware.Setup.exe
2017-09-17 16:37:02 819104D9E5C269038EC23A7408D47AF4 6625600 ----a-w- C:\Users\Tomas\Downloads\Zemana.AntiMalware.Setup.exe
2017-09-16 19:25:15 63D563551761A98B034DBDB305AE9BC4 26685000 ----a-w- C:\Users\Tomas\Downloads\RogueKiller_portable64.exe
2017-09-16 19:24:15 AA1F6EE0F9111DB7038D78F7348BFD73 22313544 ----a-w- C:\Users\Tomas\Downloads\RogueKiller_portable32.exe
2017-09-16 19:18:38 B33A5D3351386D4C13CE5306FC4D06A0 176602304 ----a-w- C:\Users\Tomas\Downloads\Sophos Virus Removal Tool.exe
2017-09-16 19:07:28 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Tomas\AppData\Local\Temp\jrt\nfo\nircmdc.exe
2017-09-16 19:07:18 E40542C4CC75E658A4615BFEFB308570 1790024 ----a-w- C:\Users\Tomas\Downloads\JRT(1).exe
2017-09-16 19:06:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Tomas\Downloads\JRT.exe
2017-09-16 18:53:53 CA8AF51C4B1822D6C4BFA0F513DC9ECF 49992 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\driver_amd64\dbxsvc.exe
2017-09-16 18:53:53 89AC63DE4CD67447983698388C71B7E4 43336 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\driver_x86\dbxsvc.exe
2017-09-16 18:53:53 735629337BA6373C290155227126AF55 3487032 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\Dropbox.exe
2017-09-16 18:53:53 3DD7019611BD5FE8DFAE1E012D6CC4BE 174144 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
2017-09-16 18:53:34 C7616F01770FADBB1528D418A71149CB 79015472 ----a-w- C:\Users\Tomas\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\34.4.22\DropboxClient_34.4.22.exe
2017-09-15 19:39:14 821743970DD4E4982418509068816151 7528488 ----a-w- C:\Users\Tomas\Desktop\pc-help-malw-problem\1_ATF-Cleaner.exe
2017-09-15 19:39:14 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\Tomas\Desktop\pc-help-malw-problem\2_TFC.exe
2017-09-15 19:39:14 71D88D9664A12A2A08D0AB71F9CBEC19 8182736 ----a-w- C:\Users\Tomas\Desktop\pc-help-malw-problem\3_adwcleaner_7.0.2.1.exe
=== C: other files ==
2017-09-17 18:59:09 906D7ABAB69D081E03EA6BD612B442E0 7811 ----a-w- C:\Users\Tomas\AppData\Local\Temp\xpi\tmp.zip
2017-09-17 17:42:41 6BF9C80582FBB50173B771EF0E77EA5C 14814 ----a-w- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125\extensions\setpoint-lt@addon-id.com.xpi
2017-09-17 17:42:40 6BF9C80582FBB50173B771EF0E77EA5C 14814 ----a-w- C:\Users\Tomas\AppData\Local\Temp\tmp-sma.xpi
2017-09-17 16:38:17 21E13F2CB269DEFEAE5E1D09887D47BB 203680 ----a-w- C:\Windows\System32\drivers\zamguard64.sys
2017-09-17 16:38:17 21E13F2CB269DEFEAE5E1D09887D47BB 203680 ----a-w- C:\Windows\System32\drivers\zam64.sys
2017-09-16 20:07:55 0D5A09B08568760AE85A801FCBC0F83D 28272 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2017-09-16 19:04:56 B783F45D3E264115E541989FE1BECDE4 706895 ----a-w- C:\Users\Tomas\AppData\Local\Temp\tmp-d3g.xpi
2017-09-16 18:53:53 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-stable.sys
2017-09-16 18:53:53 FCC89FED34A5FD03B27A2B577A40ACF8 45640 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-canary.sys
2017-09-16 18:53:53 8ABCBCBD5B649C2D4DC4342B014B2639 35432 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\driver_x86\dbx-dev.sys
2017-09-16 18:53:53 728BE4B36BA453779AEC6459DDDB320B 45672 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-dev.sys
2017-09-16 18:53:53 1E11067A9BC57054D49934496154C751 25476129 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\python-packages.zip
2017-09-16 18:53:53 0A9383A95D3FE631650567C9DFC17E03 35408 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\driver_x86\dbx-stable.sys
2017-09-16 18:53:53 0A9383A95D3FE631650567C9DFC17E03 35408 ----a-w- C:\Users\Tomas\AppData\Roaming\Dropbox\bin\driver_x86\dbx-canary.sys
2017-09-15 21:41:02 CD90D55FC8A2C98B740AB0AB70F656F0 273335 ----a-w- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125\extensions\YoutubeDownloader@PeterOlayev.com.xpi
2017-09-15 21:41:00 FF383306727371AA61E6B335526D8D48 2617076 ----a-w- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125\extensions\firebug@software.joehewitt.com.xpi
2017-09-15 21:40:57 703B042EB9B53C02D4A0DE9B617DA254 75274 ----a-w- C:\Users\Tomas\AppData\Local\Temp\tmp-67l.xpi
2017-09-15 20:35:19 F4D84EDE07FC20A22993292E221B9B55 692271 ----a-w- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\x8tkh18q.Nepojmenovaný\extensions\wrc@avast.com.xpi
2017-09-15 20:35:19 F4D84EDE07FC20A22993292E221B9B55 692271 ----a-w- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\74nycene.Nepojmenovaný2\extensions\wrc@avast.com.xpi
2017-09-15 20:35:19 C2FD4EA3146542CB721EDC0E63B01CE3 352829 ----a-w- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\x8tkh18q.Nepojmenovaný\extensions\sp@avast.com.xpi
2017-09-15 09:03:16 C9973123FB52567CD5927CFF1122E4C0 395892 ----a-w- C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125\extensions\s3google@translator.xpi
2017-09-15 08:08:30 FF383306727371AA61E6B335526D8D48 2617076 ----a-w- C:\Users\Tomas\Desktop\Původní data aplikace Firefox\uvjcwe74.default\extensions\firebug@software.joehewitt.com.xpi
2017-09-15 08:08:30 C9973123FB52567CD5927CFF1122E4C0 395892 ----a-w- C:\Users\Tomas\Desktop\Původní data aplikace Firefox\uvjcwe74.default\extensions\s3google@translator.xpi
2017-09-15 08:08:30 6E2421D2C518142057A16C6266FA352A 7713 ----a-w- C:\Users\Tomas\Desktop\Původní data aplikace Firefox\uvjcwe74.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi
2017-09-15 08:08:30 1EEB04D1622E318B899C7C1BDBE22965 55943 ----a-w- C:\Users\Tomas\Desktop\Původní data aplikace Firefox\uvjcwe74.default\extensions\splitpannel@max.max.xpi
2017-09-15 08:08:30 08C40F8C10B90A735C8B5C810E937343 50432 ----a-w- C:\Users\Tomas\Desktop\Původní data aplikace Firefox\uvjcwe74.default\extensions\cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack.xpi
2017-09-15 08:08:30 02C87DE080936CEFE9E1FFFE7749D59C 272265 ----a-w- C:\Users\Tomas\Desktop\Původní data aplikace Firefox\uvjcwe74.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi
2017-09-15 07:16:56 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2017-09-12 11:31:23 2CC56ADFF9DE12D433792ADC5164AF9E 1733 ----a-w- C:\Users\Tomas\Desktop\kryptoměny\csvfiles\kraken\ledgers.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-495995928-1072377721-2328159315-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJBE.EXE /EPT EPLTarget\P0000000000000001 /M XP-700 Series"
"AIMP3"="C:\Program Files (x86)\AIMP3\AIMP3.exe"
"RESTART_STICKY_NOTES"="C:\Windows\system32\StikyNot.exe"
"Spotify Web Helper"="C:\Users\Tomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
"iCloud"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"
"iCloud"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"00PCTFW"="C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe -s"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIJBE.EXE /EPT EPLTarget\P0000000000000001 /M XP-700 Series"
"AIMP3"="C:\Program Files (x86)\AIMP3\AIMP3.exe"
"RESTART_STICKY_NOTES"="C:\Windows\system32\StikyNot.exe"
"Spotify Web Helper"="C:\Users\Tomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"ZAM"="C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe /minimized"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ashampoo HDD-Control 2 Guard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ashampoo HDD-Control 2 Guard"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Ashampoo\\Ashampoo HDD Control 2\\AHDDC2_Guard.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dropbox Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dropbox Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Tomas\\AppData\\Local\\Dropbox\\Update\\DropboxUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IAStorIcon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIconLaunch.exe\" \"C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe\" 60"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="\"C:\\Windows\\system32\\igfxtray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\Tomas\\AppData\\Roaming\\Spotify\\Spotify.exe\" -autostart -minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Tomas\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpybotPostWindows10UpgradeReInstall"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AV\\Spybot - Search and Destroy\\Test.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpywareTerminatorShield]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpywareTerminatorShield"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Spyware Terminator\\SpywareTerminatorShield.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDScannerService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDUpdateService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDWSCService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WMPNetworkSvc]


==== Startup Folders ======================

2017-09-01 14:30:24 1957 ----a-w- C:\Users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk
2014-09-19 21:39:06 1361 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-495995928-1072377721-2328159315-1000Core.job --a------ C:\Users\Tomas\AppData\Local\Dropbox\Update\DropboxUpdate.exe [21.03.2016 13:48]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-495995928-1072377721-2328159315-1000UA.job --a------ C:\Users\Tomas\AppData\Local\Dropbox\Update\DropboxUpdate.exe [21.03.2016 13:48]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Avast Emergency Update" [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-495995928-1072377721-2328159315-1000Core" [C:\Users\Tomas\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-495995928-1072377721-2328159315-1000UA" [C:\Users\Tomas\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"]
"C:\Windows\SysNative\tasks\SafeZone scheduled Autoupdate 1458733796" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe]
"C:\Windows\SysNative\tasks\SmartShare" [C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe]
"C:\Windows\SysNative\tasks\2BrightSparks\SyncBackFree\Tomas-PC-Tomas\SyncBackFree Tomas-PC_diskG na diskD" [C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [20.09.2014 09:05]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125
- Super Start - %ProfilePath%\extensions\superstart@enjoyfreeware.org
- FEBE - %ProfilePath%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi
- S3.Google Translator - %ProfilePath%\extensions\s3google@translator.xpi
- Logitech SetPoint - %ProfilePath%\extensions\setpoint-lt@addon-id.com.xpi
- 1-Click YouTube Video Downloader - %ProfilePath%\extensions\YoutubeDownloader@PeterOlayev.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125
D6A9BDBDE6AF1238DCC619EFA2FB0844 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]

Google Drive - Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast SafePrice - Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Google Sheets - Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Avast Online Security - Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Web Store Payments - Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Google Slides - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Avast SafePrice - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Google Sheets - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Avast Online Security - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki
TREZOR Password Manager - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imloifkgjagghnncjkhggdhalmcnfklk
TREZOR Extension - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jcjjhjgimijdkoamemaghajlhegmoclj
Chrome Web Store Payments - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_gomekmidlodglbbmalcneegieacbdmki_0.localstorage deleted successfully
C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_gomekmidlodglbbmalcneegieacbdmki_0.localstorage-journal deleted successfully
C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\gomekmidlodglbbmalcneegieacbdmki deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.cz/?gws_rd=ssl"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.cz/?gws_rd=ssl"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{9D2329E5-5709-49A3-9B03-45BAF43F2588} Google Url="https://www.google.com/search?q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo HDD-Control 2 Guard deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Tomas\AppData\Local\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125\cache2 emptied successfully
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125\storage\default\https+++twitter.com\cache emptied successfully
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125\storage\default\https+++www.gdax.com\cache emptied successfully
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125\storage\default\https+++www.washingtonpost.com\cache emptied successfully
C:\Users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\0ypjyitu.default-1505462904125\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Tomas\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=338 folders=168 54580705 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tomas\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Tomas\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 17.09.2017 at 21:38:20,30 ======================

stomas
nováček
Příspěvky: 39
Registrován: září 17
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod stomas » 17 zář 2017 21:41

# DelFix v1.013 - Logfile created 17/09/2017 at 21:41:03
# Updated 17/04/2016 by Xplode
# Username : Tomas - TOMAS-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTM
Deleted : C:\RSIT
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2017-09-17-082518.log
Deleted : C:\zoek-results2017-09-17-102603.log
Deleted : C:\zoek-results2017-09-17-185901.log
Deleted : C:\Users\Tomas\Desktop\AdwCleaner[S2].txt
Deleted : C:\Users\Tomas\Desktop\JRT.txt
Deleted : C:\Users\Tomas\Desktop\log1.txt
Deleted : C:\Users\Tomas\Desktop\zoek.exe
Deleted : C:\Users\Tomas\Downloads\JRT(1).exe
Deleted : C:\Users\Tomas\Downloads\JRT.exe
Deleted : C:\Users\Tomas\Downloads\HijackThis.exe
Deleted : C:\Users\Tomas\Downloads\RogueKiller_portable32.exe
Deleted : C:\Users\Tomas\Downloads\RogueKiller_portable64.exe
Deleted : C:\Users\Tomas\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #189 [JRT Pre-Junkware Removal | 09/16/2017 19:14:29]
Deleted : RP #190 [Installed Sophos Virus Removal Tool. | 09/16/2017 19:19:43]
Deleted : RP #191 [zoek.exe restore point | 09/17/2017 08:16:59]
Deleted : RP #192 [Zemana AntiMalware 17.9.2017 18:41:09 | 09/17/2017 16:41:10]

New restore point created !

########## - EOF - ##########

stomas
nováček
Příspěvky: 39
Registrován: září 17
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod stomas » 17 zář 2017 21:42

Žádné problémy neregistruju.

stomas
nováček
Příspěvky: 39
Registrován: září 17
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod stomas » 17 zář 2017 21:54

Jestli bude podle vás vše v pořádku, rád bych se zeptal na dvě věci. 1) můžete doporučit v současnosti ideální antimalware na ochranu v real. čase? 2) velmi rád bych vám kromě poděkování za pomoc také finančně přispěl...můžete poslat č.ú. kde můžu poslat menší obnos? T.S.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu  Vyřešeno

Příspěvekod jaro3 » 18 zář 2017 09:23

Ideální antimalware a antivir neexistují. Pořadí "nejlepších antivirů" se stále mění , není možno říci , který je nejlepší.
Stačí i nějaký free antivir+ antispyware ( dnes je to v jednoum balíčku) + firewall (pokud není v jednou balíčku.
Občas si může provést kontrolu pomocí Malwarebytes' Anti-Malware.
Můžeš si prohlédnout témata na tento problém v sekci "Viry , antiviry , firewally" , ale určitě bych se tím moc neřídil.
Nejlepší je vyzkoušet sám.

možnost příspěvku --- v podpise mám uvedeno "podpora fóra" , stačí na to kliknout.
Rádci zde radí zdarma.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti