prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 14 črc 2017 21:58

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.


Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
klik nahoře vpravo na .rar-file a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
Uživatelský avatar
Martab
Moderátor / člen HW týmu
Guru Level 14
Guru Level 14
Příspěvky: 28576
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Martab » 15 črc 2017 10:06

postupne dodam zbytek

RogueKiller V12.11.6.0 [Jul 10 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : admin [Práva správce]
Started from : C:\Users\admin\Downloads\RogueKiller_portable32.exe
Mód : Smazat -- Datum : 07/15/2017 09:32:39 (Duration : 00:28:46)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP.Gen1] HKEY_USERS\S-1-5-21-3846505388-253851963-419263497-1000\Software\OCS -> Smazáno
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_B881\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Nahrazeno (explorer.exe)
[PUM.Proxy] HKEY_LOCAL_MACHINE\RK_System_ON_D_DFAC\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Smazáno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-3846505388-253851963-419263497-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www1.euro.dell.com/content/defau ... l=en&s=gen -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Bar : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://search.msn.com/spbasic.htm)

¤¤¤ Úlohy : 3 ¤¤¤
[Hj.Shortcut] \{0CB69CA2-A391-4CC4-8A90-BFC235786512} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.0.0.152/cs/a ... adyoffered) -> Smazáno
[Hj.Shortcut] \{6953470F-F469-436E-AE0F-2513B3CD0C88} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.24.85.104/cs/eula) -> Smazáno
[Hj.Shortcut] \{74C1BAC5-08AE-4F64-BFBE-E985650B8B35} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.24.85.104/cs ... age=tsMain) -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] eqyal6yq.default-1457256293431 : user_pref("browser.startup.homepage", "www.seznam.cz"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9320320AS ATA Device +++++
--- User ---
[MBR] 976e59865e3cc0d7c68fcac4fcd272df
[BSP] 597689f9fd584ba824a36be87199a262 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 172 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 354304 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21325824 | Size: 174800 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 379318272 | Size: 120030 MB
User = LL1 ... OK
User = LL2 ... OK
i5-3350P/P8B75-M LX/Kingston DDR3 8GB/GV-N960IXOC/SS-500ET/Seagate VS35.6/Transcend SSD370-128GB/Samsung BX2250 + Dell 1909W
ThinkPad X230 - i7-3520M + Kingston Savage SSD

„Neexistuje důvod, proč by kdokoli chtěl mít doma něco jako počítač"(Ken Olsen)

Neboj se použít SZ a upozornit na své téma ;)

Přehled desktopových socketů a CPU

Uživatelský avatar
Martab
Moderátor / člen HW týmu
Guru Level 14
Guru Level 14
Příspěvky: 28576
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Martab » 15 črc 2017 17:54

nejak se to seklo, tak až ted prikladam log


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by admin on so 15.07.2017 at 17:22:49,43.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\admin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-07-15-094547.log 11872 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\7kkgv454.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\7kkgv454.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\MOJMR~1\AppData\Roaming\Mozilla\Firefox\Profiles\4n7v9vax.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\MOJMR~1\AppData\Roaming\Mozilla\Firefox\Profiles\4n7v9vax.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\PEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwubkqg3.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\PEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwubkqg3.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Users\admin\AppData\Roaming\teamdrive-shell-extension.log deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\7kkgv454.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\MOJMR~1\AppData\Roaming\Mozilla\Firefox\Profiles\4n7v9vax.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\PEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwubkqg3.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02.09.2009 19:01]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"DSE"="true" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi

ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\7kkgv454.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi

ProfilePath: C:\Users\MOJMR~1\AppData\Roaming\Mozilla\Firefox\Profiles\4n7v9vax.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi
- Recepty - %ProfilePath%\extensions\{10E4B8C9-F9CA-4A23-AEF9-D994CE24A029}.xpi

ProfilePath: C:\Users\PEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwubkqg3.default
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431
F169116C1BA501AB4D0D66D41FF496B5 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FC5D7AF1FC3A63782E19B375E2312D1C - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
2D45A8274592D965EDFB62ACCB1150B1 - C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll - Google Update
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
D6015DB8EA402753421FF62CA3909B62 - C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U66
776C6B8D53C56500BC355D513F11A105 - C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.660.18
0205ADAFFDDF04F0F69200E5CFB5FFD9 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
80320392DCC61B22F0BB23DD5AD7D341 - C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll - Shockwave Flash


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=UP97&ocid=UP97DHP"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=UP97&ocid=UP97DHP"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{fc8953b5-5f1e-42cb-a6b5-cec8ab5d8db4}\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431\cache2 emptied successfully
C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\7kkgv454.default\storage\default\https+++www.kupi.cz\cache emptied successfully
C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\7kkgv454.default\storage\default\https+++www.youtube.com\cache emptied successfully
C:\Users\MOJMR~1\AppData\Roaming\Mozilla\Firefox\Profiles\4n7v9vax.default\storage\default\https+++www.kupi.cz\cache emptied successfully
C:\Users\MOJMR~1\AppData\Roaming\Mozilla\Firefox\Profiles\4n7v9vax.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=15 folders=13 7827194 bytes)

==== Empty Temp Folders ======================

C:\Users\admin\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Jana\AppData\Local\Temp emptied successfully
C:\Users\MOJMR~1\AppData\Local\Temp emptied successfully
C:\Users\PEA~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\admin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on so 15.07.2017 at 17:49:24,21 ======================

a poustim dalsi
i5-3350P/P8B75-M LX/Kingston DDR3 8GB/GV-N960IXOC/SS-500ET/Seagate VS35.6/Transcend SSD370-128GB/Samsung BX2250 + Dell 1909W
ThinkPad X230 - i7-3520M + Kingston Savage SSD

„Neexistuje důvod, proč by kdokoli chtěl mít doma něco jako počítač"(Ken Olsen)

Neboj se použít SZ a upozornit na své téma ;)

Přehled desktopových socketů a CPU

Uživatelský avatar
Martab
Moderátor / člen HW týmu
Guru Level 14
Guru Level 14
Příspěvky: 28576
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Martab » 15 črc 2017 20:28

ComboFix 17-07-07.01 - admin 15.07.2017 19:52:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3036.1222 [GMT 2:00]
Spuštěný z: c:\users\admin\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Jana\004.jpg
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-06-15 do 2017-07-15 )))))))))))))))))))))))))))))))
.
.
2017-07-15 18:02 . 2017-07-15 18:02 -------- d-----w- c:\users\Peťa\AppData\Local\temp
2017-07-15 18:02 . 2017-07-15 18:02 -------- d-----w- c:\users\Mojmír\AppData\Local\temp
2017-07-15 18:02 . 2017-07-15 18:02 -------- d-----w- c:\users\Jana\AppData\Local\temp
2017-07-15 18:02 . 2017-07-15 18:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2017-07-15 18:02 . 2017-07-15 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-15 15:43 . 2017-07-15 15:22 24064 ----a-w- c:\windows\zoek-delete.exe
2017-07-15 15:42 . 2017-07-15 18:05 -------- d-----w- c:\users\admin\AppData\Local\Temp
2017-07-15 09:52 . 2017-07-15 09:52 -------- d-----w- c:\programdata\WindowsSearch
2017-07-15 08:27 . 2017-07-15 09:30 -------- d-----w- C:\zoek_backup
2017-07-14 16:34 . 2017-07-15 07:32 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-07-14 16:33 . 2017-07-14 18:27 -------- d-----w- c:\programdata\RogueKiller
2017-07-14 14:07 . 2017-07-14 14:07 -------- d-----w- c:\programdata\Sophos
2017-07-14 14:06 . 2017-07-14 14:06 -------- d-----w- c:\program files\Sophos
2017-07-13 17:11 . 2017-07-13 17:11 162240 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-13 17:11 . 2017-07-15 15:49 64800 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-13 17:11 . 2017-07-15 17:33 40352 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-13 17:11 . 2017-07-15 17:33 221600 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-13 17:11 . 2017-06-27 10:06 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-13 17:10 . 2017-07-13 17:10 -------- d-----w- c:\programdata\Malwarebytes
2017-07-13 17:10 . 2017-07-13 17:10 -------- d-----w- c:\program files\Malwarebytes
2017-07-13 16:53 . 2017-07-14 12:09 -------- d-----w- C:\AdwCleaner
2017-07-13 12:56 . 2017-07-13 12:56 -------- d-----w- c:\program files\CCleaner
2017-07-13 12:40 . 2017-07-13 12:40 -------- d-----w- c:\program files\Common Files\Skype
2017-07-13 12:10 . 2017-07-13 12:10 -------- d-----w- c:\users\admin\AppData\Local\CEF
2017-07-13 12:05 . 2017-07-13 12:05 -------- d-----w- c:\users\admin\Tracing
2017-07-09 13:27 . 2017-07-09 13:24 303280 ----a-w- c:\windows\system32\aswBoot.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-09 13:29 . 2013-03-12 16:46 296312 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2017-07-09 13:24 . 2015-08-27 17:16 202688 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2017-07-09 13:24 . 2014-05-15 13:47 42824 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-07-09 13:24 . 2013-03-12 16:45 70840 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-07-09 13:24 . 2010-08-03 10:10 496976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-07-09 13:24 . 2010-08-03 10:10 70088 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2017-07-09 13:24 . 2010-08-03 10:10 123896 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-07-09 13:24 . 2014-08-18 17:13 39752 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-07-09 13:24 . 2011-04-23 12:41 774288 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-07-09 13:24 . 2014-08-18 17:13 339952 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2017-07-09 13:24 . 2017-03-17 20:21 50352 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-07-09 13:24 . 2017-03-17 20:21 276704 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-07-09 13:24 . 2017-03-17 20:21 157384 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-07-09 13:24 . 2017-03-17 20:21 266976 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-06-02 09:37 . 2012-12-13 08:03 803320 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-06-02 09:37 . 2012-03-27 05:12 144888 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-07-09 13:24 1209288 ----a-w- c:\programyvista\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 12:12 159488 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\programyvista\Avast\AvLaunch.exe" [2017-07-09 213832]
"TV Card Remote Control Device Monitor"="c:\windows\6000RMT.exe" [2011-03-11 598016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
.
c:\users\Mojmír\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TeamDrive starten.lnk - c:\program files\TeamDrive3\TeamDrive3.exe autostart [2014-6-22 12037152]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BoxCryptor.lnk - c:\programyvista\BoxCryptor\BoxCryptor.exe [2012-6-22 1288264]
TeamDrive starten.lnk - c:\program files\TeamDrive3\TeamDrive.exe autostart [2015-4-2 8988160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MyTV Schedule Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MyTV Schedule Agent.lnk
backup=c:\windows\pss\MyTV Schedule Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-08-25 11:25 200704 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2017-06-30 12:23 7658200 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp]
2017-05-09 15:42 3146704 ----a-w- c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-11-09 11:52 596528 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [2008-08-25 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2010-12-19 c:\windows\Tasks\User_Feed_Synchronization-{0ECF8B7B-7EC7-45D3-A35E-07302EEB80B3}.job
- c:\windows\system32\msfeedssync.exe [2016-10-07 17:42]
.
.
------- Doplňkový sken -------
.
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MBAMSwissArmy
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3752)
c:\windows\system32\btncopy.dll
c:\windows\system32\CbFsMntNtf3.dll
c:\windows\system32\SSCbFsMntNtf3.dll
c:\windows\system32\CbFsNetRdr3.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
c:\programyvista\Avast\AvastSvc.exe
c:\programyvista\Avast\afwServ.exe
c:\windows\system32\conime.exe
c:\program files\TeamDrive3\TeamDrive.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\ehome\ehmsas.exe
c:\programyvista\Avast\AvastUI.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TeamDrive3\QtWebProcess.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2017-07-15 20:13:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-07-15 18:11
.
Před spuštěním: Volných bajtů: 70 268 628 992
Po spuštění: Volných bajtů: 70 087 667 712
.
- - End Of File - - FBA2DB8D3AE77398B4219B881BF9E904
5C616939100B85E558DA92B899A0FC36
i5-3350P/P8B75-M LX/Kingston DDR3 8GB/GV-N960IXOC/SS-500ET/Seagate VS35.6/Transcend SSD370-128GB/Samsung BX2250 + Dell 1909W
ThinkPad X230 - i7-3520M + Kingston Savage SSD

„Neexistuje důvod, proč by kdokoli chtěl mít doma něco jako počítač"(Ken Olsen)

Neboj se použít SZ a upozornit na své téma ;)

Přehled desktopových socketů a CPU

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 16 črc 2017 09:01

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.


Pak napiš co problémy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Martab
Moderátor / člen HW týmu
Guru Level 14
Guru Level 14
Příspěvky: 28576
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Martab » 16 črc 2017 09:44

ComboFix 17-07-07.01 - admin 16.07.2017 9:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3036.1168 [GMT 2:00]
Spuštěný z: c:\users\admin\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\admin\Downloads\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-06-16 do 2017-07-16 )))))))))))))))))))))))))))))))
.
.
2017-07-16 07:19 . 2017-07-16 07:26 -------- d-----w- c:\users\admin\AppData\Local\temp
2017-07-16 07:19 . 2017-07-16 07:19 -------- d-----w- c:\users\Peťa\AppData\Local\temp
2017-07-16 07:19 . 2017-07-16 07:19 -------- d-----w- c:\users\Mojmír\AppData\Local\temp
2017-07-16 07:19 . 2017-07-16 07:19 -------- d-----w- c:\users\Jana\AppData\Local\temp
2017-07-16 07:19 . 2017-07-16 07:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
2017-07-16 07:19 . 2017-07-16 07:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-15 15:43 . 2017-07-15 15:22 24064 ----a-w- c:\windows\zoek-delete.exe
2017-07-15 09:52 . 2017-07-15 09:52 -------- d-----w- c:\programdata\WindowsSearch
2017-07-15 08:27 . 2017-07-15 09:30 -------- d-----w- C:\zoek_backup
2017-07-14 16:34 . 2017-07-15 07:32 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-07-14 16:33 . 2017-07-14 18:27 -------- d-----w- c:\programdata\RogueKiller
2017-07-14 14:07 . 2017-07-14 14:07 -------- d-----w- c:\programdata\Sophos
2017-07-14 14:06 . 2017-07-14 14:06 -------- d-----w- c:\program files\Sophos
2017-07-13 17:11 . 2017-07-13 17:11 162240 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-13 17:11 . 2017-07-15 15:49 64800 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-13 17:11 . 2017-07-15 17:33 40352 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-13 17:11 . 2017-07-15 17:33 221600 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-13 17:11 . 2017-06-27 10:06 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-13 17:10 . 2017-07-13 17:10 -------- d-----w- c:\programdata\Malwarebytes
2017-07-13 17:10 . 2017-07-13 17:10 -------- d-----w- c:\program files\Malwarebytes
2017-07-13 16:53 . 2017-07-14 12:09 -------- d-----w- C:\AdwCleaner
2017-07-13 12:56 . 2017-07-13 12:56 -------- d-----w- c:\program files\CCleaner
2017-07-13 12:40 . 2017-07-13 12:40 -------- d-----w- c:\program files\Common Files\Skype
2017-07-13 12:10 . 2017-07-13 12:10 -------- d-----w- c:\users\admin\AppData\Local\CEF
2017-07-13 12:05 . 2017-07-13 12:05 -------- d-----w- c:\users\admin\Tracing
2017-07-09 13:27 . 2017-07-09 13:24 303280 ----a-w- c:\windows\system32\aswBoot.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-09 13:29 . 2013-03-12 16:46 296312 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2017-07-09 13:24 . 2015-08-27 17:16 202688 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2017-07-09 13:24 . 2014-05-15 13:47 42824 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-07-09 13:24 . 2013-03-12 16:45 70840 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-07-09 13:24 . 2010-08-03 10:10 496976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-07-09 13:24 . 2010-08-03 10:10 70088 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2017-07-09 13:24 . 2010-08-03 10:10 123896 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-07-09 13:24 . 2014-08-18 17:13 39752 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-07-09 13:24 . 2011-04-23 12:41 774288 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-07-09 13:24 . 2014-08-18 17:13 339952 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2017-07-09 13:24 . 2017-03-17 20:21 50352 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-07-09 13:24 . 2017-03-17 20:21 276704 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-07-09 13:24 . 2017-03-17 20:21 157384 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-07-09 13:24 . 2017-03-17 20:21 266976 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-06-02 09:37 . 2012-12-13 08:03 803320 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-06-02 09:37 . 2012-03-27 05:12 144888 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-07-09 13:24 1209288 ----a-w- c:\programyvista\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 12:12 159488 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\programyvista\Avast\AvLaunch.exe" [2017-07-09 213832]
"TV Card Remote Control Device Monitor"="c:\windows\6000RMT.exe" [2011-03-11 598016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
.
c:\users\Mojmír\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TeamDrive starten.lnk - c:\program files\TeamDrive3\TeamDrive3.exe autostart [2014-6-22 12037152]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BoxCryptor.lnk - c:\programyvista\BoxCryptor\BoxCryptor.exe [2012-6-22 1288264]
TeamDrive starten.lnk - c:\program files\TeamDrive3\TeamDrive.exe autostart [2015-4-2 8988160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MyTV Schedule Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MyTV Schedule Agent.lnk
backup=c:\windows\pss\MyTV Schedule Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-08-25 11:25 200704 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2017-06-30 12:23 7658200 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp]
2017-05-09 15:42 3146704 ----a-w- c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-11-09 11:52 596528 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [2008-08-25 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2010-12-19 c:\windows\Tasks\User_Feed_Synchronization-{0ECF8B7B-7EC7-45D3-A35E-07302EEB80B3}.job
- c:\windows\system32\msfeedssync.exe [2016-10-07 17:42]
.
.
------- Doplňkový sken -------
.
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-16 09:28
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3268)
c:\windows\system32\CbFsMntNtf3.dll
c:\windows\system32\SSCbFsMntNtf3.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
c:\programyvista\Avast\AvastSvc.exe
c:\programyvista\Avast\afwServ.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\TeamDrive3\TeamDrive.exe
c:\programyvista\Avast\AvastUI.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2017-07-16 09:30:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-07-16 07:30
ComboFix2.txt 2017-07-15 18:13
.
Před spuštěním: Volných bajtů: 70 104 567 808
Po spuštění: Volných bajtů: 70 072 020 992
.
- - End Of File - - A22F2832DF8A35D0E794A0AC8E4312EE
5C616939100B85E558DA92B899A0FC36
i5-3350P/P8B75-M LX/Kingston DDR3 8GB/GV-N960IXOC/SS-500ET/Seagate VS35.6/Transcend SSD370-128GB/Samsung BX2250 + Dell 1909W
ThinkPad X230 - i7-3520M + Kingston Savage SSD

„Neexistuje důvod, proč by kdokoli chtěl mít doma něco jako počítač"(Ken Olsen)

Neboj se použít SZ a upozornit na své téma ;)

Přehled desktopových socketů a CPU

Uživatelský avatar
Martab
Moderátor / člen HW týmu
Guru Level 14
Guru Level 14
Příspěvky: 28576
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Martab » 16 črc 2017 09:47

ohledne funkcnosti, tak uz se aspon nacte internet v rozumnem case, jen sad jeste trochu problem s vykresováním texu viz. priloha)
Výstřižek.JPG


ale nevím jestli stím jde neco delat
i5-3350P/P8B75-M LX/Kingston DDR3 8GB/GV-N960IXOC/SS-500ET/Seagate VS35.6/Transcend SSD370-128GB/Samsung BX2250 + Dell 1909W
ThinkPad X230 - i7-3520M + Kingston Savage SSD

„Neexistuje důvod, proč by kdokoli chtěl mít doma něco jako počítač"(Ken Olsen)

Neboj se použít SZ a upozornit na své téma ;)

Přehled desktopových socketů a CPU

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 16 črc 2017 18:04

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Martab
Moderátor / člen HW týmu
Guru Level 14
Guru Level 14
Příspěvky: 28576
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Martab » 17 črc 2017 08:19

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-07-2017
Ran by admin (administrator) on PCBRUMOV (17-07-2017 08:14:42)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin & Jana & Mojmír & Peťa & Guest)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\ProgramyVista\Avast\AvastSvc.exe
(AVAST Software) C:\ProgramyVista\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Windows\6000RMT.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Secomba GmbH) C:\ProgramyVista\BoxCryptor\BoxCryptor.exe
(TeamDrive Systems GmbH) C:\Program Files\TeamDrive3\TeamDrive.exe
(AVAST Software) C:\ProgramyVista\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\ProgramyVista\Avast\AvLaunch.exe [213832 2017-07-09] (AVAST Software)
HKLM\...\Run: [TV Card Remote Control Device Monitor] => C:\Windows\6000RMT.ex
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2007-11-29] (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3846505388-253851963-419263497-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3846505388-253851963-419263497-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2008-01-21] (Microsoft Corporation)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk [2012-06-24]
ShortcutTarget: BoxCryptor.lnk -> C:\ProgramyVista\BoxCryptor\BoxCryptor.exe (Secomba GmbH)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk [2015-04-02]
ShortcutTarget: TeamDrive starten.lnk -> C:\Program Files\TeamDrive3\TeamDrive.exe (TeamDrive Systems GmbH)
Startup: C:\Users\Mojmír\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive starten.lnk [2014-06-24]
ShortcutTarget: TeamDrive starten.lnk -> C:\Program Files\TeamDrive3\TeamDrive3.exe (TeamDrive Systems GmbH)
GroupPolicyUsers\S-1-5-21-3846505388-253851963-419263497-1002\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{63A63367-C742-4DD0-8688-03DEA33AC795}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3846505388-253851963-419263497-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
HKU\S-1-5-21-3846505388-253851963-419263497-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> FC834A29A94A442EABA0A7CC5EE3BFA2 URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\ProgramyVista\Avast\aswWebRepIE.dll [2017-07-09] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-13] (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431 [2017-07-17]
FF NewTab: Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431 -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431 -> seznam.cz
FF Extension: (Avast SafePrice) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431\Extensions\sp@avast.com.xpi [2017-07-09]
FF Extension: (Avast Online Security) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\eqyal6yq.default-1457256293431\Extensions\wrc@avast.com.xpi [2017-07-09]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-06] [not signed]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2017-07-15] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-06] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-02] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-13] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-25] (Andrea Electronics Corporation)
S3 aswbIDSAgent; C:\ProgramyVista\Avast\aswidsagent.exe [5815840 2017-07-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\ProgramyVista\Avast\AvastSvc.exe [263312 2017-07-09] (AVAST Software)
R2 avast! Firewall; C:\ProgramyVista\Avast\afwServ.exe [311592 2017-07-09] (AVAST Software)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S2 SkypeUpdate; C:\ProgramyVista\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-25] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [266976 2017-07-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157384 2017-07-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276704 2017-07-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50352 2017-07-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-07-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123896 2017-07-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-08-18] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\drivers\aswNdis2.sys [339952 2017-07-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774288 2017-07-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-09] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-09] (AVAST Software)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299408 2012-06-07] (EldoS Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-01-10] (Samsung Electronics Co., Ltd.) [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-08-25] (ITE Tech. Inc. )
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-07-26] (Lavasoft AB)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28432 2007-11-29] (Logitech, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [162240 2017-07-13] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [40352 2017-07-15] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-07-15] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64800 2017-07-15] (Malwarebytes)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [144672 2008-10-27] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277440 2008-10-27] (Creative Technology Ltd.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-01-10] (Samsung Electronics) [File not signed]
S3 TridVid; C:\Windows\System32\DRIVERS\TridVid.sys [279168 2011-04-13] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 08:14 - 2017-07-17 08:15 - 00012855 _____ C:\Users\admin\Downloads\FRST.txt
2017-07-17 08:14 - 2017-07-17 08:14 - 00000000 ____D C:\FRST
2017-07-17 08:10 - 2017-07-17 08:11 - 01780736 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe
2017-07-16 09:30 - 2017-07-16 09:30 - 00011458 _____ C:\ComboFix.txt
2017-07-16 09:28 - 2017-07-16 09:28 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-15 19:47 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-07-15 19:47 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-07-15 19:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-07-15 19:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-07-15 19:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-07-15 19:47 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-07-15 19:47 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-07-15 19:47 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-07-15 17:59 - 2017-07-16 09:30 - 00000000 ____D C:\Qoobox
2017-07-15 17:57 - 2017-07-15 20:10 - 00000000 ____D C:\Windows\erdnt
2017-07-15 17:54 - 2017-07-15 17:54 - 05659794 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2017-07-15 17:43 - 2017-07-15 17:22 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-07-15 17:22 - 2017-07-15 10:23 - 01309184 _____ C:\Users\admin\Desktop\zoek.exe
2017-07-15 17:15 - 2017-07-15 19:38 - 00563836 _____ C:\Windows\ntbtlog.txt
2017-07-15 11:52 - 2017-07-15 11:52 - 00000000 ____D C:\ProgramData\WindowsSearch
2017-07-15 10:27 - 2017-07-15 11:30 - 00000000 ____D C:\zoek_backup
2017-07-14 20:27 - 2017-07-14 20:27 - 00006146 _____ C:\Users\admin\Desktop\rk_A8A4.tmp.txt
2017-07-14 18:34 - 2017-07-15 09:32 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-14 18:33 - 2017-07-14 20:27 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-14 16:07 - 2017-07-14 16:07 - 00001978 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-07-14 16:07 - 2017-07-14 16:07 - 00000000 ____D C:\ProgramData\Sophos
2017-07-14 16:07 - 2017-07-14 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-14 16:06 - 2017-07-14 16:06 - 00000000 ____D C:\Program Files\Sophos
2017-07-14 14:30 - 2017-07-14 14:30 - 00003528 _____ C:\Users\admin\Desktop\JRT.txt
2017-07-14 14:26 - 2017-07-14 14:26 - 01663672 _____ (Malwarebytes) C:\Users\admin\Downloads\JRT.exe
2017-07-14 14:23 - 2017-07-14 14:23 - 22102088 _____ C:\Users\admin\Downloads\RogueKiller_portable32.exe
2017-07-14 14:22 - 2017-07-14 14:24 - 171325824 _____ (Sophos Limited) C:\Users\admin\Downloads\Sophos Virus Removal Tool.exe
2017-07-13 20:01 - 2017-07-14 16:00 - 00001662 _____ C:\Users\admin\Desktop\malwarebytes.txt
2017-07-13 19:11 - 2017-07-15 19:33 - 00221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-13 19:11 - 2017-07-15 19:33 - 00040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-13 19:11 - 2017-07-15 17:49 - 00064800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-13 19:11 - 2017-07-13 19:11 - 00162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-13 19:11 - 2017-07-13 19:11 - 00001861 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-13 19:11 - 2017-07-13 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-13 19:11 - 2017-06-27 12:06 - 00059936 _____ C:\Windows\system32\Drivers\mbae.sys
2017-07-13 19:10 - 2017-07-13 19:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-13 19:10 - 2017-07-13 19:10 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-13 18:57 - 2017-07-13 18:57 - 00010929 _____ C:\Users\admin\Desktop\AdwCleaner[S0].txt
2017-07-13 18:53 - 2017-07-14 14:09 - 00000000 ____D C:\AdwCleaner
2017-07-13 18:52 - 2017-07-13 16:49 - 65033984 _____ (Malwarebytes ) C:\Users\admin\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-13 18:52 - 2017-07-13 16:48 - 04110280 _____ C:\Users\admin\Desktop\AdwCleaner.exe
2017-07-13 18:42 - 2017-07-13 18:42 - 00050688 _____ (Atribune.org) C:\Users\admin\Downloads\ATF-Cleaner.exe
2017-07-13 17:59 - 2017-07-13 17:59 - 00448512 _____ (OldTimer Tools) C:\Users\admin\Downloads\TFC.exe
2017-07-13 14:58 - 2017-07-13 14:58 - 00017372 _____ C:\Users\admin\Documents\cc_20170713_145832.reg
2017-07-13 14:56 - 2017-07-13 14:56 - 00000810 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-13 14:56 - 2017-07-13 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-13 14:56 - 2017-07-13 14:56 - 00000000 ____D C:\Program Files\CCleaner
2017-07-13 14:55 - 2017-07-13 14:56 - 09747512 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup532.exe
2017-07-13 14:40 - 2017-07-13 14:40 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-07-13 14:10 - 2017-07-13 14:10 - 00000000 ____D C:\Users\admin\AppData\Local\CEF
2017-07-13 14:05 - 2017-07-13 14:05 - 00000000 ____D C:\Users\admin\Tracing
2017-07-12 20:40 - 2017-07-12 20:34 - 29183358 _____ C:\Users\Mojmír\Desktop\asunsoft-windows-password-geeker-professional.exe
2017-07-10 08:46 - 2017-07-10 08:46 - 01524744 _____ C:\Users\admin\Downloads\Skype - CHIP-Installer.exe
2017-07-10 08:45 - 2017-07-17 08:09 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2017-07-09 15:27 - 2017-07-09 15:24 - 00303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-17 08:09 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-17 08:09 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-16 09:28 - 2015-04-02 15:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamDrive3
2017-07-16 09:27 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2017-07-16 09:20 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-16 09:19 - 2009-01-13 10:01 - 00000012 _____ C:\Windows\bthservsdp.dat
2017-07-16 09:19 - 2006-11-02 15:01 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-15 20:02 - 2009-01-17 20:43 - 00000000 ____D C:\Users\Jana
2017-07-15 17:48 - 2009-01-17 20:14 - 00000008 __RSH C:\Users\admin\ntuser.pol
2017-07-15 17:48 - 2009-01-15 14:45 - 00000000 ____D C:\Users\admin
2017-07-15 11:30 - 2006-11-02 13:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-14 15:33 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2017-07-13 19:13 - 2009-01-16 20:23 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2017-07-13 15:13 - 2008-01-21 08:47 - 01532794 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-13 15:13 - 2008-01-21 08:46 - 00645320 _____ C:\Windows\system32\perfh005.dat
2017-07-13 15:13 - 2008-01-21 08:46 - 00137958 _____ C:\Windows\system32\perfc005.dat
2017-07-13 14:57 - 2009-03-03 21:45 - 00000000 ____D C:\Windows\Minidump
2017-07-13 14:40 - 2011-12-17 12:12 - 00000000 ____D C:\Program Files\Skype
2017-07-13 14:40 - 2009-01-16 20:22 - 00000000 ____D C:\ProgramData\Skype
2017-07-13 06:40 - 2009-01-18 18:10 - 00000000 ____D C:\Users\Mojmír\AppData\Roaming\Skype
2017-07-13 06:39 - 2014-06-22 11:49 - 00000000 ____D C:\Users\Mojmír\AppData\Roaming\TeamDrive3
2017-07-12 17:58 - 2009-01-31 08:34 - 00006944 _____ C:\Users\Mojmír\AppData\Local\d3d9caps.dat
2017-07-12 10:51 - 2016-11-20 14:06 - 00000000 ____D C:\Users\Mojmír\AppData\LocalLow\Mozilla
2017-07-10 16:50 - 2009-01-18 18:22 - 00000000 ____D C:\Users\Jana\AppData\Roaming\Skype
2017-07-10 16:41 - 2016-11-29 17:05 - 00000000 ____D C:\Users\Jana\AppData\LocalLow\Mozilla
2017-07-09 15:29 - 2013-03-12 18:46 - 00296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-07-09 15:24 - 2017-03-17 22:21 - 00276704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-07-09 15:24 - 2017-03-17 22:21 - 00266976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-07-09 15:24 - 2017-03-17 22:21 - 00157384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-07-09 15:24 - 2017-03-17 22:21 - 00050352 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-07-09 15:24 - 2015-08-27 19:16 - 00202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-07-09 15:24 - 2014-08-18 19:13 - 00339952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys
2017-07-09 15:24 - 2014-08-18 19:13 - 00039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-09 15:24 - 2014-05-15 15:47 - 00042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-09 15:24 - 2013-03-12 18:45 - 00070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-09 15:24 - 2011-04-23 14:41 - 00774288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-09 15:24 - 2010-08-03 12:10 - 00496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-09 15:24 - 2010-08-03 12:10 - 00123896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-07-09 15:24 - 2010-08-03 12:10 - 00070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-07-06 16:49 - 2017-03-05 13:13 - 00000000 ____D C:\Users\Jana\AppData\Roaming\TeamDrive3
2017-07-04 13:52 - 2017-01-29 20:06 - 00121344 _____ C:\Users\Mojmír\Desktop\NissanPulsar_2017.xls
2017-06-30 16:19 - 2012-12-15 17:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-30 11:28 - 2015-11-06 20:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-20 13:47 - 2017-05-09 12:22 - 00000000 _____ C:\Windows\system32\last.dump

==================== Files in the root of some directories =======

2017-07-16 09:44 - 2017-07-17 08:13 - 0004272 _____ () C:\Users\admin\AppData\Roaming\teamdrive-shell-extension.log
2009-01-15 22:24 - 2013-03-15 08:45 - 0006944 _____ () C:\Users\admin\AppData\Local\d3d9caps.dat
2009-01-16 20:24 - 2009-01-16 20:24 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-16 09:31

=================== End of FRST.txt ============================
i5-3350P/P8B75-M LX/Kingston DDR3 8GB/GV-N960IXOC/SS-500ET/Seagate VS35.6/Transcend SSD370-128GB/Samsung BX2250 + Dell 1909W
ThinkPad X230 - i7-3520M + Kingston Savage SSD

„Neexistuje důvod, proč by kdokoli chtěl mít doma něco jako počítač"(Ken Olsen)

Neboj se použít SZ a upozornit na své téma ;)

Přehled desktopových socketů a CPU

Uživatelský avatar
Martab
Moderátor / člen HW týmu
Guru Level 14
Guru Level 14
Příspěvky: 28576
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Martab » 17 črc 2017 08:19

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by admin (17-07-2017 08:15:33)
Running from C:\Users\admin\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-01-13 08:42:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3846505388-253851963-419263497-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3846505388-253851963-419263497-500 - Administrator - Disabled)
Guest (S-1-5-21-3846505388-253851963-419263497-501 - Limited - Disabled) => C:\Users\Guest
Jana (S-1-5-21-3846505388-253851963-419263497-1001 - Limited - Enabled) => C:\Users\Jana
Mojmír (S-1-5-21-3846505388-253851963-419263497-1002 - Limited - Enabled) => C:\Users\Mojmír
Peťa (S-1-5-21-3846505388-253851963-419263497-1003 - Limited - Enabled) => C:\Users\Peťa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0703.2235 - )
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
BoxCryptor 1.3.2.0 (HKLM\...\BoxCryptor) (Version: 1.3.2.0 - Secomba GmbH)
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version: - Canon Inc.)
ccc-core-static (HKLM\...\{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}) (Version: 2008.0703.2236.38526 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
CDDRV_Installer (HKLM\...\{0C826C5B-B131-423A-A229-C71B3CACCD6A}) (Version: 4.24.15 - Logitech) Hidden
CodePad 4.1 (Remove only) (HKLM\...\CodePad) (Version: 4.1 - ShiCola)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.211 - Alps Electric)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: - )
GIMP 2.6.4 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript 8.63 (HKLM\...\GPL Ghostscript 8.63) (Version: - )
GSview 4.9 (HKLM\...\GSview 4.9) (Version: - )
Integrated Webcam Driver (1.03.02.0919) (HKLM\...\Creative OA001) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
ITECIR (HKLM\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
KhalInstallWrapper (HKLM\...\{3101CB58-3482-4D21-AF1A-7057FC935355}) (Version: 4.40.88 - Logitech) Hidden
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.1419.1 - Creative Technology Ltd)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.4 - Logitech)
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Moorhuhn Piraten - Demo (HKLM\...\{3A22B3BA-E751-4F37-8ACB-C34B81FFABAA}) (Version: 1.00.0000 - )
Moorhuhn X - XS (HKLM\...\{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}) (Version: - )
Mozilla Firefox 52.2.1 ESR (x86 cs) (HKLM\...\Mozilla Firefox 52.2.1 ESR (x86 cs)) (Version: 52.2.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.2.1.6387 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyTV (HKLM\...\{E51FDEE5-FCDB-4EF0-8C0A-37D5C896DA45}) (Version: 2.0 - MyTV Manufacturer)
OLYMPUS Master 2 (HKLM\...\{9FA93155-472F-4778-87A8-95244FD1535D}) (Version: 1.0.11 - OLYMPUS IMAGING CORP.)
Panasonic DVC USB Driver (HKLM\...\{D1014B9B-5704-4B27-B581-1C19B72528D1}) (Version: 2.02.0000 - Panasonic) Hidden
Panasonic DVC USB Driver (HKLM\...\InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}) (Version: 2.02.0000 - Panasonic)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.8 - Dell Inc.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
Samsung ML-1640 Series (HKLM\...\Samsung ML-1640 Series) (Version: - Samsung Electronics CO.,LTD)
Schatzjäger 3 - Demo (HKLM\...\{9023F57A-D8A5-4CB9-B554-966AF520AAA3}) (Version: 1.00.0000 - )
Skins (HKLM\...\{974BBAF1-048D-4230-2254-62FEA00B18E9}) (Version: 2008.0703.2236.38526 - ATI) Hidden
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TeamDrive (HKLM\...\TeamDrive) (Version: 4.0.5.1165 - TeamDrive Systems GmbH)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation)
TUGZip 3.5 (HKLM\...\TUGZip_is1) (Version: - Christian Kindahl)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WIDCOMM Bluetooth Software 6.2.0.6600 (HKLM\...\{E464702F-5433-46EC-8F65-159276C0A54F}) (Version: 6.2.0.6600 - Dell)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\ProgramyVista\Avast\ashShell.dll [2017-07-09] (AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {69925D1B-6A0F-4413-861A-81AB98039DB9} => C:\Windows\system32\SSCbFsMntNtf3.dll [2013-01-30] (EldoS Corporation)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\ProgramyVista\Avast\ashShell.dll [2017-07-09] (AVAST Software)
ContextMenuHandlers01: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers01: [teamdrive] -> {E94EFFA3-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files\TeamDrive3\TeamDriveShellExt32.dll [2015-03-03] (TeamDrive Systems GmbH)
ContextMenuHandlers01: [TzShell] -> {B38FE8E9-5DFC-4D58-8459-1E3AC5165E34} => C:\ProgramyVista\TUGZip\TzShell.dll [2006-05-14] ()
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\ProgramyVista\WinRAR\rarext.dll [2008-08-29] ()
ContextMenuHandlers02: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\ProgramyVista\Avast\ashShell.dll [2017-07-09] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [teamdrive] -> {E94EFFA3-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files\TeamDrive3\TeamDriveShellExt32.dll [2015-03-03] (TeamDrive Systems GmbH)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\ProgramyVista\WinRAR\rarext.dll [2008-08-29] ()
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2008-07-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [teamdrive] -> {E94EFFA3-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files\TeamDrive3\TeamDriveShellExt32.dll [2015-03-03] (TeamDrive Systems GmbH)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\ProgramyVista\Avast\ashShell.dll [2017-07-09] (AVAST Software)
ContextMenuHandlers06: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [teamdrive] -> {E94EFFA3-DBD6-40EF-92FC-460FDEB3684A} => C:\Program Files\TeamDrive3\TeamDriveShellExt32.dll [2015-03-03] (TeamDrive Systems GmbH)
ContextMenuHandlers06: [TzShell] -> {B38FE8E9-5DFC-4D58-8459-1E3AC5165E34} => C:\ProgramyVista\TUGZip\TzShell.dll [2006-05-14] ()
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\ProgramyVista\WinRAR\rarext.dll [2008-08-29] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {137D5D05-67A5-4FDF-BFC1-B117C251447D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {1AA51023-E173-418E-B333-5421D7777315} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {2B1C66F3-CA89-4F74-AC58-92AF9B8DB0D0} - System32\Tasks\SafeZone scheduled Autoupdate 1449917712 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {7BAC49E5-AF7A-420E-A891-1D2AD9A8B1CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {969234A3-9079-4164-B8F2-540D3D507B2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {E0EA8C1F-57C1-46D9-858A-948F7733B053} - System32\Tasks\Avast Emergency Update => C:\ProgramyVista\Avast\AvEmUpdate.exe [2017-07-09] (AVAST Software)
Task: {FF352CBE-4ADB-4555-BE68-FB7E4185F34A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-02] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\User_Feed_Synchronization-{0ECF8B7B-7EC7-45D3-A35E-07302EEB80B3}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-09 15:24 - 2017-07-09 15:24 - 00170224 _____ () C:\ProgramyVista\Avast\JsonRpcServer.dll
2017-07-09 15:24 - 2017-07-09 15:24 - 00192664 _____ () C:\ProgramyVista\Avast\event_routing_rpc.dll
2017-07-09 15:24 - 2017-07-09 15:24 - 00224256 _____ () C:\ProgramyVista\Avast\tasks_core.dll
2017-07-15 17:53 - 2017-07-15 17:53 - 05781504 _____ () C:\ProgramyVista\Avast\defs\17071500\algo.dll
2017-07-09 15:24 - 2017-07-09 15:24 - 00689272 _____ () C:\ProgramyVista\Avast\ffl2.dll
2017-07-09 15:24 - 2017-07-09 15:24 - 00231664 _____ () C:\ProgramyVista\Avast\streamback.dll
2017-07-17 08:10 - 2017-07-17 08:10 - 05884160 _____ () C:\ProgramyVista\Avast\defs\17071702\algo.dll
2009-02-05 13:39 - 2009-11-05 09:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2009-04-11 13:24 - 2008-01-10 14:17 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2009-01-13 18:31 - 2008-08-26 08:25 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-06-08 14:20 - 2011-03-11 06:00 - 00598016 ____R () C:\Windows\6000RMT.exe
2015-04-02 15:35 - 2015-03-03 15:14 - 00018944 _____ () C:\Program Files\TeamDrive3\QtQuick.2\qtquick2plugin.dll
2015-04-02 15:35 - 2015-03-03 15:15 - 00018944 _____ () C:\Program Files\TeamDrive3\QtQuick\Window.2\windowplugin.dll
2015-04-02 15:35 - 2015-03-03 15:15 - 00789504 _____ () C:\Program Files\TeamDrive3\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-04-02 15:35 - 2015-03-03 15:14 - 00178688 _____ () C:\Program Files\TeamDrive3\QtQuick\Dialogs\dialogplugin.dll
2017-07-09 15:24 - 2017-07-09 15:24 - 01032744 _____ () C:\ProgramyVista\Avast\AvChrome.dll
2016-06-30 10:47 - 2016-06-30 10:47 - 48936448 _____ () C:\ProgramyVista\Avast\libcef.dll
2017-07-09 15:24 - 2017-07-09 15:24 - 00292920 _____ () C:\ProgramyVista\Avast\gaming_mode_ui.dll
2017-07-09 15:24 - 2017-07-09 15:29 - 02962096 _____ () C:\ProgramyVista\Avast\aswDataScan.dll
2009-01-16 19:29 - 2008-08-29 11:55 - 00132608 _____ () C:\ProgramyVista\WinRAR\rarext.dll
2009-01-16 19:29 - 2008-09-03 16:28 - 00319488 _____ () C:\ProgramyVista\WinRAR\rarlng.dll
2009-01-16 19:25 - 2006-05-14 14:03 - 00655360 _____ () C:\ProgramyVista\TUGZip\TzShell.dll
2009-01-16 19:25 - 2008-02-03 00:08 - 01722368 _____ () C:\ProgramyVista\TUGZip\Plugins\TzArchive10.tgp
2009-01-16 19:25 - 2007-03-13 00:34 - 00162304 _____ () C:\Windows\system32\ztvunrar36.dll
2009-01-16 19:25 - 2005-02-18 00:15 - 00077824 _____ () C:\ProgramyVista\TUGZip\Plugins\TzImage10.tgp

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\admin\Desktop\zoek.exe:xdg.origin.url [52]
AlternateDataStreams: C:\Users\admin\Desktop\zoek.exe:xdg.referrer.url [60]
AlternateDataStreams: C:\Users\Mojmír\Desktop\asunsoft-windows-password-geeker-professional.exe:xdg.origin.url [83]
AlternateDataStreams: C:\Users\Mojmír\Desktop\asunsoft-windows-password-geeker-professional.exe:xdg.referrer.url [52]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2017-07-16 09:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3846505388-253851963-419263497-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\dellwall2.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MyTV Schedule Agent.lnk => C:\Windows\pss\MyTV Schedule Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk => C:\Windows\pss\QuickSet.lnk.CommonStartup
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{6FDA0598-1A1C-4134-925B-4B7A141CCFEA}] => (Allow) C:\Program Files\Dell\MediaDirect\PCMService.exe
FirewallRules: [{FD274F88-C68B-42FE-9A42-5805B1A5FD3A}] => (Allow) C:\ProgramyVista\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1290098C-430C-42BE-A0AC-70D6CA6FD7E8}C:\translat\webtrans.exe] => (Block) C:\translat\webtrans.exe
FirewallRules: [UDP Query User{D0B51BF2-282D-46D3-B726-D485F5F3DC5C}C:\translat\webtrans.exe] => (Block) C:\translat\webtrans.exe
FirewallRules: [TCP Query User{504B98C4-4E12-41C8-8837-CB180106D2E8}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{86865E69-A0A0-4728-BE55-1235F705A27A}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{90F5BE66-6480-4388-A2B8-F762C3E0CFEC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D9D3CAD3-9177-46A0-B483-80C2FBE12B75}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{CF44D97B-C0E1-4819-9FC1-E3FEFF9BD616}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{04B1319C-D49D-4A6F-B9AD-9382018C055E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{BBA4BE71-CF51-40A2-AA2C-28D82D575969}C:\programyvista\teamviewerportable\app\teamviewer\teamviewer.exe] => (Block) C:\programyvista\teamviewerportable\app\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{6A0863FA-805A-4F08-94A2-25494A4014D2}C:\programyvista\teamviewerportable\app\teamviewer\teamviewer.exe] => (Block) C:\programyvista\teamviewerportable\app\teamviewer\teamviewer.exe
FirewallRules: [{FC6A598F-F38F-457D-B0F5-A4094EAF93E4}] => (Allow) LPort=80
FirewallRules: [{C77166CE-9702-46B8-B22D-68C4B45DDECE}] => (Allow) LPort=80
FirewallRules: [{24062233-ED9A-4616-A670-B3F9CB689520}] => (Allow) LPort=80
FirewallRules: [TCP Query User{27541413-539E-4A6E-B375-632E4A5B87A1}C:\programyvista\teamviewerportable\app\teamviewer\teamviewer.exe] => (Block) C:\programyvista\teamviewerportable\app\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{A2E77C2D-A621-40AF-8BFE-1ECB56410429}C:\programyvista\teamviewerportable\app\teamviewer\teamviewer.exe] => (Block) C:\programyvista\teamviewerportable\app\teamviewer\teamviewer.exe
FirewallRules: [TCP Query User{1326EBB6-F8D2-4162-A5BB-CB3CFA20CE7F}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{E4FA8695-CEEE-4858-9D5A-A71F29F29CDF}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{9E6467B8-F405-4295-92C2-2558BBF58BA1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{DCCFF5B5-5614-466F-B119-EEDA07C525ED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E714EE02-226A-4386-868E-818DEF47D060}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{44A20543-59C0-47D0-9710-19C7ED466C2E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{193039BD-32A3-4221-B777-17CF82DBFBD7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

14-07-2017 14:27:19 JRT Pre-Junkware Removal
14-07-2017 16:04:58 Installed Sophos Virus Removal Tool.
15-07-2017 10:30:10 zoek.exe restore point

==================== Faulty Device Manager Devices =============

Name: Myš kompatibilní s technologií HID
Description: Myš kompatibilní s technologií HID
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Myš kompatibilní s technologií HID
Description: Myš kompatibilní s technologií HID
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2017 09:20:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/16/2017 09:11:32 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Položka <C:\USERS\ADMIN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\EQYAL6YQ.DEFAULT-1457256293431\SAFEBROWSING> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (07/16/2017 09:11:32 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Položka <C:\USERS\ADMIN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\EQYAL6YQ.DEFAULT-1457256293431\SAFEBROWSING> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (07/16/2017 09:11:31 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Položka <C:\USERS\ADMIN\APPDATA\LOCALLOW\MOZILLA\TEMP-{FC8953B5-5F1E-42CB-A6B5-CEC8AB5D8DB4}\HISTORY> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (07/16/2017 09:11:31 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Položka <C:\USERS\ADMIN\APPDATA\LOCALLOW\MOZILLA\TEMP-{FC8953B5-5F1E-42CB-A6B5-CEC8AB5D8DB4}\COOKIES> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (07/16/2017 09:11:31 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Položka <C:\USERS\ADMIN\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\EQYAL6YQ.DEFAULT-1457256293431\SAFEBROWSING-BACKUP> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (07/15/2017 08:04:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/15/2017 07:41:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Položka <C:\USERS\ADMIN\APPDATA\LOCALLOW\MOZILLA\TEMP-{FC8953B5-5F1E-42CB-A6B5-CEC8AB5D8DB4}\HISTORY> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (07/15/2017 07:41:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Položka <C:\USERS\ADMIN\APPDATA\LOCALLOW\MOZILLA\TEMP-{FC8953B5-5F1E-42CB-A6B5-CEC8AB5D8DB4}\COOKIES> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)

Error: (07/15/2017 07:41:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Položka <C:\USERS\ADMIN\APPDATA\LOCALLOW\MOZILLA\TEMP-{FC8953B5-5F1E-42CB-A6B5-CEC8AB5D8DB4}\TEMPORARY INTERNET FILES> v mapě algoritmu hash nebyla aktualizována.

Kontext: aplikace , katalog SystemIndex

Podrobnosti:
Zařízení připojené k systému nefunguje. (0x8007001f)


System errors:
=============
Error: (07/16/2017 09:20:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba DgiVecp neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedené zařízení.

Error: (07/16/2017 09:19:25 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/16/2017 09:15:02 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/16/2017 09:09:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (07/16/2017 09:09:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Licencování softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (07/16/2017 09:09:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (07/16/2017 09:09:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Audio Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/16/2017 09:09:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (07/16/2017 09:09:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Stínová kopie svazku byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (07/16/2017 09:08:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


CodeIntegrity:
===================================
Date: 2017-07-17 08:15:28.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 08:15:28.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 08:15:27.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 08:15:27.212
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 08:15:26.604
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 08:15:26.105
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 08:15:25.590
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 08:15:25.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 08:15:02.424
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 08:15:01.925
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 59%
Total physical RAM: 3035.98 MB
Available physical RAM: 1225.51 MB
Total Virtual: 6272.96 MB
Available Virtual: 4540.63 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:170.7 GB) (Free:64.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.33 GB) NTFS
Drive z: (BoxCryptor) (Fixed) (Total:170.7 GB) (Free:64.96 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=173 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=170.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=117.2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
i5-3350P/P8B75-M LX/Kingston DDR3 8GB/GV-N960IXOC/SS-500ET/Seagate VS35.6/Transcend SSD370-128GB/Samsung BX2250 + Dell 1909W
ThinkPad X230 - i7-3520M + Kingston Savage SSD

„Neexistuje důvod, proč by kdokoli chtěl mít doma něco jako počítač"(Ken Olsen)

Neboj se použít SZ a upozornit na své téma ;)

Přehled desktopových socketů a CPU

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod jaro3 » 17 črc 2017 10:12

AV: Malwarebytes -- trvale vypni rez. ochranu

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2007-11-29] (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShortcutTarget: TeamDrive starten.lnk -> C:\Program Files\TeamDrive3\TeamDrive3.exe (TeamDrive Systems GmbH)
GroupPolicyUsers\S-1-5-21-3846505388-253851963-419263497-1002\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> FC834A29A94A442EABA0A7CC5EE3BFA2 URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2017-07-15] [not signed]
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-07-26] (Lavasoft AB)
C:\Windows\System32\DRIVERS\Lbd.sys
C:\Windows\NIRCMD.exe
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\sed.exe
C:\Windows\grep.exe
C:\Windows\zip.exe
C:\Qoobox
C:\Windows\erdnt
C:\Users\admin\Downloads\ComboFix.exe
C:\Users\admin\AppData\Roaming\teamdrive-shell-extension.log
C:\Users\admin\AppData\Local\d3d9caps.dat
C:\ProgramData\ezsidmv.dat
ContextMenuHandlers01: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers02: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers06: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
Task: {137D5D05-67A5-4FDF-BFC1-B117C251447D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {969234A3-9079-4164-B8F2-540D3D507B2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

C:\ProgramData\WindowsSearch -- podívej se , co je v té složce
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Martab
Moderátor / člen HW týmu
Guru Level 14
Guru Level 14
Příspěvky: 28576
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: prosím o kontrolu logu

Příspěvekod Martab » 17 črc 2017 12:04

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017
Ran by admin (17-07-2017 11:58:01) Run:1
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin & Jana & Mojmír & Peťa & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2007-11-29] (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
ShortcutTarget: TeamDrive starten.lnk -> C:\Program Files\TeamDrive3\TeamDrive3.exe (TeamDrive Systems GmbH)
GroupPolicyUsers\S-1-5-21-3846505388-253851963-419263497-1002\User: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL =
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> FC834A29A94A442EABA0A7CC5EE3BFA2 URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3846505388-253851963-419263497-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2017-07-15] [not signed]
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-07-26] (Lavasoft AB)
C:\Windows\System32\DRIVERS\Lbd.sys
C:\Windows\NIRCMD.exe
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\sed.exe
C:\Windows\grep.exe
C:\Windows\zip.exe
C:\Qoobox
C:\Windows\erdnt
C:\Users\admin\Downloads\ComboFix.exe
C:\Users\admin\AppData\Roaming\teamdrive-shell-extension.log
C:\Users\admin\AppData\Local\d3d9caps.dat
C:\ProgramData\ezsidmv.dat
ContextMenuHandlers01: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers02: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers06: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
Task: {137D5D05-67A5-4FDF-BFC1-B117C251447D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {969234A3-9079-4164-B8F2-540D3D507B2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Kernel and Hardware Abstraction Layer => value removed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
C:\Program Files\TeamDrive3\TeamDrive3.exe => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3846505388-253851963-419263497-1002\User => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3846505388-253851963-419263497-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-3846505388-253851963-419263497-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\FC834A29A94A442EABA0A7CC5EE3BFA2 => key removed successfully.
HKLM\Software\Classes\CLSID\FC834A29A94A442EABA0A7CC5EE3BFA2 => key not found.
HKU\S-1-5-21-3846505388-253851963-419263497-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully.
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} => moved successfully
Lbd => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\Lbd => key removed successfully.
Lbd => service removed successfully.
C:\Windows\System32\DRIVERS\Lbd.sys => moved successfully
C:\Windows\NIRCMD.exe => moved successfully
C:\Windows\SWREG.exe => moved successfully
C:\Windows\SWSC.exe => moved successfully
C:\Windows\sed.exe => moved successfully
C:\Windows\grep.exe => moved successfully
C:\Windows\zip.exe => moved successfully
C:\Qoobox => moved successfully
C:\Windows\erdnt => moved successfully
C:\Users\admin\Downloads\ComboFix.exe => moved successfully
C:\Users\admin\AppData\Roaming\teamdrive-shell-extension.log => moved successfully
C:\Users\admin\AppData\Local\d3d9caps.dat => moved successfully
C:\ProgramData\ezsidmv.dat => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt => key removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt => key removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt => key removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{137D5D05-67A5-4FDF-BFC1-B117C251447D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{137D5D05-67A5-4FDF-BFC1-B117C251447D} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{969234A3-9079-4164-B8F2-540D3D507B2D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{969234A3-9079-4164-B8F2-540D3D507B2D} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4839851 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 323727 B
Edge => 0 B
Chrome => 0 B
Firefox => 11737482 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 49569 B
Public => 0 B
ProgramData => 0 B
systemprofile => 818 B
LocalService => 33125 B
NetworkService => 33125 B
admin => 161996 B
Jana => 1363941 B
Mojmír => 1448293 B
Peťa => 168681 B
Guest => 259955 B

RecycleBin => 0 B
EmptyTemp: => 27.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:58:36 ====
i5-3350P/P8B75-M LX/Kingston DDR3 8GB/GV-N960IXOC/SS-500ET/Seagate VS35.6/Transcend SSD370-128GB/Samsung BX2250 + Dell 1909W
ThinkPad X230 - i7-3520M + Kingston Savage SSD

„Neexistuje důvod, proč by kdokoli chtěl mít doma něco jako počítač"(Ken Olsen)

Neboj se použít SZ a upozornit na své téma ;)

Přehled desktopových socketů a CPU


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 12 hostů