Kontrola logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 20 črc 2017 00:59




Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37140
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 20 črc 2017 09:54

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 20 črc 2017 20:07

# DelFix v1.013 - Logfile created 20/07/2017 at 19:59:36
# Updated 17/04/2016 by Xplode
# Username : Pavel_2 - PAVEL-PC
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\32788R22FWJFW
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Pavel_2\Desktop\adwcleaner_6.047.exe
Deleted : C:\Users\Pavel_2\Desktop\JRT.exe
Deleted : C:\Users\Pavel_2\Desktop\JRT.txt
Deleted : C:\Users\Pavel_2\Desktop\log mbam.txt
Deleted : C:\Users\Pavel_2\Desktop\MBR.dat
Deleted : C:\Users\Pavel_2\Desktop\zoek.exe
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\Pavel_2\Downloads\HijackThis.exe
Deleted : C:\Users\Pavel_2\Downloads\hijackthis.log
Deleted : C:\Users\Pavel_2\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #1783 [JRT Pre-Junkware Removal | 07/14/2017 15:48:51]
Deleted : RP #1784 [Installed Sophos Virus Removal Tool. | 07/14/2017 16:06:31]
Deleted : RP #1785 [Installed Sophos Virus Removal Tool. | 07/14/2017 16:19:07]
Deleted : RP #1786 [zoek.exe restore point | 07/18/2017 02:45:37]

New restore point created !

########## - EOF - ##########

Jeví se to, že by to mohlo být v pořádku.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37140
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 20 črc 2017 22:17

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 21 črc 2017 07:32

Při otevírání stránek v prohlížeči MF mi začalo vyskakovat tohle: Toto připojení není důvěryhodné a pak chyba zabezpečeného spojení (info o neplatném bezpečnostním certifikátu).

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37140
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 21 črc 2017 09:42

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 22 črc 2017 10:12

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2017
Ran by Pavel_2 (administrator) on PAVEL-PC (22-07-2017 10:07:48)
Running from C:\Users\Pavel_2\Desktop
Loaded Profiles: Pavel_2 (Available Profiles: Pavel & Pavel_2)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\PLFSetI.exe
() C:\ACER\Mobility Center\MobilityService.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Realtek Semiconductor Corp.) C:\Users\Pavel_2\AppData\Local\temp\RtkBtMnt.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(AVAST Software s.r.o.) C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Apple Computer, Inc.) C:\Windows\System32\qttask.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Acer Inc.) C:\Program Files\Acer\Acer VCM\acp2HID.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-14] (Egis Incorporated)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-07-18] (Acer Corp.)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [173352 2009-03-18] (CyberLink)
HKLM\...\Run: [QuickTime Task] => C:\Windows\system32\qttask.exe [98304 2013-01-13] (Apple Computer, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvLaunch.exe [213832 2017-07-20] (AVAST Software)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2008-03-25] (UPEK Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\...\Run: [Skype] => C:\Program Files\Skype\\Phone\Skype.exe [25623336 2009-10-09] (Skype Technologies S.A.)
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7658200 2017-06-30] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk [2009-04-01]
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2009-04-26]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Pavel_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk [2009-06-22]
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{26A2367F-A0CA-4B98-A3D3-FB4FD7F65EF9}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{53ADFF44-7CED-4415-973C-870525686BCA}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.cz/
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001 -> DefaultScope {5D1ACDCD-4141-46AA-9485-3CB6B737B5A7} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001 -> {5D1ACDCD-4141-46AA-9485-3CB6B737B5A7} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2017-07-06] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2009-10-09] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Pavel_2\AppData\Roaming\TomTom\HOME\Profiles\f91lty05.default [2017-07-18]
FF NewTab: TomTom\HOME\Profiles\f91lty05.default -> about:newtab
FF Homepage: TomTom\HOME\Profiles\f91lty05.default -> about:home
FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-02-08] [not signed]
FF ProfilePath: C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default [2017-07-22]
FF NewTab: Mozilla\Firefox\Profiles\n8xkgxkm.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\n8xkgxkm.default -> seznam.cz
FF Extension: (No Name) - C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\Extensions\dealio@mybrowserbar.com [2017-07-19] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-09-12] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010-03-22] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2012-09-03] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml [2013-04-18]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml [2013-04-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll [No File]
FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2689332252-1931905943-1140053980-1001: @kb-ext.cz/PKIComponent -> C:\Users\Pavel_2\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2013-12-06] (Komerční banka, a.s.)
FF Plugin HKU\S-1-5-21-2689332252-1931905943-1140053980-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pavel_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2013-04-18] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2013-04-18]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2013-04-18]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2013-04-18]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2013-04-18]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-11] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\Alwil Software\Avast5\aswidsagent.exe [5815840 2017-07-20] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [263312 2017-07-20] (AVAST Software)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] ()
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267008 2017-07-20] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-07-20] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-07-20] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-07-20] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42824 2017-07-06] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39752 2017-07-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [123928 2017-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70088 2017-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70840 2017-07-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774288 2017-07-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [496976 2017-07-06] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202688 2017-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296312 2017-07-06] (AVAST Software)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] () [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47104 2008-05-19] (Atheros Communications, Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-16] (Cyberlink Corp.) [File not signed]
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-11-26] (Samsung Electronics) [File not signed]
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-22 10:07 - 2017-07-22 10:08 - 00020270 _____ C:\Users\Pavel_2\Desktop\FRST.txt
2017-07-22 10:07 - 2017-07-22 10:07 - 00000000 ____D C:\FRST
2017-07-22 00:44 - 2017-07-22 00:44 - 353353400 _____ C:\Windows\MEMORY.DMP
2017-07-22 00:44 - 2017-07-22 00:44 - 00143608 _____ C:\Windows\Minidump\Mini072217-01.dmp
2017-07-22 00:41 - 2017-07-22 10:01 - 01778176 _____ (Farbar) C:\Users\Pavel_2\Desktop\FRST.exe
2017-07-22 00:41 - 2017-07-22 00:41 - 00112086 _____ C:\Users\Pavel_2\Desktop\FRST.exe.part
2017-07-22 00:32 - 2017-07-22 00:32 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-20 22:16 - 2017-07-20 22:16 - 00002070 _____ C:\Users\Pavel_2\Desktop\-.esetstatic.com
2017-07-20 22:09 - 2017-07-20 22:10 - 44861280 _____ (Mozilla) C:\Users\Pavel_2\Desktop\Firefox_Setup_54.0.exe
2017-07-20 20:15 - 2017-07-20 20:15 - 00303280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-20 19:59 - 2017-07-20 20:01 - 00001334 _____ C:\DelFix.txt
2017-07-20 00:37 - 2017-07-20 00:37 - 00000000 ____D C:\Users\Pavel_2\Downloads\backups
2017-07-19 00:54 - 2017-07-20 22:18 - 00000000 ____D C:\Users\Pavel_2\AppData\Local\CrashDumps
2017-07-19 00:25 - 2017-07-19 00:25 - 00000000 ____D C:\Users\Pavel_2\AppData\Local\Adobe
2017-07-18 07:13 - 2017-07-20 19:24 - 00000000 ____D C:\Windows\erdnt
2017-07-18 06:14 - 2017-07-18 04:43 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-07-18 04:43 - 2017-07-20 20:00 - 00000000 ____D C:\zoek_backup
2017-07-14 22:51 - 2017-07-17 22:06 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-07-14 22:50 - 2017-07-15 08:44 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-14 22:49 - 2017-07-14 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-14 22:49 - 2017-07-14 22:49 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-14 18:22 - 2017-07-14 18:22 - 00000000 ____D C:\ProgramData\Sophos
2017-07-14 18:21 - 2017-07-14 18:21 - 00001978 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-07-14 18:21 - 2017-07-14 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-14 18:21 - 2017-07-14 18:21 - 00000000 ____D C:\Program Files\Sophos
2017-07-14 17:41 - 2017-07-14 17:43 - 171330904 _____ (Sophos Limited) C:\Users\Pavel_2\Desktop\Sophos Virus Removal Tool.exe
2017-07-14 10:16 - 2017-07-14 10:16 - 00000000 ____D C:\Users\Pavel_2\AppData\Local\CEF
2017-07-14 10:15 - 2017-07-20 20:00 - 00000000 ____D C:\AdwCleaner
2017-07-14 09:50 - 2017-07-14 09:50 - 00002256 _____ C:\Users\Pavel_2\Desktop\ssl391375.cloudflaressl.com
2017-07-14 09:48 - 2017-07-14 09:48 - 00050688 _____ (Atribune.org) C:\Users\Pavel_2\Downloads\ATF-Cleaner.exe
2017-07-14 09:47 - 2017-07-14 09:47 - 00038137 _____ C:\Users\Pavel_2\Desktop\atf_cleaner.html
2017-07-14 08:08 - 2017-07-14 08:08 - 00001834 _____ C:\Users\Pavel_2\Documents\-.i0.cz.crt
2017-07-14 07:29 - 2017-07-14 07:29 - 00000000 ____D C:\Users\Pavel_2\AppData\Roaming\Hard Disk Sentinel
2017-07-14 07:28 - 2017-07-14 07:33 - 00000000 ____D C:\Program Files\Hard Disk Sentinel
2017-07-14 06:36 - 2017-07-14 08:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-14 06:35 - 2017-07-14 06:35 - 00000863 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-07-14 06:35 - 2017-07-14 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-07-14 06:35 - 2017-07-14 06:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-14 06:35 - 2017-07-14 06:35 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-07-14 06:35 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-07-14 06:35 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-07-14 06:35 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2017-07-14 06:34 - 2017-07-14 06:35 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Pavel_2\Downloads\mbam-setup-2.1.4.1018.exe
2017-07-14 01:20 - 2017-07-09 10:36 - 06753408 _____ (ESET spol. s r.o.) C:\Users\Pavel_2\Desktop\esetonlinescanner_csy.exe
2017-07-13 20:31 - 2017-07-13 20:31 - 00000768 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-13 20:31 - 2017-07-13 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-13 20:31 - 2017-07-13 20:31 - 00000000 ____D C:\Program Files\CCleaner
2017-07-13 20:30 - 2017-07-13 20:30 - 09747512 _____ (Piriform Ltd) C:\Users\Pavel_2\Downloads\ccsetup532 (1).exe
2017-07-13 20:23 - 2017-07-13 20:29 - 07349520 _____ C:\Users\Pavel_2\Downloads\listicka-partner-28314-1.1.18-offline.exe
2017-07-13 20:22 - 2017-07-13 20:22 - 00000000 ____D C:\Users\Pavel_2\AppData\Roaming\Acer
2017-07-01 01:24 - 2017-07-01 04:13 - 1576124464 _____ C:\Users\Pavel_2\Downloads\Sirotcinec-slecny-Peregrinove-pro-podivne-deti-2016-CZ-Dabing.avi
2017-06-30 17:27 - 2017-06-30 18:29 - 21854649 _____ C:\Users\Pavel_2\Downloads\Sirotcinec-slecny-Peregrinove-pro-podivne-deti-2016-CZ-Dabing.avi.5hvdddr.partial
2017-06-23 22:52 - 2017-06-23 22:52 - 00000000 ____D C:\Users\Pavel\AppData\Roaming\Seznam Browser
2017-06-22 17:00 - 2017-06-22 18:35 - 840521614 _____ C:\Users\Pavel_2\Downloads\Dítě-Bridget-Jonesové-(Bridget-Jones's-Baby)-2016_CZ-dabing.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-22 10:07 - 2009-04-01 20:24 - 00112457 _____ C:\ProgramData\nvModes.001
2017-07-22 10:04 - 2009-04-01 18:59 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
2017-07-22 10:03 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-22 10:03 - 2006-11-02 14:47 - 00003216 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-22 10:03 - 2006-11-02 14:47 - 00003216 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-22 00:59 - 2009-08-29 17:20 - 00000012 _____ C:\Windows\bthservsdp.dat
2017-07-22 00:59 - 2006-11-02 15:01 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-22 00:44 - 2009-05-27 23:06 - 00000000 ____D C:\Windows\Minidump
2017-07-20 22:22 - 2008-08-06 10:10 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-20 20:16 - 2009-04-23 23:27 - 00123928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-20 20:14 - 2017-03-17 21:11 - 00276736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-07-20 20:14 - 2017-03-17 21:11 - 00267008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-07-20 20:14 - 2017-03-17 21:11 - 00157416 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-07-20 20:14 - 2017-03-17 21:11 - 00050384 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-07-20 20:03 - 2016-08-03 15:09 - 00000000 _____ C:\Windows\system32\last.dump
2017-07-20 19:55 - 2009-05-30 23:53 - 00105312 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2017-07-20 19:52 - 2006-11-02 14:47 - 00384896 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-20 19:40 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2017-07-19 01:01 - 2006-11-02 12:23 - 00009415 _____ C:\Windows\system.ini
2017-07-19 00:51 - 2013-10-07 21:48 - 00000000 ____D C:\Program Files\Common Files\Java
2017-07-19 00:50 - 2016-11-13 12:38 - 00000000 ____D C:\Program Files\WinRAR
2017-07-18 05:53 - 2009-08-23 17:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-14 10:33 - 2008-01-21 08:47 - 01550958 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-14 10:33 - 2008-01-21 08:46 - 00658498 _____ C:\Windows\system32\perfh005.dat
2017-07-14 10:33 - 2008-01-21 08:46 - 00142552 _____ C:\Windows\system32\perfc005.dat
2017-07-13 20:45 - 2012-10-01 21:53 - 00000000 ____D C:\Program Files\McAfee
2017-07-13 20:45 - 2008-08-06 09:39 - 00000000 ____D C:\ProgramData\McAfee
2017-07-13 20:42 - 2009-05-30 23:53 - 00000000 ____D C:\Users\Pavel_2\AppData\Local\Google
2017-07-13 20:42 - 2009-04-01 18:43 - 00000000 ____D C:\Program Files\Google
2017-07-13 20:37 - 2008-08-11 10:54 - 00000000 ____D C:\Windows\Panther
2017-07-11 21:26 - 2012-08-07 21:13 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-07-11 21:26 - 2011-05-17 20:46 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-07-06 20:18 - 2013-04-01 14:42 - 00296312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-06 20:17 - 2016-06-28 23:53 - 00202688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-07-06 20:17 - 2014-06-25 23:13 - 00042824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-06 20:17 - 2014-06-25 23:11 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-06 20:17 - 2013-04-01 14:42 - 00070840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-06 20:17 - 2009-04-23 23:27 - 00496976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-06 20:17 - 2009-04-23 23:27 - 00070088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-07-06 20:16 - 2016-06-28 23:52 - 00039752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-06 20:16 - 2011-07-31 20:22 - 00774288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-03 12:31 - 2015-02-05 22:00 - 00000000 ____D C:\Users\Pavel_2\Documents\Scan
2017-07-02 17:16 - 2013-10-14 22:19 - 00000000 ____D C:\Users\Pavel_2\Documents\O2
2017-07-02 16:34 - 2009-06-01 21:56 - 00073728 _____ C:\Users\Pavel_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-02 13:05 - 2013-07-29 15:20 - 00000000 ____D C:\Users\Pavel_2\Documents\Výpisy z účtu
2017-07-01 22:47 - 2009-04-01 20:14 - 00112457 _____ C:\ProgramData\nvModes.dat
2017-07-01 10:56 - 2010-02-11 11:46 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI

==================== Files in the root of some directories =======

2017-06-19 21:09 - 2017-06-19 21:09 - 0000000 _____ () C:\Users\Pavel_2\AppData\Roaming\wklnhst.dat
2009-06-01 21:56 - 2017-07-02 16:34 - 0073728 _____ () C:\Users\Pavel_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-04-01 19:21 - 2012-11-08 21:28 - 0003540 _____ () C:\ProgramData\ArcadeDeluxe2.log
2009-05-04 11:45 - 2009-05-04 11:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-04-01 20:24 - 2017-07-22 10:07 - 0112457 _____ () C:\ProgramData\nvModes.001
2009-04-01 20:14 - 2017-07-01 22:47 - 0112457 _____ () C:\ProgramData\nvModes.dat
2010-02-11 12:29 - 2013-03-24 13:18 - 0000024 _____ () C:\ProgramData\__FileUploader.log

Files to move or delete:
====================
C:\Users\Pavel\instmsia.exe
C:\Users\Pavel\instmsiw.exe
C:\Users\Pavel\setup.exe


Some files in TEMP:
====================
2017-07-20 00:26 - 2017-07-20 00:26 - 0204800 _____ (Realtek Semiconductor Corp.) C:\Users\Pavel_2\AppData\Local\temp\RtkBtMnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-22 10:09

==================== End of FRST.txt ============================

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 22 črc 2017 10:13

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by Pavel_2 (22-07-2017 10:09:24)
Running from C:\Users\Pavel_2\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2009-04-20 22:32:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2689332252-1931905943-1140053980-500 - Administrator - Disabled)
Guest (S-1-5-21-2689332252-1931905943-1140053980-501 - Limited - Disabled)
Pavel (S-1-5-21-2689332252-1931905943-1140053980-1000 - Administrator - Enabled) => C:\Users\Pavel
Pavel_2 (S-1-5-21-2689332252-1931905943-1140053980-1001 - Administrator - Enabled) => C:\Users\Pavel_2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
FormatFactory 3.5.0.0 (HKLM\...\FormatFactory) (Version: 3.5.0.0 - Format Factory)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer 97 (HKLM\...\PPTView97) (Version: - )
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
NVIDIA Ovladač HD audia 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Pinnacle Studio 15 (HKLM\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
RogueKiller version 12.11.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.5.0 - Adlice Software)
Sada Compatibility Pack pro systém Office 2007 (HKLM\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.05.92 (14.3.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.29.02(19.6.2014) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM\...\Samsung M2070 Series) (Version: 1.16 (18.8.2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.0.15 - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM\...\Samsung Scan Process Machine) (Version: 1.02.07.02 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Software Intel(R) PROSet/Wireless WiFi (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
TomTom HOME (HKLM\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Název společnosti:)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Zobrazit uživatelskou příručku (HKLM\...\View User Guide) (Version: 3.60.43.0 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{be328dbe-9f5b-407f-BAFF-827fc6db1aa4}\InprocServer32 -> C:\Users\Pavel_2\AppData\Roaming\KB-ext\lib\x86\PKIComponentAX-kbext.dll (Komerční banka, a.s.)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-05-14] (Egis Inc.)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers01: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-05-14] (Egis Incorporated.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers04: [EDSshellExt] -> {29FF7AB0-BE34-4992-A30B-53A9D86EE239} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll [2008-05-14] (Egis Incorporated.)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()
ContextMenuHandlers05: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2008-07-18] (NVIDIA Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2008-09-16] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {253E42C4-5CAA-42C5-B5F2-7C4C01222A0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {40C9B193-FF75-4448-ADDE-69397437094E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {4191A5B2-ECA8-4179-92A4-30450DC6AA3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {42BBDAB2-DEEE-48C3-A5EE-3CD6C29065FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {7F712886-C716-427E-AF98-FDB4C7B6B281} - System32\Tasks\{F6E56D0C-B6CF-4F0C-AA67-D0C1B5C4909E} => C:\Program Files\Skype\Phone\Skype.exe [2009-10-09] (Skype Technologies S.A.)
Task: {97AC1689-23A2-435D-BAAF-E0C5641D7C4D} - System32\Tasks\Avast Emergency Update => C:\Program Files\Alwil Software\Avast5\AvEmUpdate.exe [2017-07-20] (AVAST Software)
Task: {E440AC8E-7067-4EC9-A201-EDD420A77282} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {E44DB6CC-4161-4627-9E03-D52AFA2A282B} - System32\Tasks\{1A5CF578-7C22-47B9-A94E-008280F2C782} => C:\Windows\system32\pcalua.exe -a C:\Users\Pavel_2\Downloads\TurboFLOORPLANCZ.exe -d C:\Users\Pavel_2\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-20 20:15 - 2017-07-20 20:15 - 00170224 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2017-07-20 20:15 - 2017-07-20 20:15 - 00192664 _____ () C:\Program Files\Alwil Software\Avast5\event_routing_rpc.dll
2017-07-20 20:15 - 2017-07-20 20:15 - 00224256 _____ () C:\Program Files\Alwil Software\Avast5\tasks_core.dll
2017-07-22 00:28 - 2017-07-22 00:28 - 05886720 _____ () C:\Program Files\Alwil Software\Avast5\defs\17072102\algo.dll
2017-07-20 20:15 - 2017-07-20 20:15 - 00689272 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2017-07-20 20:15 - 2017-07-20 20:15 - 00231664 _____ () C:\Program Files\Alwil Software\Avast5\streamback.dll
2008-10-16 16:57 - 2008-10-16 16:57 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2015-01-19 22:22 - 2013-05-29 14:03 - 00024064 _____ () C:\Windows\System32\ssm4mlm.dll
2009-04-01 19:31 - 2008-01-16 18:35 - 00081504 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2016-11-13 12:38 - 2008-09-16 21:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2008-08-06 09:38 - 2008-06-02 09:25 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-04-01 18:57 - 2009-04-01 18:57 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-04-01 18:57 - 2009-04-01 18:57 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-04-01 18:57 - 2009-04-01 18:57 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-04-01 18:57 - 2009-04-01 18:57 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-04-01 18:57 - 2009-04-01 18:57 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-08-06 09:50 - 2008-05-30 12:22 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2009-04-01 18:57 - 2009-04-01 18:57 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2008-08-06 09:48 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2008-08-06 09:48 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2008-08-06 09:48 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2008-08-06 09:48 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2008-05-14 17:05 - 2008-05-14 17:05 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2009-04-01 18:51 - 2007-10-23 10:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2008-08-06 10:22 - 2007-12-06 16:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-08-06 10:22 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2009-06-02 22:06 - 2008-10-20 22:18 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe
2017-07-20 20:15 - 2017-07-20 20:15 - 00134928 _____ () c:\Program Files\Alwil Software\Avast5\vaarclient.dll
2009-03-18 11:43 - 2009-03-18 11:43 - 00841000 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-03-18 11:43 - 2009-03-18 11:43 - 00013096 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2012-03-09 10:58 - 2012-03-09 10:58 - 00350072 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 10:58 - 2012-03-09 10:58 - 00056696 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2009-04-01 19:51 - 2007-09-11 11:12 - 00475136 _____ () C:\Program Files\Acer\Acer VCM\AcerControl.dll
2009-01-14 20:23 - 2009-01-14 20:23 - 00963072 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2017-07-20 20:15 - 2017-07-20 20:15 - 01059160 _____ () C:\Program Files\Alwil Software\Avast5\AvChrome.dll
2016-06-28 23:50 - 2016-06-28 23:50 - 48936448 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2017-07-20 20:14 - 2017-07-20 20:14 - 00292920 _____ () C:\Program Files\Alwil Software\Avast5\gaming_mode_ui.dll
2017-06-30 13:22 - 2017-06-30 13:22 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4F636E25 [256]
AlternateDataStreams: C:\ProgramData\Temp:793F316E [106]
AlternateDataStreams: C:\ProgramData\Temp:C95B63DA [118]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\...\mojeplatba.cz -> hxxps://www.mojeplatba.cz

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2017-07-19 01:01 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pavel_2\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{DCDD0EA7-483E-4497-9B75-D970EA181106}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{6A02BA5B-5B04-46EF-8028-CEFE3E35950F}] => (Allow) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{F58C8BCA-16F2-4162-9B88-48F0B258FFDD}] => (Allow) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{C2F73ED5-58E1-4D6F-94B8-F0587A0480E9}] => (Allow) C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{55DCA259-5657-4AB2-B4DC-A134F856F7B2}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{BE69A992-6AB4-4F72-B7AB-8876DA8EAD69}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C0231E89-65F9-4CEC-B8F9-D58A41673DFA}C:\klára\icq6.5\icq.exe] => (Block) C:\klára\icq6.5\icq.exe
FirewallRules: [UDP Query User{538CF1CF-D78E-4A55-9EC4-6D940D196D0C}C:\klára\icq6.5\icq.exe] => (Block) C:\klára\icq6.5\icq.exe
FirewallRules: [TCP Query User{4F0AEAAC-FD2E-4AD9-8782-A0936D685685}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{11095FA4-3098-45FB-A277-64E5650C0E77}C:\program files\google\google earth\client\googleearth.exe] => (Block) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [{852BD9F4-6710-4EF2-9F39-04A0247E7EBC}] => (Allow) LPort=80
FirewallRules: [{FD19026F-C424-4DE2-AED5-F123378EEE98}] => (Allow) LPort=80
FirewallRules: [{31506E90-A3E1-4A1B-8F45-1EFBF844AEC0}] => (Allow) LPort=80
FirewallRules: [{D9273E75-F189-4B9E-9226-EE3E5F0FEB7C}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{E24D6E4A-5B91-47CC-A7E6-35155680B50E}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{5008D037-DD61-40E4-A237-C2E9A8496CF5}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{DF495A21-78E5-4FAC-8E3B-CB3B7418887A}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{DC1A9FB1-A817-4C58-BE25-9C82BD784C94}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{FD20FD93-9FE2-4A94-9169-C559F28B3BD1}] => (Allow) C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [TCP Query User{DC461426-3BE9-437C-94AB-22EE4FE13C9C}C:\program files\pinnacle\studio 15\programs\studio.exe] => (Block) C:\program files\pinnacle\studio 15\programs\studio.exe
FirewallRules: [UDP Query User{CD339017-57B8-4EAC-9101-9A7665E4CB3E}C:\program files\pinnacle\studio 15\programs\studio.exe] => (Block) C:\program files\pinnacle\studio 15\programs\studio.exe
FirewallRules: [{74815076-A76A-4F4C-841E-A104FD6012DD}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8A2A6363-0D67-40E0-BAC9-ACCAC61A66EB}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{25425570-07B5-40D4-92ED-4E7F7E2A61C2}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{AC2D9B8C-1E0F-429C-88D3-A57299169C9E}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{AA4D0104-97AB-4D51-9854-8BF10DD143D2}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D80B63E4-DA20-4F20-9E0A-96F47E3F2A3F}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{A7C0C2C3-F1F1-4BC2-9532-05B173DEFDCD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{0199EA94-38DE-4A15-8AC2-736867DADD93}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{5D3FA6E8-0C91-42F0-B929-C1936AE174F8}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{04E808A4-4830-462C-BD09-7CAC3B0825BD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{3496AAC5-F391-4D28-B95F-8C571262BB3D}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{19069A1F-32C9-4AB0-803B-3F8B960C46EB}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{2F905A21-B562-497F-A5AD-F99A1D9FBB27}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{AAB07B01-3522-428D-B84C-831FEA4F4761}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{754E5FF0-0180-4DBE-BB5B-3D60ED21EF4A}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{CCC85929-D78F-49F6-9B96-705D9BDCCBC3}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{22523383-6A34-46FC-BE47-3F1F4BB0C3BF}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{13552591-08C7-4670-AA88-A78A9DC9EE0A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{9987B752-3299-4528-A9CA-84990AEE808E}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{BB38C142-694A-4C7B-8B4D-315BB0182118}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{830C24CF-D914-4B83-A055-3EA8FCD0C40F}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [TCP Query User{D404F1BA-9185-45D5-9408-334DA69739E8}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{A6DE45F5-AE7E-4786-BA12-9AEF01064554}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe

==================== Restore Points =========================

20-07-2017 20:00:43 End of disinfection

==================== Faulty Device Manager Devices =============

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2017 10:04:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/22/2017 12:45:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/22/2017 12:30:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/22/2017 12:27:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/21/2017 07:02:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 10:23:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace SearchIndexer.exe, verze 7.0.6002.18005, časové razítko 0x49e02459, chybující modul unknown, verze 0.0.0.0, časové razítko 0x00000000, kód výjimky 0xc0000005, posun chyby 0x00000000,
ID procesu 0xdb4, čas spuštění aplikace 0x01d301930d79e0bb.

Error: (07/20/2017 10:18:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Chybující aplikace firefox.exe, verze 1.9.2.4182, časové razítko 0x4df8638f, chybující modul NPSWF32_26_0_0_137.dll_unloaded, verze 0.0.0.0, časové razítko 0x594d53e2, kód výjimky 0xc0000005, posun chyby 0x0afc85c9,
ID procesu 0x151c, čas spuštění aplikace 0x01d301952ee11b9b.

Error: (07/20/2017 10:02:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 08:21:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 08:00:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {09a89a6f-4872-4c3e-ade0-1698e4a096d5}


System errors:
=============
Error: (07/22/2017 10:06:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Mezipaměť písem Windows neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/22/2017 10:06:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Mezipaměť písem Windows bylo dosaženo časového limitu (30000 ms).

Error: (07/22/2017 12:44:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (0:42:56, 22.7.2017) bylo neočekávané.

Error: (07/22/2017 12:33:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft .NET Framework NGEN v4.0.30319_X86 bylo dosaženo časového limitu (30000 ms).

Error: (07/22/2017 12:29:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (0:27:37, 22.7.2017) bylo neočekávané.

Error: (07/21/2017 07:05:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft .NET Framework NGEN v4.0.30319_X86 bylo dosaženo časového limitu (30000 ms).

Error: (07/20/2017 10:23:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (07/20/2017 10:03:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Windows Media Player Network Sharing neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/20/2017 10:03:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Windows Media Player Network Sharing bylo dosaženo časového limitu (30000 ms).

Error: (07/20/2017 08:30:28 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače NB-DELL,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{53ADFF44-7CED-4415-973C-870525686B.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.


CodeIntegrity:
===================================
Date: 2017-07-22 10:09:12.427
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-22 10:09:11.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-22 10:09:10.823
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-22 10:09:09.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-22 10:09:08.271
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-22 10:09:07.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-22 10:09:06.551
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-22 10:09:05.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-22 10:08:06.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-07-22 10:08:06.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 68%
Total physical RAM: 3066.12 MB
Available physical RAM: 976.59 MB
Total Virtual: 6332.53 MB
Available Virtual: 4282.35 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.04 GB) (Free:66.39 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:140.5 GB) (Free:97.15 GB) NTFS
Drive e: () (Removable) (Total:7.6 GB) (Free:7.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 8CF27C7C)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=140.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.5 GB) - (Type=12)

========================================================
Disk: 1 (Size: 7.6 GB) (Disk ID: A15B14E1)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=0B)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37140
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 22 črc 2017 11:58

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001 -> DefaultScope {5D1ACDCD-4141-46AA-9485-3CB6B737B5A7} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001 -> {5D1ACDCD-4141-46AA-9485-3CB6B737B5A7} URL = hxxps://www.google.com/search?q={searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF Extension: (No Name) - C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\Extensions\dealio@mybrowserbar.com [2017-07-19] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010-03-22] [not signed]
FF Plugin: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll [No File]
FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2689332252-1931905943-1140053980-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pavel_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx
C:\ProgramData\nvModes.001
C:\Program Files\McAfee
C:\ProgramData\McAfee
C:\ProgramData\nvModes.dat
C:\Users\Pavel_2\AppData\Roaming\wklnhst.dat
C:\ProgramData\ezsidmv.dat
C:\ProgramData\__FileUploader.log
C:\Users\Pavel\instmsia.exe
C:\Users\Pavel\instmsiw.exe
C:\Users\Pavel\setup.exe
Task: {253E42C4-5CAA-42C5-B5F2-7C4C01222A0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4191A5B2-ECA8-4179-92A4-30450DC6AA3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
AlternateDataStreams: C:\ProgramData\Temp:4F636E25 [256]
AlternateDataStreams: C:\ProgramData\Temp:793F316E [106]
AlternateDataStreams: C:\ProgramData\Temp:C95B63DA [118]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [128]
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 22 črc 2017 12:34

Fix result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by Pavel_2 (22-07-2017 12:19:59) Run:1
Running from C:\Users\Pavel_2\Desktop
Loaded Profiles: Pavel_2 (Available Profiles: Pavel & Pavel_2)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001 -> DefaultScope {5D1ACDCD-4141-46AA-9485-3CB6B737B5A7} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2689332252-1931905943-1140053980-1001 -> {5D1ACDCD-4141-46AA-9485-3CB6B737B5A7} URL = hxxps://www.google.com/search?q={searchTerms}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF Extension: (No Name) - C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\Extensions\dealio@mybrowserbar.com [2017-07-19] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010-03-22] [not signed]
FF Plugin: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll [No File]
FF Plugin: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2689332252-1931905943-1140053980-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pavel_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak] - hxxps://clients2.google.com/service/update2/crx
C:\ProgramData\nvModes.001
C:\Program Files\McAfee
C:\ProgramData\McAfee
C:\ProgramData\nvModes.dat
C:\Users\Pavel_2\AppData\Roaming\wklnhst.dat
C:\ProgramData\ezsidmv.dat
C:\ProgramData\__FileUploader.log
C:\Users\Pavel\instmsia.exe
C:\Users\Pavel\instmsiw.exe
C:\Users\Pavel\setup.exe
Task: {253E42C4-5CAA-42C5-B5F2-7C4C01222A0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4191A5B2-ECA8-4179-92A4-30450DC6AA3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
AlternateDataStreams: C:\ProgramData\Temp:4F636E25 [256]
AlternateDataStreams: C:\ProgramData\Temp:793F316E [106]
AlternateDataStreams: C:\ProgramData\Temp:C95B63DA [118]
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 [128]
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key removed successfully.
HKLM\Software\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully.
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D1ACDCD-4141-46AA-9485-3CB6B737B5A7} => key removed successfully.
HKLM\Software\Classes\CLSID\{5D1ACDCD-4141-46AA-9485-3CB6B737B5A7} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key removed successfully.
HKLM\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} => key removed successfully.
HKLM\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key removed successfully.
HKLM\Software\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => key removed successfully.
HKLM\Software\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} => key not found.
C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\Extensions\dealio@mybrowserbar.com => moved successfully
C:\Users\Pavel_2\AppData\Roaming\Mozilla\Firefox\Profiles\n8xkgxkm.default\Extensions\dealio@mybrowserbar.com => path removed successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} => moved successfully
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} => path removed successfully.
HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027 => key removed successfully.
HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040 => key removed successfully.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully.
C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll => moved successfully
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully.
"C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll" => not found.
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => key removed successfully.
C:\Users\Pavel_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully.
HKU\S-1-5-21-2689332252-1931905943-1140053980-1001\SOFTWARE\Google\Chrome\Extensions\olfeabkoenfaoljndfecamgilllcpiak => key removed successfully.
C:\ProgramData\nvModes.001 => moved successfully
C:\Program Files\McAfee => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\ProgramData\nvModes.dat => moved successfully
C:\Users\Pavel_2\AppData\Roaming\wklnhst.dat => moved successfully
C:\ProgramData\ezsidmv.dat => moved successfully
C:\ProgramData\__FileUploader.log => moved successfully
C:\Users\Pavel\instmsia.exe => moved successfully
C:\Users\Pavel\instmsiw.exe => moved successfully
C:\Users\Pavel\setup.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{253E42C4-5CAA-42C5-B5F2-7C4C01222A0C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{253E42C4-5CAA-42C5-B5F2-7C4C01222A0C} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4191A5B2-ECA8-4179-92A4-30450DC6AA3A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4191A5B2-ECA8-4179-92A4-30450DC6AA3A} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully.
C:\ProgramData\Temp => ":4F636E25" ADS removed successfully..
C:\ProgramData\Temp => ":793F316E" ADS removed successfully..
C:\ProgramData\Temp => ":C95B63DA" ADS removed successfully..
C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully..
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16085990 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 37606 B
Edge => 0 B
Chrome => 0 B
Firefox => 28666572 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 1055 B
LocalService => 33125 B
NetworkService => 33125 B
Pavel => 5257466 B
Pavel_2 => 11400120 B

RecycleBin => 0 B
EmptyTemp: => 58.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:21:30 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37140
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod jaro3 » 22 črc 2017 18:21

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Jaros
Level 2
Level 2
Příspěvky: 216
Registrován: květen 09
Pohlaví: Muž

Re: Kontrola logu

Příspěvekod Jaros » 22 črc 2017 22:53

Jeví se to pořádku.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 4 hosti