Prosím o kontrolu logu Vyřešeno

[vanaondrej10]

záložky vyřešeny-> omyl

[Reklama]

[vanaondrej10]

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Ondra on st 11.10.2017 at 19:09:23,20.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Ondra\Desktop\Vyčištění PC\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11.10.2017 19:10:27 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\HPQLOG deleted successfully
C:\PROGRA~2\ReviverSoft deleted successfully
C:\PROGRA~2\Symantec deleted successfully
C:\Users\Ondra\AppData\Roaming\HMYGSetting deleted successfully
C:\Users\Ondra\AppData\Roaming\Loc deleted successfully
C:\Users\Ondra\AppData\Local\iRinger deleted successfully
C:\Users\Ondra\AppData\Local\PDFC deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-337637791-2363233718-2110463198-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C9367ED7-DCA2-46AC-95BA-07AF68C17B5D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9367ED7-DCA2-46AC-95BA-07AF68C17B5D} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-337637791-2363233718-2110463198-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsDrvInst deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsDrvInst deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WsDrvInst deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsDrvInst deleted successfully

==== Deleting Files \ Folders ======================

C:\Program Files\VstPlugins deleted
C:\Users\Ondra\AppData\Roaming\Free Download Manager deleted
C:\Users\Ondra\AppData\Roaming\HandBrake deleted
C:\Users\Ondra\.android deleted
C:\Users\Ondra\AppData\Roaming\Wondershare deleted
C:\PROGRA~2\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18} deleted
C:\PROGRA~2\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Ondra\AppData\Local\Wondershare deleted
C:\Windows\system32\config\systemprofile\AppData\Local\AVAST Software deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
"C:\Program Files\Wondershare\WAF\2.4.3.229\Newtonsoft.Json.dll" deleted
"C:\Program Files\Wondershare\WAF\2.4.3.229\WsAppCollect.dll" deleted
"C:\Program Files\Wondershare\WAF\2.4.3.229\WsAppCommon.dll" not deleted
"C:\Program Files\Wondershare\WAF\2.4.3.229\WsAppService.exe" not deleted
"C:\Users\Ondra\AppData\Local\AVAST Software\APM\Ondra\kv_pam.db" not deleted
"C:\Users\Ondra\AppData\Local\AVAST Software\APM\Ondra\kv_pamcore.db" not deleted
"C:\Users\Ondra\AppData\Local\AVAST Software\APM\Ondra\kv_pampub.db" not deleted
"C:\Users\Ondra\AppData\Local\AVAST Software\APM\Ondra\pam.db" not deleted
"C:\Program Files\Wondershare" not deleted
"C:\Users\Ondra\AppData\Local\AVAST Software" not deleted
"C:\Program Files\Wondershare\WAF" not deleted
"C:\Program Files\Wondershare\WAF\2.4.3.229" not deleted
"C:\Users\Ondra\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\Ondra\AppData\Local\AVAST Software\APM\Ondra" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"otis@digitalpersona.com"="c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt" [07.11.2015 01:53]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"fdm_ffext@freedownloadmanager.org"="C:\Program Files\Free Download Manager\Firefox\Extension" [23.06.2017 15:27]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
clgckgfbhciacomhlchmgdnplmdiadbj - No path found[]

User-Agent Switcher for Chrome - Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg
Superblock Extended - Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmljjoddjjkoidiahlgbgjjgodcajhgf
Chrome Media Router - Ondra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox"

==== Reset Google Chrome ======================

C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MfeEpePcMonitor deleted successfully

==== Empty IE Cache ======================

C:\Users\Ondra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Ondra\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=89 folders=39 84217059 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ondra\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Ondra\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files\Wondershare\WAF\2.4.3.229\WsAppCommon.dll" not found
"C:\Program Files\Wondershare\WAF\2.4.3.229\WsAppService.exe" not found
"C:\Users\Ondra\AppData\Local\AVAST Software\APM\Ondra\kv_pam.db" not found
"C:\Users\Ondra\AppData\Local\AVAST Software\APM\Ondra\kv_pamcore.db" not found
"C:\Users\Ondra\AppData\Local\AVAST Software\APM\Ondra\kv_pampub.db" not found
"C:\Users\Ondra\AppData\Local\AVAST Software\APM\Ondra\pam.db" not found
"C:\Program Files\Wondershare" not found
"C:\Users\Ondra\AppData\Local\AVAST Software" not found

==== EOF on st 11.10.2017 at 19:23:58,52 ======================

[vanaondrej10]

ComboFix 17-10-04.01 - Ondra 11.10.2017 19:42:20.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2985.1909 [GMT 2:00]
Spuštěný z: c:\users\Ondra\Desktop\VyŔiÜtýnÝ PC\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-09-11 do 2017-10-11 )))))))))))))))))))))))))))))))
.
.
2017-10-11 17:49 . 2017-10-11 17:50 -------- d-----w- c:\users\Ondra\AppData\Local\temp
2017-10-11 17:49 . 2017-10-11 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-10-11 17:39 . 2017-10-11 17:39 -------- d-----w- c:\programdata\SWCUTemp
2017-10-11 17:23 . 2017-10-11 17:23 -------- d-----w- c:\programdata\HPQLOG
2017-10-11 17:20 . 2017-10-11 17:09 24064 ----a-w- c:\windows\zoek-delete.exe
2017-10-11 17:08 . 2017-10-11 17:19 -------- d-----w- C:\zoek_backup
2017-10-11 11:08 . 2017-10-11 11:08 11285920 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5A6FE3F-C742-417D-9BA8-CEABA93EC78A}\mpengine.dll
2017-10-11 11:05 . 2017-10-11 11:05 -------- d-----w- c:\program files\AVAST Software
2017-10-11 11:05 . 2017-10-11 12:07 -------- d-----w- c:\programdata\AVAST Software
2017-10-11 09:36 . 2017-10-11 16:39 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-10-11 08:01 . 2017-10-11 08:02 -------- d-----w- c:\programdata\RogueKiller
2017-10-10 16:02 . 2017-10-10 16:02 -------- d-----w- c:\programdata\Sophos
2017-10-10 16:02 . 2017-10-10 16:02 -------- d-----w- c:\program files\Sophos
2017-10-10 14:29 . 2017-10-10 14:35 -------- d-----w- c:\program files\YoutubersLife.v1.0.4
2017-10-10 11:42 . 2017-10-11 17:23 221112 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-10-10 11:41 . 2017-10-04 11:15 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-10-10 11:41 . 2017-10-10 11:41 -------- d-----w- c:\programdata\Malwarebytes
2017-10-09 13:44 . 2017-10-09 13:44 -------- d-----w- c:\program files\Barvy
2017-10-07 13:58 . 2017-10-07 13:58 -------- d-----w- C:\HP_TOOLS_mountHPSF
2017-09-17 09:20 . 2017-09-17 09:20 -------- d-----w- c:\program files\Malwarebytes
2017-09-12 16:14 . 2017-09-12 16:14 -------- d-----w- c:\programdata\ProductFeatures
2017-09-12 16:06 . 2017-09-12 16:06 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2017-09-12 16:06 . 2017-09-12 16:06 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2017-09-12 16:04 . 2017-09-12 16:05 -------- d-----w- c:\programdata\Wondershare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-28 15:14 . 2017-03-05 13:01 3343040 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2017-08-15 15:10 . 2017-08-29 10:05 1499648 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-08-11 06:19 . 2017-09-13 12:31 254464 ----a-w- c:\windows\system32\schannel.dll
2017-08-11 06:19 . 2017-09-13 12:31 141312 ----a-w- c:\windows\system32\rpchttp.dll
2017-07-29 14:50 . 2017-08-09 10:45 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-07-21 14:26 . 2017-08-09 10:45 282624 ----a-w- c:\windows\system32\mstext40.dll
2017-07-21 14:26 . 2017-08-09 10:45 518144 ----a-w- c:\windows\system32\msjetoledb40.dll
2017-07-21 14:26 . 2017-08-09 10:45 290816 ----a-w- c:\windows\system32\msjtes40.dll
2017-07-21 14:26 . 2017-08-09 10:45 409600 ----a-w- c:\windows\system32\msexch40.dll
2017-07-14 15:10 . 2017-08-09 10:45 382976 ----a-w- c:\windows\system32\wer.dll
2017-07-14 15:10 . 2017-08-09 10:45 1549824 ----a-w- c:\windows\system32\tquery.dll
2017-07-14 15:10 . 2017-08-09 10:45 1363968 ----a-w- c:\windows\system32\Query.dll
2017-07-14 15:10 . 2017-08-09 10:45 1400320 ----a-w- c:\windows\system32\mssrch.dll
2017-07-14 15:10 . 2017-08-09 10:45 666624 ----a-w- c:\windows\system32\mssvp.dll
2017-07-14 15:10 . 2017-08-09 10:45 337408 ----a-w- c:\windows\system32\mssph.dll
2017-07-14 15:10 . 2017-08-09 10:45 197120 ----a-w- c:\windows\system32\mssphtb.dll
2017-07-14 15:10 . 2017-08-09 10:45 104448 ----a-w- c:\windows\system32\mssitlb.dll
2017-07-14 15:10 . 2017-08-09 10:45 59392 ----a-w- c:\windows\system32\msscntrs.dll
2017-07-14 15:10 . 2017-08-09 10:45 34816 ----a-w- c:\windows\system32\mssprxy.dll
2017-07-14 15:00 . 2017-08-09 10:45 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-07-14 15:00 . 2017-08-09 10:45 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-07-14 14:59 . 2017-08-09 10:45 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-07-14 14:59 . 2017-08-09 10:45 9728 ----a-w- c:\windows\system32\msshooks.dll
2017-07-14 14:50 . 2017-08-09 10:45 54272 ----a-w- c:\windows\system32\wermgr.exe
2017-07-14 14:50 . 2017-08-09 10:45 28672 ----a-w- c:\windows\system32\werdiagcontroller.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\
MEGA (Pending)]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2017-06-07 20:07 569856 ----a-w- c:\users\Ondra\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\
MEGA (Synced)]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2017-06-07 20:07 569856 ----a-w- c:\users\Ondra\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\
MEGA (Syncing)]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2017-06-07 20:07 569856 ----a-w- c:\users\Ondra\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-03-05 13:21 1602248 ----a-w- c:\users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-03-05 13:21 1602248 ----a-w- c:\users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-03-05 13:21 1602248 ----a-w- c:\users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-03-05 13:21 1602248 ----a-w- c:\users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-03-05 13:21 1602248 ----a-w- c:\users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-09-28 15:20 2179272 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-09-28 15:20 2179272 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-09-28 15:20 2179272 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-10-11 11:09 1395224 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2017-07-14 67384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 187672]
"HP KEYBOARDx"="c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-03-09 12310616]
"HPSYSDRV"="c:\program files\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2017-07-14 267064]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-10-11 253344]
.
c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEGAsync.lnk - c:\users\Ondra\AppData\Local\MEGAsync\MEGAsync.exe [2017-6-21 5415936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-01-31 22:19 75648 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
backup=c:\windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk]
path=c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
backup=c:\windows\pss\MEGAsync.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Poslat do aplikace OneNote.lnk]
path=c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk
backup=c:\windows\pss\Poslat do aplikace OneNote.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2017-07-14 09:19 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2017-02-15 10:25 1193728 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2017-08-16 07:03 15866480 ----a-w- c:\users\Ondra\AppData\Roaming\Spotify\Spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2017-08-16 07:03 1580144 ----a-w- c:\users\Ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2017-08-04 10:03 2150336 ----a-w- c:\users\Ondra\AppData\Roaming\uTorrent\uTorrent.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-10-11 149824]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R2 WsAppService;Wondershare Application Framework Service;c:\program files\Wondershare\WAF\2.4.3.229\WsAppService.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [2017-10-11 5828816]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-10-11 42856]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2012-01-31 51512]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2012-01-31 477056]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-08-13 104960]
R3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\DRIVERS\tmhidusb.sys [2016-11-28 164512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidshx.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswblogx.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbunivx.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-10-11 255624]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-10-11 777952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-10-11 499560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-10-11 124952]
S2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-09-08 4939976]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-03-09 372824]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-08-07 4430792]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-03-21 1327104]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2017-02-15 1719552]
S2 tmInstall;Thrustmaster® Device Driver Installer;c:\program files\Thrustmaster\FFB Racing wheel\drivers\x86\tmInstall.EXE [2016-11-28 106144]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-12 21096]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-12 25448]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2012-10-18 1570304]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2017-10-11 221112]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-04-11 46080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-19 381032]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-09-27 15:02 1450840 ----a-w- c:\program files\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-06 23:59]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: Stáhnout FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files\Free Download Manager\dlall.htm
Trusted Zone: sharepoint.com\zsostasovcz-files
Trusted Zone: sharepoint.com\zsostasovcz-myfiles
TCP: DhcpNameServer = 10.0.0.138 192.168.0.15
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-WSHelperSetup.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-Run-WSHelperSetup.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM_ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
AddRemove-HP Remote Solution - c:\programdata\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}\HP_Remote_Solution_Install.exe
AddRemove-rFactor - c:\users\Ondra\Desktop\Rfactor SP mod\rFactor\Uninstall.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{C611CF88-969D-43E6-A877-D6D6439DD081} - c:\programdata\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}\HP_Remote_Solution_Install.exe
AddRemove-{ec50c375-be9a-4642-9b8c-86dcc42e39c3} - c:\programdata\Package Cache\{ec50c375-be9a-4642-9b8c-86dcc42e39c3}\LauncherPrereqSetup_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\DPFPApi.DLL
.
Celkový čas: 2017-10-11 19:50:52
ComboFix-quarantined-files.txt 2017-10-11 17:50
.
Před spuštěním: Volných bajtů: 222 601 142 272
Po spuštění: Volných bajtů: 222 258 753 536
.
- - End Of File - - 16E528B75AF8272FDC92EA314DC685BF
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
Folder::
c:\program files\Skype\Updater

Driver::
SkypeUpdate

DDS::
uInternet Settings,ProxyOverride = *.local

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.


[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"=

máš schválně vypnuty aktualizace?

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[vanaondrej10]

Aktualizace automaticky mam vyplé naschvál.
Logy dnes doplnim.
Je dulezite, programy ukladat na plochu?
Mam slozku na plose “Vyčištění PC” a tam ukladam vsechny logy a programy z tveho navodu. Tak kdyztak si to vse prezahnu na plochu, ale chtel sem to mit serazene.

[vanaondrej10]

ComboFix 17-10-04.01 - Ondra 12.10.2017 13:21:00.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2985.1601 [GMT 2:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-09-12 do 2017-10-12 )))))))))))))))))))))))))))))))
.
.
2017-10-12 11:28 . 2017-10-12 11:33 -------- d-----w- c:\users\Ondra\AppData\Local\temp
2017-10-12 11:28 . 2017-10-12 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-10-12 11:18 . 2017-10-12 11:18 -------- d-----w- c:\programdata\SWCUTemp
2017-10-11 17:23 . 2017-10-11 17:23 -------- d-----w- c:\programdata\HPQLOG
2017-10-11 17:20 . 2017-10-11 17:09 24064 ----a-w- c:\windows\zoek-delete.exe
2017-10-11 17:08 . 2017-10-11 17:19 -------- d-----w- C:\zoek_backup
2017-10-11 11:10 . 2017-10-11 11:10 -------- d-----w- c:\users\Ondra\AppData\Roaming\AVAST Software
2017-10-11 11:08 . 2017-10-11 11:08 11285920 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5A6FE3F-C742-417D-9BA8-CEABA93EC78A}\mpengine.dll
2017-10-11 11:05 . 2017-10-11 11:05 -------- d-----w- c:\program files\AVAST Software
2017-10-11 11:05 . 2017-10-11 12:07 -------- d-----w- c:\programdata\AVAST Software
2017-10-11 09:36 . 2017-10-11 16:39 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-10-11 08:01 . 2017-10-11 08:02 -------- d-----w- c:\programdata\RogueKiller
2017-10-10 16:02 . 2017-10-10 16:02 -------- d-----w- c:\programdata\Sophos
2017-10-10 16:02 . 2017-10-10 16:02 -------- d-----w- c:\program files\Sophos
2017-10-10 14:29 . 2017-10-10 14:35 -------- d-----w- c:\program files\YoutubersLife.v1.0.4
2017-10-10 11:42 . 2017-10-12 11:32 221112 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-10-10 11:41 . 2017-10-04 11:15 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-10-10 11:41 . 2017-10-10 11:41 -------- d-----w- c:\programdata\Malwarebytes
2017-10-09 13:44 . 2017-10-09 13:44 -------- d-----w- c:\program files\Barvy
2017-10-07 13:58 . 2017-10-07 13:58 -------- d-----w- C:\HP_TOOLS_mountHPSF
2017-09-17 09:20 . 2017-09-17 09:20 -------- d-----w- c:\program files\Malwarebytes
2017-09-12 16:14 . 2017-09-12 16:14 -------- d-----w- c:\programdata\ProductFeatures
2017-09-12 16:06 . 2017-09-12 16:06 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2017-09-12 16:06 . 2017-09-12 16:06 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2017-09-12 16:04 . 2017-09-12 16:05 -------- d-----w- c:\programdata\Wondershare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-28 15:14 . 2017-03-05 13:01 3343040 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2017-09-13 15:09 . 2017-10-11 16:27 254464 ----a-w- c:\windows\system32\schannel.dll
2017-09-13 15:09 . 2017-10-11 16:27 141312 ----a-w- c:\windows\system32\rpchttp.dll
2017-08-15 15:10 . 2017-08-29 10:05 1499648 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-07-29 14:50 . 2017-08-09 10:45 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-07-21 14:26 . 2017-08-09 10:45 282624 ----a-w- c:\windows\system32\mstext40.dll
2017-07-21 14:26 . 2017-08-09 10:45 518144 ----a-w- c:\windows\system32\msjetoledb40.dll
2017-07-21 14:26 . 2017-08-09 10:45 290816 ----a-w- c:\windows\system32\msjtes40.dll
2017-07-21 14:26 . 2017-08-09 10:45 409600 ----a-w- c:\windows\system32\msexch40.dll
2017-07-14 15:10 . 2017-08-09 10:45 382976 ----a-w- c:\windows\system32\wer.dll
2017-07-14 14:50 . 2017-08-09 10:45 54272 ----a-w- c:\windows\system32\wermgr.exe
2017-07-14 14:50 . 2017-08-09 10:45 28672 ----a-w- c:\windows\system32\werdiagcontroller.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\
MEGA (Pending)]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2017-06-07 20:07 569856 ----a-w- c:\users\Ondra\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\
MEGA (Synced)]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2017-06-07 20:07 569856 ----a-w- c:\users\Ondra\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\
MEGA (Syncing)]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2017-06-07 20:07 569856 ----a-w- c:\users\Ondra\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-03-05 13:21 1602248 ----a-w- c:\users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-03-05 13:21 1602248 ----a-w- c:\users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-03-05 13:21 1602248 ----a-w- c:\users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-03-05 13:21 1602248 ----a-w- c:\users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-03-05 13:21 1602248 ----a-w- c:\users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-09-28 15:20 2179272 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-09-28 15:20 2179272 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-09-28 15:20 2179272 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-10-11 11:09 1395224 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2017-07-14 67384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-03 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-03 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-03 187672]
"HP KEYBOARDx"="c:\program files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-03-09 12310616]
"HPSYSDRV"="c:\program files\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2017-07-14 267064]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-10-11 253344]
.
c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEGAsync.lnk - c:\users\Ondra\AppData\Local\MEGAsync\MEGAsync.exe [2017-6-21 5415936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-01-31 22:19 75648 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
backup=c:\windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk]
path=c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
backup=c:\windows\pss\MEGAsync.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ondra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Poslat do aplikace OneNote.lnk]
path=c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk
backup=c:\windows\pss\Poslat do aplikace OneNote.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2017-07-14 09:19 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2017-02-15 10:25 1193728 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2017-08-16 07:03 15866480 ----a-w- c:\users\Ondra\AppData\Roaming\Spotify\Spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2017-08-16 07:03 1580144 ----a-w- c:\users\Ondra\AppData\Roaming\Spotify\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2017-08-04 10:03 2150336 ----a-w- c:\users\Ondra\AppData\Roaming\uTorrent\uTorrent.exe
.
R2 WsAppService;Wondershare Application Framework Service;c:\program files\Wondershare\WAF\2.4.3.229\WsAppService.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-10-11 42856]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2012-01-31 51512]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2012-01-31 477056]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-09-07 104960]
R3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\DRIVERS\tmhidusb.sys [2016-11-28 164512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidshx.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswblogx.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbunivx.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-10-11 255624]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-10-11 777952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-10-11 499560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-10-11 124952]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-10-11 149824]
S2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2017-09-08 4939976]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-03-09 372824]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-08-07 4430792]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-03-21 1327104]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2017-02-15 1719552]
S2 tmInstall;Thrustmaster® Device Driver Installer;c:\program files\Thrustmaster\FFB Racing wheel\drivers\x86\tmInstall.EXE [2016-11-28 106144]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-12 21096]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-12 25448]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [2017-10-11 5828816]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2012-10-18 1570304]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys [2017-10-12 221112]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-04-11 46080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-19 381032]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-09-27 15:02 1450840 ----a-w- c:\program files\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-06 23:59]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: Stáhnout FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files\Free Download Manager\dlall.htm
Trusted Zone: sharepoint.com\zsostasovcz-files
Trusted Zone: sharepoint.com\zsostasovcz-myfiles
TCP: DhcpNameServer = 10.0.0.138 192.168.0.15
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\DPFPApi.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

[vanaondrej10]

Při tomhle procesu se tam objevilo pár chyb s nějakou restorací C:windows/system32/SOWTWARE a ještě pár jich tam bylo. Nějak sem to odklikal a doufám, že jsem neprovedl nic špatně. Protože, když jsem to dělal podle tvého návodu poprvé a podruhé, nespustilo se pak to modré okno, až po restartu pc sem omylem nechal zaplej antivir a pak mi napsalo, že mám zaplej avast a ja ho vypl a dal ok a pak už se spustilo to okno a i log se vytvořil. Tak doufám, že jsem tam něco nepo...

[vanaondrej10]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:45:59, on 12.10.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18817)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Ondra\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Ondra\Desktop\Vyčištění PC\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [HPSYSDRV] C:\Program Files\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - Startup: MEGAsync.lnk = Ondra\AppData\Local\MEGAsync\MEGAsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout FDM - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané FDM - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše FDM - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\system32\flcdlock.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Thrustmaster® Device Driver Installer (tmInstall) - Thrustmaster® - C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\x86\tmInstall.EXE
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe
O23 - Service: Wondershare Application Framework Service (WsAppService) - Unknown owner - C:\Program Files\Wondershare\WAF\2.4.3.229\WsAppService.exe (file missing)

--
End of file - 9017 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)

aswMBR je kde?

Co problémy?

[vanaondrej10]

aswMBR na to jsem úplně zapomněl. Omlouvám se a doplním.
Problémy zatím žádné nemám.

[vanaondrej10]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-10-12 20:04:49
-----------------------------
20:04:49.229 OS Version: Windows 6.1.7601 Service Pack 1
20:04:49.229 Number of processors: 4 586 0x2A07
20:04:49.229 ComputerName: ONDRA-10 UserName: Ondra
20:05:33.395 Initialize success
20:05:33.426 VM: initialized successfully
20:05:33.426 VM: Intel CPU BiosDisabled
20:05:41.772 AVAST engine defs: 17101200
20:05:54.299 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:05:54.299 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3GH Size: 476940MB BusType: 11
20:05:54.408 Disk 0 MBR read successfully
20:05:54.408 Disk 0 MBR scan
20:05:54.423 Disk 0 Windows 7 default MBR code
20:05:54.423 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:05:54.439 Disk 0 Boot: NTFS code=1
20:05:54.455 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 470464 MB offset 206848
20:05:54.501 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 6273 MB offset 963717120
20:05:54.548 Disk 0 Partition 4 00 27 Hidden NTFS WinRE MSDOS5.0 101 MB offset 976564224
20:05:54.611 Disk 0 scanning sectors +976771072
20:05:54.782 Disk 0 scanning C:\Windows\system32\drivers
20:06:08.151 Service scanning
20:06:35.561 Modules scanning
20:06:35.561 Disk 0 trace - called modules:
20:06:35.607 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
20:06:35.607 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8626d970]
20:06:35.623 3 CLASSPNP.SYS[8afb059e] -> nt!IofCallDriver -> [0x85cd3878]
20:06:35.623 5 ACPI.sys[8ae133d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d23908]
20:06:37.916 AVAST engine scan C:\Windows
20:06:41.645 AVAST engine scan C:\Windows\system32
20:08:48.021 AVAST engine scan C:\Windows\system32\drivers
20:09:05.883 AVAST engine scan C:\Users\Ondra
20:21:47.040 AVAST engine scan C:\ProgramData
20:24:23.778 Disk 0 statistics 3471876/0/0 @ 1,85 MB/s
20:24:23.794 Scan finished successfully
20:26:08.509 Disk 0 MBR has been saved successfully to "C:\Users\Ondra\Desktop\Vyčištění PC\MBR.dat"
20:26:08.513 The log file has been saved successfully to "C:\Users\Ondra\Desktop\Vyčištění PC\aswMBR.txt"

[vanaondrej10]

Fixnul jsem to v HJT, ty dvě položky.
Jinak, ve chromu už se nic neděje, nedirectuje mě to nikam a vše je v naprostém normálu. Ani po chybách co chodil combofix, zatím s PC nic není.