[HJT] Prosba o pomoc Vyřešeno

[Scientific]

Ahoj borci,

prosím o pomoc. Notebook poslední dobou čerpá více prostředků a je pomalý jak šnek.

Skillbrains Lightshot, Keepass a Roche Accu-chek vypadají nedůvěryhodně, ale jsou to v cajku aplikace, které používám mockrát denně posledních několik let.

Díky moc za Váš čas.

Zde je Log.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:30:56, on 27.07.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ownCloud\owncloud.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\WinSCP\WinSCP.exe
C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_1.2.0.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_1.2.0.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_1.2.0.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FOXITREADER.EXE
C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_1.2.0.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\micro\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell17win10.msn.com/?pc=DCTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell17win10.msn.com/?pc=DCTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKCU\..\Run: [ownCloud] C:\Program Files (x86)\ownCloud\owncloud.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - Global Startup: ACCU-CHEK 360 Connection Manager.lnk = C:\Program Files (x86)\Roche Diagnostics\ACCU-CHEK 360 Connection Manager\AcmServerApplication.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Poslat do On&eNotu - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
O9 - Extra button: Poslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Poslat do On&eNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\system32\DRIVERS\AdminService.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ki123713.inf_amd64_52ec64e5039f6591\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ki123713.inf_amd64_52ec64e5039f6591\IntelCpHDCPSvc.exe
O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe
O23 - Service: Dell Data Vault Service API (DDVCollectorSvcApi) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
O23 - Service: Dell Data Vault Collector (DDVDataCollector) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
O23 - Service: Dell Data Vault Processor (DDVRulesProcessor) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
O23 - Service: Dell Hardware Support - PC-Doctor, Inc. - C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem13.inf,%ServiceDisplayName%;Intel(R) Dynamic Platform and Thermal Framework service (esifsvc) - Unknown owner - C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
O23 - Service: @oem18.inf,%iaStorAfsWindowsService.Name%;Intel(R) Optane(TM) Memory Service (iaStorAfsService) - Intel Corporation - C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ki123713.inf_amd64_52ec64e5039f6591\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Rivet Dynamic Bandwidth Management (RNDBWM) - CloudBees, Inc. - C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: ##ID_STRING86## (SmartByte Network Service x64) - Rivet Networks - C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Dell SupportAssist (SupportAssistAgent) - Dell Inc. - C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
O23 - Service: Služba Xperia Companion (XperiaCompanionService) - Sony - C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe

--
End of file - 12621 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.

[Scientific]

ATF cleaner
asi moc nefunguje na záložku "Firefox" nejde kliknout.
Jinak OK.

ADW MB
nepochopil jsem, proč jsou v návodu dva odkazy, použil jsem první.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.0
# -------------------------------
# Build: 06-26-2018
# Database: 2018-07-25.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-28-2018
# Duration: 00:02:49
# OS: Windows 10 Home
# Scanned: 41451
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy Block Site

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


MB
MB samé krávoviny, resp kingo root je rozhodně bezpečná aplikace a to druhé také. Takže nechápu, ale jsou to hovadiny nevadí mi je smazat.

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 28.07.18
Čas skenování: 15:03
Logovací soubor: ad11b530-9266-11e8-bb10-8cec4b1f788b.json
Správce: Ano

-Informace o softwaru-
Verze: 3.5.1.2522
Verze komponentů: 1.0.391
Aktualizovat verzi balíku komponent: 1.0.6101
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 17134.165)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-QECKKTD\micro

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 298416
Zjištěné hrozby: 2
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 10 min, 47 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 2
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\KINGO ROOT\CHECKUPDATE.EXE, Žádná uživatelská akce, [398], [527344],1.0.6101
PUP.Optional.DriverAgent, C:\USERS\MICRO\DOWNLOADS\DRIVERAGENT-SETUP.EXE, Žádná uživatelská akce, [3493], [345593],1.0.6101

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Skenování“ , po prohledání klikni na „ Čištění“

Program provede opravu, po automatickém restartu klikni na „Log soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/

[Scientific]

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-07-25.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-28-2018
# Duration: 00:00:04
# OS: Windows 10 Home
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted Block Site

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1321 octets] - [28/07/2018 14:51:54]
AdwCleaner[S01].txt - [1382 octets] - [28/07/2018 22:22:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by micro (Administrator) on 28.07.2018 at 23:35:24,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\WINDOWS\system32\Tasks\update-S-1-5-21-923911699-2202984712-226111194-1001 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\update-sys (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-S-1-5-21-923911699-2202984712-226111194-1001.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-sys.job (Task)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{88CB6021-D218-4000-A524-7231A4810993} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.07.2018 at 23:39:10,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 28.07.18
Čas skenování: 23:41
Logovací soubor: f992fa0c-92ae-11e8-b04c-8cec4b1f788b.json
Správce: Ano

-Informace o softwaru-
Verze: 3.5.1.2522
Verze komponentů: 1.0.391
Aktualizovat verzi balíku komponent: 1.0.6109
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 17134.165)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-QECKKTD\micro

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 298383
Zjištěné hrozby: 2
Hrozby umístěné do karantény: 2
Uplynulý čas: 4 min, 16 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 2
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\KINGO ROOT\CHECKUPDATE.EXE, V karanténě, [398], [527344],1.0.6109
PUP.Optional.DriverAgent, C:\USERS\MICRO\DOWNLOADS\DRIVERAGENT-SETUP.EXE, V karanténě, [3491], [345593],1.0.6109

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)


Sophos Virus Removal Tool version 2.6.1 - trvalo to cca 18hodin
2018-07-28 21:48:30.758 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2018-07-28 21:48:30.759 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2018-07-28 21:48:30.759 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2018-07-28 21:48:30.759 Checking for updates...
2018-07-28 21:48:31.000 Update progress: proxy server not available
2018-07-28 21:48:44.666 Downloading updates...
2018-07-28 21:48:44.669 Update progress: [I96736] sdds.svrt_v1.3: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2018-07-28 21:48:44.669 Update progress: [I95020] sdds.svrt_v1.3: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-07-28 21:48:44.669 Update progress: [I22529] sdds.svrt_v1.3: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-07-28 21:48:44.669 Update progress: [I49502] sdds.savi_v552_v3721.2.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2018-07-28 21:48:44.669 Update progress: [I95020] sdds.savi_v552_v3721.2.xml: looking for packages included from product SAVIW32 LATEST path=
2018-07-28 21:48:44.669 Update progress: [I22529] sdds.savi_v552_v3721.2.xml: looking for supplements included from product SAVIW32 LATEST path=
2018-07-28 21:48:44.670 Update progress: [I49502] sdds.data0910.xml: found supplement IDE553 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2018-07-28 21:48:44.670 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE553 LATEST path=
2018-07-28 21:48:44.670 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE553 LATEST path=
2018-07-28 21:48:44.670 Update progress: [I49502] sdds.data0910.xml: found supplement IDE554 LATEST path= baseVersion= [included from product IDE553 LATEST path=]
2018-07-28 21:48:44.670 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE554 LATEST path=
2018-07-28 21:48:44.670 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE554 LATEST path=
2018-07-28 21:48:44.670 Update progress: [I49502] sdds.data0910.xml: found supplement IDE555 LATEST path= baseVersion= [included from product IDE554 LATEST path=]
2018-07-28 21:48:44.670 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE555 LATEST path=
2018-07-28 21:48:44.670 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE555 LATEST path=
2018-07-28 21:48:44.670 Update progress: [I49502] sdds.data0910.xml: found supplement IDE556 LATEST path= baseVersion= [included from product IDE555 LATEST path=]
2018-07-28 21:48:44.670 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE556 LATEST path=
2018-07-28 21:48:44.670 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE556 LATEST path=
2018-07-28 21:48:44.670 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-07-28 21:48:44.904 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2018-07-28 21:48:44.904 Update progress: [I19463] Product download size 196138026 bytes
2018-07-28 21:49:20.907 Update progress: [I19463] Syncing product IDE553 LATEST path=
2018-07-28 21:49:20.907 Update progress: [I19463] Product download size 2250332 bytes
2018-07-28 21:49:29.782 Option all = no
2018-07-28 21:49:29.782 Option recurse = yes
2018-07-28 21:49:29.782 Option archive = no
2018-07-28 21:49:29.782 Option service = yes
2018-07-28 21:49:29.782 Option confirm = yes
2018-07-28 21:49:29.782 Option sxl = yes
2018-07-28 21:49:29.783 Option max-data-age = 35
2018-07-28 21:49:29.783 Option vdl-logging = yes
2018-07-28 21:49:29.787 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-07-28 21:49:29.788 Machine ID: 5ed4d279e1664f8b98bb021aab1a3130
2018-07-28 21:49:29.824 Component SVRTcli.exe version 2.6.1
2018-07-28 21:49:29.824 Component control.dll version 2.6.1
2018-07-28 21:49:29.824 Component SVRTservice.exe version 2.6.1
2018-07-28 21:49:29.824 Component engine\osdp.dll version 1.44.1.2286
2018-07-28 21:49:29.825 Component engine\veex.dll version 3.68.6.2286
2018-07-28 21:49:29.825 Component engine\savi.dll version 9.0.7.2286
2018-07-28 21:49:29.825 Component rkdisk.dll version 1.5.31.1
2018-07-28 21:49:29.826 Version info: Product version 2.6.1
2018-07-28 21:49:29.828 Version info: Detection engine 3.68.6
2018-07-28 21:49:29.828 Version info: Detection data 5.46
2018-07-28 21:49:29.828 Version info: Build date 28.11.2017
2018-07-28 21:49:29.828 Version info: Data files added 746
2018-07-28 21:49:29.828 Version info: Last successful update (not yet updated)
2018-07-28 21:49:32.392 Update progress: [I19463] Syncing product IDE554 LATEST path=
2018-07-28 21:49:32.392 Update progress: [I19463] Product download size 2856102 bytes
2018-07-28 21:49:41.074 Update progress: [I19463] Syncing product IDE555 LATEST path=
2018-07-28 21:49:41.074 Update progress: [I19463] Product download size 1155447 bytes
2018-07-28 21:49:43.841 Update progress: [I19463] Syncing product IDE556 LATEST path=
2018-07-28 21:49:43.888 Installing updates...
2018-07-28 21:49:44.957 Error level 1
2018-07-28 21:49:57.518 Update successful
2018-07-28 21:50:13.359 Option all = no
2018-07-28 21:50:13.359 Option recurse = yes
2018-07-28 21:50:13.359 Option archive = no
2018-07-28 21:50:13.359 Option service = yes
2018-07-28 21:50:13.359 Option confirm = yes
2018-07-28 21:50:13.359 Option sxl = yes
2018-07-28 21:50:13.367 Option max-data-age = 35
2018-07-28 21:50:13.367 Option vdl-logging = yes
2018-07-28 21:50:13.375 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2018-07-28 21:50:13.375 Machine ID: 5ed4d279e1664f8b98bb021aab1a3130
2018-07-28 21:50:13.376 Component SVRTcli.exe version 2.6.1
2018-07-28 21:50:13.376 Component control.dll version 2.6.1
2018-07-28 21:50:13.376 Component SVRTservice.exe version 2.6.1
2018-07-28 21:50:13.376 Component engine\osdp.dll version 1.44.1.2411
2018-07-28 21:50:13.376 Component engine\veex.dll version 3.72.1.2411
2018-07-28 21:50:13.377 Component engine\savi.dll version 9.0.10.2411
2018-07-28 21:50:13.377 Component rkdisk.dll version 1.5.31.1
2018-07-28 21:50:13.377 Version info: Product version 2.6.1
2018-07-28 21:50:13.378 Version info: Detection engine 3.72.1
2018-07-28 21:50:13.378 Version info: Detection data 5.52
2018-07-28 21:50:13.378 Version info: Build date 19.06.2018
2018-07-28 21:50:13.378 Version info: Data files added 275
2018-07-28 21:50:13.378 Version info: Last successful update 28.07.2018 23:49:57

2018-07-28 23:09:42.840 Could not open C:\hiberfil.sys
2018-07-28 23:15:19.636 >>> Virus 'PHP/Backdr-KW' found in file C:\Old\Steel\Desktop\web\administrator\components\com_chronoforms5\chronoforms\assets\utf8-81e (2017_12_08 19_33_11 UTC).php
2018-07-28 23:22:37.000 >>> Virus 'PHP/Backdr-KW' found in file C:\Old\Steel\NOTEBOOK-ASUS\Data\C\Users\Steel\Desktop\web\administrator\components\com_chronoforms5\chronoforms\assets\utf8-81e (2017_12_08 19_33_11 UTC).php
2018-07-28 23:23:58.668 Could not open C:\pagefile.sys
2018-07-29 09:42:37.955 Could not open C:\swapfile.sys
2018-07-29 09:42:38.793 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-07-29 09:42:38.793 Could not open C:\System Volume Information\{7846527d-92a4-11e8-b80c-2c6fc908e2fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-07-29 09:42:38.803 Could not open C:\System Volume Information\{9f4476c4-8864-11e8-b809-2c6fc908e2fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
2018-07-29 11:01:38.005 >>> Virus 'Troj/Decept-MD' found in file C:\Users\micro\Downloads\FoxitReader901_enu_Setup_Prom.exe
2018-07-29 11:26:50.289 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2018-07-29 11:26:50.322 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2018-07-29 11:27:04.849 Could not open C:\Windows\System32\config\BBI
2018-07-29 11:27:06.989 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2018-07-29 11:27:06.994 Could not open C:\Windows\System32\config\RegBack\SAM
2018-07-29 11:27:06.994 Could not open C:\Windows\System32\config\RegBack\SECURITY
2018-07-29 11:27:06.994 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2018-07-29 11:27:06.999 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2018-07-29 19:14:10.999 The following items will be cleaned up:
2018-07-29 19:14:11.059 PHP/Backdr-KW
2018-07-29 19:14:11.059 Troj/Decept-MD

RogueKiller V12.12.28.0 (x64) [Jul 23 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.17134) 64 bits version
Spuštěno : Normální režim
Uživatel : micro [Práva správce]
Started from : C:\Users\micro\Desktop\RogueKiller_portable64.exe
Mód : Prohledat -- Datum : 07/29/2018 23:14:37 (Duration : 01:42:34)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 22 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_Steel_ON_E_BEEF\Software\csastats -> Nalezeno
[PUP.Gen1] (X64) HKEY_USERS\RK_Steel_ON_E_BEEF\Software\PogoDGC -> Nalezeno
[PUP.Gen1] (X64) HKEY_USERS\RK_Steel_ON_E_BEEF\Software\ProductSetup -> Nalezeno
[PUP.Gen1] (X86) HKEY_USERS\RK_Steel_ON_E_BEEF\Software\csastats -> Nalezeno
[PUP.Gen1] (X86) HKEY_USERS\RK_Steel_ON_E_BEEF\Software\PogoDGC -> Nalezeno
[PUP.Gen1] (X86) HKEY_USERS\RK_Steel_ON_E_BEEF\Software\ProductSetup -> Nalezeno
[PUM.Proxy] (X64) HKEY_USERS\RK_Steel_ON_E_BEEF\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : wbank.cz:3128 -> Nalezeno
[PUM.Proxy] (X86) HKEY_USERS\RK_Steel_ON_E_BEEF\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : wbank.cz:3128 -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-923911699-2202984712-226111194-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-923911699-2202984712-226111194-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-923911699-2202984712-226111194-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-923911699-2202984712-226111194-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_CA99\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {553DD545-FA03-44A4-9A10-245F65EF9903} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Steel\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_CA99\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {547FE0E9-546C-4EFC-86CD-CCD00A8383C1} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Steel\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_CA99\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F0B08E1A-FE8E-4CD1-AD18-DCCDBEB2085D}C:\users\steel\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\steel\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_CA99\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{19B541E3-D24B-4B70-8201-1F6777371F8D}C:\users\steel\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\steel\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_CA99\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {840A60F0-3BCB-48B4-B482-BE5E1D250668} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Steel\AppData\Local\Programs\Opera\48.0.2685.50\opera.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_CA99\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5901CFEF-F70B-4F13-B7F0-26409E333E2F} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Steel\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_CA99\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DB53063C-8AAB-4B85-AB35-EBDB060A8027} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Steel\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupIn| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_CA99\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF1FEDB1-9870-4F62-BE85-D66253FA9A1F} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Steel\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupOut| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_CA99\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7CE0E5E6-FD36-4461-A605-3AA119EAC7A4} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Steel\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveIn| [x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_CA99\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B7003FD6-68B2-4A31-B46F-2EA7A255747B} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Steel\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveOut| [x] -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.Proxy][Firefox:Config] q5grcb9k.default-1516882595571 : user_pref("network.proxy.http", "178.238.41.78"); -> Nalezeno
[PUM.Proxy][Firefox:Config] q5grcb9k.default-1516882595571 : user_pref("network.proxy.http_port", 3128); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a2379618c0c766a95ab32ed9870a0a89
[BSP] 761103e6b65bd392d43550f15f071292 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1026048 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 1288192 | Size: 940645 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1927729152 | Size: 496 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1928744960 | Size: 10936 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1951143936 | Size: 1151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 47280f344a05142c1109cb2e10c8b818
[BSP] 700a4acbaec5cd7b56e13b37e66a18da : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953517 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[Orcus]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/

====================================================

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Na konci klepni na tlačítko Nastavení (ozubené kolo v rohu)> Advanced> ""
- "Přečetl jsem si upozornění a chci pokračovat stejně .....
Zaškrtnutí Auto Launch
Nezaškrtnutí Auto upload
Zaškrtnutí All Browser Extensions (Všechna rozšíření prohlížeče)
Inteligentní nastavení skenování jako náhrada za hloubkové prověření
Zavři všechny otevřené soubory, složky a prohlížeče
Klepni na tlačítko Scan now (Skenovat) a začne sken hrozeb.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.

Vlož nový log z HJT + informuj o problémech

[Scientific]

Ahoj, omlouvám se za prodlení, byl jsem ted pryč. Nicméně než budeme pokračovat, chtěl bych se zeptat, jestli není možné, aby mi některý z těch programů třeba změnil nějaké registry nebo nevím. Nejde mi ze žádného programu nic ukládat na plochu a to ani rekurzivně. Viz screenshot: http://prntscr.com/kf8biz

[Orcus]

Mohl a proto se to snazime vycistit. Zkousel si to ulozit v nouzovem rezimu?

[Scientific]

RogueKiller
Smazal jsem všechno kromě nastavení Proxy serverů

RogueKiller V12.12.30.0 (x64) [Aug 6 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.17134) 64 bits version
Spuštěno : Normální režim
Uživatel : micro [Práva správce]
Started from : C:\Users\micro\Desktop\RogueKiller_portable64.exe
Mód : Smazat -- Datum : 08/07/2018 00:47:14 (Duration : 07:32:40)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 22 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_Steel_ON_E_288F\Software\csastats -> Smazáno
[PUP.Gen1] (X64) HKEY_USERS\RK_Steel_ON_E_288F\Software\PogoDGC -> Smazáno
[PUP.Gen1] (X64) HKEY_USERS\RK_Steel_ON_E_288F\Software\ProductSetup -> Smazáno
[PUP.Gen1] (X86) HKEY_USERS\RK_Steel_ON_E_288F\Software\csastats -> Smazáno
[PUP.Gen1] (X86) HKEY_USERS\RK_Steel_ON_E_288F\Software\PogoDGC -> Smazáno
[PUP.Gen1] (X86) HKEY_USERS\RK_Steel_ON_E_288F\Software\ProductSetup -> Smazáno
[PUM.Proxy] (X64) HKEY_USERS\RK_Steel_ON_E_288F\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : wbank.cz:3128 -> Nevybráno
[PUM.Proxy] (X86) HKEY_USERS\RK_Steel_ON_E_288F\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : wbank.cz:3128 -> Nevybráno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-923911699-2202984712-226111194-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-923911699-2202984712-226111194-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell17win10.msn.com/?pc=DCTE -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-923911699-2202984712-226111194-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-923911699-2202984712-226111194-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell17win10.msn.com/?pc=DCTE -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_90D6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {553DD545-FA03-44A4-9A10-245F65EF9903} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Steel\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_90D6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {547FE0E9-546C-4EFC-86CD-CCD00A8383C1} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Steel\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_90D6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F0B08E1A-FE8E-4CD1-AD18-DCCDBEB2085D}C:\users\steel\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\steel\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_90D6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{19B541E3-D24B-4B70-8201-1F6777371F8D}C:\users\steel\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\steel\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_90D6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {840A60F0-3BCB-48B4-B482-BE5E1D250668} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Steel\AppData\Local\Programs\Opera\48.0.2685.50\opera.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_90D6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5901CFEF-F70B-4F13-B7F0-26409E333E2F} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Steel\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_90D6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DB53063C-8AAB-4B85-AB35-EBDB060A8027} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Steel\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupIn| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_90D6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF1FEDB1-9870-4F62-BE85-D66253FA9A1F} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Steel\AppData\Local\Temp\andy-x64\Setup.exe|Name=AndySetupOut| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_90D6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7CE0E5E6-FD36-4461-A605-3AA119EAC7A4} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Steel\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveIn| [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_90D6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B7003FD6-68B2-4A31-B46F-2EA7A255747B} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Steel\AppData\Local\Temp\RemoveTemp.exe|Name=AndyRemoveOut| [x] -> Smazáno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.Proxy][Firefox:Config] q5grcb9k.default-1516882595571 : user_pref("network.proxy.http", "178.238.41.78"); -> Nevybráno
[PUM.Proxy][Firefox:Config] q5grcb9k.default-1516882595571 : user_pref("network.proxy.http_port", 3128); -> Nevybráno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000LM035-1RK172 +++++
--- User ---
[MBR] a2379618c0c766a95ab32ed9870a0a89
[BSP] 761103e6b65bd392d43550f15f071292 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1026048 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 1288192 | Size: 940645 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1927729152 | Size: 496 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1928744960 | Size: 10936 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1951143936 | Size: 1151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000LM035-1RK172 +++++
--- User ---
[MBR] 47280f344a05142c1109cb2e10c8b818
[BSP] 700a4acbaec5cd7b56e13b37e66a18da : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953517 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

ZOEK
Smazal mi některé bezpečné aplikace jako například Lightshot od Skillbrains, celosvětově nejpoužívaníší printscreen app na světě: https://app.prntscr.com/cs/

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by micro on 07.08.2018 at 8:50:50,67.
Microsoft Windows 10 Home 10.0.17134 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\micro\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

07.08.2018 9:01:25 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Adobe deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\micro\AppData\Local\DBG deleted successfully
C:\Users\micro\AppData\Local\GHISLER deleted successfully
C:\Users\micro\AppData\Local\gtk-3.0 deleted successfully
C:\Users\micro\AppData\Local\Notepad++ deleted successfully
C:\Users\micro\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\Users\micro\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\prefs.js:
user_pref("browser.startup.homepage", "about:home");

Added to C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\qpxvgsrv.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");

Added to C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\qpxvgsrv.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\micro\AppData\Roaming\Thunderbird\Profiles\yv9up6gr.default\prefs.js:

Added to C:\Users\micro\AppData\Roaming\Thunderbird\Profiles\yv9up6gr.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"sendToDevice
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs__0925_.backup

ProfilePath: C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\qpxvgsrv.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs__0925_.backup

ProfilePath: C:\Users\micro\AppData\Roaming\Thunderbird\Profiles\yv9up6gr.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__0925_.backup

==== Deleting Files \ Folders ======================

C:\Users\micro\.android deleted
C:\PROGRA~2\Skillbrains deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\micro\AppData\Local\updater.log deleted
C:\Users\micro\AppData\Local\pcc.exe deleted
C:\Users\micro\AppData\Local\cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted

==== Orphaned Tasks deleted from Registry ======================

DellUpdate deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\qpxvgsrv.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\micro\AppData\Roaming\Thunderbird\Profiles\yv9up6gr.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- Firefox Multi-Account Containers - %ProfilePath%\extensions\@testpilot-containers.xpi
- BuiltWith - %ProfilePath%\extensions\gary@builtwith.com.xpi
- __MSG_name__ - %ProfilePath%\extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi
- short_ __MSG_extensionDescription__ - %ProfilePath%\extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi
- __MSG_name__ - %ProfilePath%\extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi
- Page Hacker - %ProfilePath%\extensions\pagehacker-nico@nc.xpi
- Self Destroying Cookies - %ProfilePath%\extensions\selfdestructingcookies@dirtylittlehelpers.com.xpi
- __MSG_manifest_app_name__ - %ProfilePath%\extensions\switchyomega@feliscatus.addons.mozilla.org.xpi
- TinEye Reverse Image Search - %ProfilePath%\extensions\tineye@ideeinc.com.xpi
- Popup-Blocker - %ProfilePath%\extensions\{0fde9597-0508-47ff-ad8a-793fa059c4e7}.xpi
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- Disable JavaScript - %ProfilePath%\extensions\{41f9e51d-35e4-4b29-af66-422ff81c8b41}.xpi
- short_ ijtoaoff - %ProfilePath%\extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi
- Empty Cache Button - %ProfilePath%\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi
- Javascript Control - %ProfilePath%\extensions\{591abe66-4392-4d7e-aad5-12f04be2539e}.xpi
- Popup Blocker Ultimate - %ProfilePath%\extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- __MSG_appName__short_Web of Trustversion:20180622.0wotmanifest_version:2description:__MSG_appDescription__default_locale:enauthor:MyWOTicons:16:images16x16.png18:images18x18.png20:images20x20.png24:images24x24.png32:images32x32.png40:images40x40.png48:images48x48.png96:images96x96.png128:images128x128.pngpermissions:[tabscontextMenushttp:www.mywot.comhttp:api.mywot.comhttps:api.mywot.comwebNavigationwebRequestwebRequestBlockinghttp:https:storage]browser_action:default_icon:20:images20x20.png40:images40x40.png48:images48x48.pngdefault_title:__MSG_appTooltip__default_popup:popup.htmlbackground:scripts:[scriptscrossbrowser.jslibslodash.min.jslibsredux.min.jslibsredux-thunk.min.jslibsreact-chrome-redux.jsscriptssharedconstants.jsscriptssharedutils.jsscriptssharedwotCrypto.jsscriptssharedwotApi.jsscriptssharedwotAuthApi.jsscriptssharedpiFilter.jsscriptsbackgroundappcommonmyClass.jsscriptsbackgroundappcommoncommon.jsscriptsbackgroundappdefaultState.jsscriptsbackgroundapptabsCache.jsscriptsbackgroundappactions.jsscriptsbackgroundappaliases.jsscriptsbackgroundappreducers.jsscriptsbackgroundappmain.jsscriptsbackgroundindex.js]content_scripts:[matches:[http:https:]css:[stylesmain.css]js:[scriptscrossbrowser.jslibslodash.min.jslibsreact.min.jslibsreact-dom.min.jslibsreact-redux.min.jslibsreact-chrome-redux.jsscriptssharedconstants.jsscriptssharedfonts.jsscriptssharedutils.jsscriptssharedwotCrypto.jsscriptssharedwotApi.jsscriptsbackgroundappactions.jsscriptscontentcomponentscommonwarningReportsContainer.jsscriptscontentcomponentscommonbuttonAction.jsscriptscontentcomponentscommonreputationBubble.jsscriptscontentcomponentscommonsecurityBubble.jsscriptscontentcomponentsdonutdonut.jsscriptscontentcomponentsdonutdonutTooltip.jsscriptspopupcomponentsformattedString.jsscriptscontentcomponentswarningwarningActionsContainer.jsscriptscontentcomponentswarningwarningMessageContainer.jsscriptscontentcomponentswarningwarningStrip.jsscriptscontentcomponentswarningbadRatingNotification.jsscriptscontentcomponentswarningwarning.jsscriptscontentserpHandler.jsscriptscontentredirectHandler.jsscriptscontentsharingHandler.jsscriptscontentwarningHandler.jsscriptscontentsocialAuthHandler.jsscriptscontentindex.js]run_at:document_startall_frames:truematches:[:.mywot.com]js:[scriptscontentextInfo.js]run_at:document_startall_frames:false]web_accessible_resources:[images.gifstyles.cssresources.json]options_ui:page:options.htmlchrome_style:falseopen_in_tab:trueapplications:gecko:id:a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7strict_min_version:48.0 - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi
- short_ __MSG_name__ - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Quick JS Switcher - %ProfilePath%\extensions\{d7e0a6e7-9a50-490a-be5c-3b448be39b42}.xpi
- short_ itsuspender - %ProfilePath%\extensions\{e225ac78-5e83-484b-a16b-b6ed0924212f}.xpi

ProfilePath: C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\qpxvgsrv.default
- Firefox Multi-Account Containers - %ProfilePath%\extensions\@testpilot-containers.xpi
- __MSG_name__ - %ProfilePath%\extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi
- __MSG_name__ - %ProfilePath%\extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi
- Page Hacker - %ProfilePath%\extensions\pagehacker-nico@nc.xpi
- Popup-Blocker - %ProfilePath%\extensions\{0fde9597-0508-47ff-ad8a-793fa059c4e7}.xpi
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- Popup Blocker Ultimate - %ProfilePath%\extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi
- short_ __MSG_name__ - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Block site - %ProfilePath%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
- short_ itsuspender - %ProfilePath%\extensions\{e225ac78-5e83-484b-a16b-b6ed0924212f}.xpi

ProfilePath: C:\Users\micro\AppData\Roaming\Thunderbird\Profiles\yv9up6gr.default
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Send Later - %ProfilePath%\extensions\sendlater3@kamens.us.xpi
- GetSend-Button - %ProfilePath%\extensions\{6e071e83-d8d6-8ca9-6129-eb8e8144596f}.xpi
- Provider for Google Calendar - %ProfilePath%\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571
- C:\PROGRA1\MICROS1\Office16\NPSPWRAP.DLL - [?]
- C:\Program Files x86\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - [?]

Profilepath: C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\qpxvgsrv.default
- C:\Program Files x86\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - [?]
- c:\PROGRA1\mcafee\msc\npMcSnFFPl64.dll - [?]


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{88CB6021-D218-4000-A524-7231A4810993}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88CB6021-D218-4000-A524-7231A4810993}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{88CB6021-D218-4000-A524-7231A4810993}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{88CB6021-D218-4000-A524-7231A4810993} - http://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{88CB6021-D218-4000-A524-7231A4810993}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{88CB6021-D218-4000-A524-7231A4810993} - http://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\micro\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\micro\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\micro\AppData\Local\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\cache2 emptied successfully

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=259 folders=63 158226385 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\micro\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\micro\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 07.08.2018 at 9:41:37,09 ======================

ZEMANA
Další program co se snaží odstranit co nemá a označuje špatně SW za potenciálně nebezpečný.
Výstupní log soubor se mi nikde nezobrazil, nezhledal jsem ho, zkopíroval jsem jen nálezy.

{60B7679C-BED9-11E5-998D-8526BB8E7F8B}
Status : Skenováno
Object : %appdata%\mozilla\firefox\profiles\q5grcb9k.default-1516882595571\extensions\{60b7679c-bed9-11e5-998d-8526bb8e7f8b}.xpi
MD5 : AF9CE4B460C2247623EA46A80427DE88
Publisher : -
Size : 53870
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Opravit
Related Objects :
Rozšíření prohlížeče - {60B7679C-BED9-11E5-998D-8526BB8E7F8B}
Soubor - %appdata%\mozilla\firefox\profiles\q5grcb9k.default-1516882595571\extensions\{60b7679c-bed9-11e5-998d-8526bb8e7f8b}.xpi

selfdestructingcookies@dirtylittlehelpers.com
Status : Skenováno
Object : %appdata%\mozilla\firefox\profiles\q5grcb9k.default-1516882595571\extensions\selfdestructingcookies@dirtylittlehelpers.com.xpi
MD5 : 95586DA2EA5E3C8BC9E30C5E9BA19DEF
Publisher : -
Size : 336095
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Opravit
Related Objects :
Rozšíření prohlížeče - selfdestructingcookies@dirtylittlehelpers.com
Soubor - %appdata%\mozilla\firefox\profiles\q5grcb9k.default-1516882595571\extensions\selfdestructingcookies@dirtylittlehelpers.com.xpi

WMIMalware
Status : Skenováno
Object : DellCommandPowerManagerAlertEventConsumer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Trojan:Win32/WMIGhost
Cleaning Action : Opravit
Related Objects :
Bezsouborová infekce - WMIMalware : WMI::Root\Subscription\DellCommandPowerManagerAlertEventConsumer.mof

HJT

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:27:09, on 07.08.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\WINDOWS\SysWOW64\notepad.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\micro\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
O4 - HKCU\..\Run: [ownCloud] C:\Program Files (x86)\ownCloud\owncloud.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - Global Startup: ACCU-CHEK 360 Connection Manager.lnk = C:\Program Files (x86)\Roche Diagnostics\ACCU-CHEK 360 Connection Manager\AcmServerApplication.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Poslat do On&eNotu - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
O9 - Extra button: Poslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Poslat do On&eNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\system32\DRIVERS\AdminService.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ki123713.inf_amd64_52ec64e5039f6591\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ki123713.inf_amd64_52ec64e5039f6591\IntelCpHDCPSvc.exe
O23 - Service: Dell Command | Power Manager Notify (dcpm-notify) - Dell Inc. - C:\Program Files\Dell\CommandPowerManager\NotifyService.exe
O23 - Service: Dell Data Vault Service API (DDVCollectorSvcApi) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
O23 - Service: Dell Data Vault Collector (DDVDataCollector) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
O23 - Service: Dell Data Vault Processor (DDVRulesProcessor) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
O23 - Service: Dell Hardware Support - PC-Doctor, Inc. - C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem13.inf,%ServiceDisplayName%;Intel(R) Dynamic Platform and Thermal Framework service (esifsvc) - Unknown owner - C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
O23 - Service: @oem18.inf,%iaStorAfsWindowsService.Name%;Intel(R) Optane(TM) Memory Service (iaStorAfsService) - Intel Corporation - C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ki123713.inf_amd64_52ec64e5039f6591\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Rivet Dynamic Bandwidth Management (RNDBWM) - CloudBees, Inc. - C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: ##ID_STRING86## (SmartByte Network Service x64) - Rivet Networks - C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Dell SupportAssist (SupportAssistAgent) - Dell Inc. - C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
O23 - Service: Služba Xperia Companion (XperiaCompanionService) - Sony - C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 12100 bytes

Problémy
Zpomalený notebook už tolik není
Ale v průběhu se objevily jiné problémy, opomenu odinstalování bezpečného používaného SW v NTB a bezpečných rozšíření v prohlížečích a dále smazání různých konfigurací všude možně, at už z prohlížečů nebo registry.
Co je fakt průšvih, je že mi někdy nejde ukládat cokoliv na plochu (nahodile nekdy to jde, nekdy ne), někdy pomůže restart, někdy nepomůže. Třeba před chvíli nešel "uložit jako" výstupní log soubor a teď už to jde, žádné změny jsem nikde neprováděl.:
[list=1
[*]]Program na screenshoty nemohl uložit screenshot do souboru, který je na ploše.
[*]Photoshop nemohl uložit PDF na plochu
[*]Program notepad++ nemohl uložit výstupní log z Zoek.exe na plochu[/list]

Screenshoty:
http://prntscr.com/kf8biz
http://imgbank.cz/image/9HUA

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM , změň na 2048.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.
poklepej na Memtest , pak znovu a znovu , do políček všech Memtestů napiš 2048 , pak dej u všech Memtestů "Start".

Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Scientific]

HJT
Hotovo

Nemtest
pro 8Gb spuštěn 4x stejným způsobem nalezeno 0 chyb

CristaldiskInfo
Program ze http://www.stahuj.cz/utility_a_ostatni/systemove_nastroje/sprava_disku/crystaldiskinfo/ mi na win10 nefungoval, prý na mém systému nelze tento program spustit. Musel jsem ho stáhnout z officiálního zdroje: https://crystalmark.info/en/software/crystaldiskinfo/

Jste si jistý, že tenhle debilní program funguje? Loni jsem si koupil jeden z nejlepších SEGATE disků, který na Alze šel zakoupil. Schválně jsem po zapojení zkusil tento program a hlásil samozřejmě nesmysly, v podstatě totéž, kvůli čemu mě uživatelé nechali zakoupit nový disk, údajně protože ten starý je v prčicích.
----------------------------------------------------------------------------
CrystalDiskInfo 7.6.1 (C) 2008-2018 hiyohiyo
Crystal Dew World : https://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 10 [10.0 Build 17134] (x64)
Date : 2018/08/09 9:41:48

-- Controller Map ----------------------------------------------------------

-- Disk List ---------------------------------------------------------------
(1) ST1000LM035-1RK172 : 1000,2 GB [0/0/0, pd1] - st
(2) ST1000LM035-1RK172 : 1000,2 GB [1/0/1, pd1] - st

----------------------------------------------------------------------------
(1) ST1000LM035-1RK172
----------------------------------------------------------------------------
Model : ST1000LM035-1RK172
Firmware : SDM2
Serial Number : ZDE6W3H0
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ACS-3
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 2086 hod.
Power On Count : 646 krát
Temperature : 41 C (105 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
Drive Letter : C:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _72 _59 __6 000000FFCD8A Počet chyb čtení
03 _99 _99 __0 000000000000 Čas na roztočení ploten
04 _98 _98 _20 00000000083A Počet spuštění/zastavení
05 _99 _99 _36 0000000001A0 Počet přemapovaných sektorů
07 _69 _60 _45 001F0D82868B Počet chybných hledání
09 _98 _98 __0 2EF300000826 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 _20 000000000286 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB _99 _99 __0 000000000001 Ohlášeno neopravitelných chyb
BC 100 _99 __0 000000000003 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _59 _49 _40 000029190029 Teplota toku vzduchu
BF 100 100 __0 000000000084 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000000A Počet vypnutí disku
C1 _99 _99 __0 000000000D6A Počet cyklů načítání/vymazání
C2 _41 _51 __0 000D00000029 Teplota
C5 100 100 __0 000000000010 Počet podezřelých sektorů
C6 100 100 __0 000000000010 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
F0 100 253 __0 CB6400000821 Čas nastavování hlaviček - v hodinách
F1 100 253 __0 0003A9334934 Total Host Writes
F2 100 253 __0 0002D3863D38 Total Host Reads
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5A44 4536 5733 4830
020: 0000 0000 0000 5344 4D32 2020 2020 5354 3130 3030
030: 4C4D 3033 352D 3152 4B31 3732 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0100
070: 0000 0000 0000 0000 0000 001F 8F0E 0006 006C 004C
080: 07F0 001F 746B 7D69 6163 7469 BC49 6163 407F 0052
090: 0052 8080 FFFE 0000 D0D0 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5000 C500
110: A5E6 3CF2 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6DB0
130: 7470 6DB0 7470 2020 0002 0140 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 BDFF 0280 0000 0000
150: 0008 0000 0000 0027 1028 8000 4000 0100 A500 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 107F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 FFA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 48 3B 8A CD FF 00 00 00 00 03 03
010: 00 63 63 00 00 00 00 00 00 00 04 32 00 62 62 3A
020: 08 00 00 00 00 00 05 33 00 63 63 A0 01 00 00 00
030: 00 00 07 0F 00 45 3C 8B 86 82 0D 1F 00 00 09 32
040: 00 62 62 26 08 00 00 F3 2E 0B 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 64 64 86 02 00 00 00
060: 00 00 B8 32 00 64 64 00 00 00 00 00 00 00 BB 32
070: 00 63 63 01 00 00 00 00 00 00 BC 32 00 64 63 03
080: 00 00 00 00 00 00 BD 3A 00 64 64 00 00 00 00 00
090: 00 00 BE 22 00 3B 31 29 00 19 29 00 00 00 BF 32
0A0: 00 64 64 84 00 00 00 00 00 00 C0 32 00 64 64 0A
0B0: 00 00 00 00 00 01 C1 32 00 63 63 6A 0D 00 00 00
0C0: 00 00 C2 22 00 29 33 29 00 00 00 0D 00 00 C5 12
0D0: 00 64 64 10 00 00 00 00 00 00 C6 10 00 64 64 10
0E0: 00 00 00 00 00 00 C7 3E 00 C8 C8 00 00 00 00 00
0F0: 00 00 F0 00 00 64 FD 21 08 00 00 64 CB 27 F1 00
100: 00 64 FD 34 49 33 A9 03 00 00 F2 00 00 64 FD 38
110: 3D 86 D3 02 00 00 FE 32 00 64 64 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 71
170: 03 00 01 00 01 A3 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 02 01 01 01 01 01 01 01
190: 01 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 84 00 02 00 AE CE E0 A9 D4 06 00 00
1B0: 00 00 00 00 01 00 29 0F 34 49 33 A9 03 00 00 00
1C0: 38 3D 86 D3 02 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 21 1C 00 00 01 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02
1F0: 00 00 00 00 00 00 00 00 00 00 03 18 00 00 00 32

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 2D 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B8 63 00 00 00 00 00 00 00 00 00 00 BB 00
070: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 BE 28 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C5 00
0D0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0E0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0F0: 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 F1 00
100: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
110: 00 00 00 00 00 00 FE 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 92

----------------------------------------------------------------------------
(2) ST1000LM035-1RK172
----------------------------------------------------------------------------
Model : ST1000LM035-1RK172
Firmware : SBM3
Serial Number : W932AB8M
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ACS-3
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 6677 hod.
Power On Count : 2035 krát
Temperature : 29 C (84 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
Drive Letter : D: E:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 _79 _48 __6 00000D5E0718 Počet chyb čtení
03 _99 _99 __0 000000000000 Čas na roztočení ploten
04 _97 _97 _20 000000000DDC Počet spuštění/zastavení
05 _66 _66 _36 000000005678 Počet přemapovaných sektorů
07 _71 _60 _45 00030224E29B Počet chybných hledání
09 _93 _93 __0 CFCB00001A15 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _99 _99 _20 0000000007F3 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB __1 __1 __0 00000000D1FF Ohlášeno neopravitelných chyb
BC 100 _95 __0 00010001021C Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _71 _47 _40 00001D19001D Teplota toku vzduchu
BF 100 100 __0 000000000368 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 000000000045 Počet vypnutí disku
C1 _91 _91 __0 00000000486A Počet cyklů načítání/vymazání
C2 _29 _53 __0 000A0000001D Teplota
C5 100 100 __0 000000000010 Počet podezřelých sektorů
C6 100 100 __0 000000000010 Počet neopravitelných sektorů
C7 200 199 __0 00000000016B Počet chyb v kontrolním součtu UltraDMA
F0 100 253 __0 7487000015C9 Čas nastavování hlaviček - v hodinách
F1 100 253 __0 000530229BCC Total Host Writes
F2 100 253 __0 00062DB29889 Total Host Reads
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5739 3332 4142 384D
020: 0000 0000 0000 5342 4D33 2020 2020 5354 3130 3030
030: 4C4D 3033 352D 3152 4B31 3732 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0100
070: 0000 0000 0000 0000 0000 001F 8F0E 0006 006C 004C
080: 07F0 001F 746B 7D69 6163 7469 BC49 6163 407F 0055
090: 0055 8080 FFFE 0000 D0D0 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5000 C500
110: 9C64 1C60 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0021 6DB0
130: 7470 6DB0 7470 2020 0002 0140 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 BDFF 0280 0000 0000
150: 0008 0000 0000 0027 1028 8000 4000 0100 8C00 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 107F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 76A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 4F 30 18 07 5E 0D 00 00 00 03 03
010: 00 63 63 00 00 00 00 00 00 00 04 32 00 61 61 DC
020: 0D 00 00 00 00 00 05 33 00 42 42 78 56 00 00 00
030: 00 00 07 0F 00 47 3C 9B E2 24 02 03 00 00 09 32
040: 00 5D 5D 15 1A 00 00 CB CF 36 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 63 63 F3 07 00 00 00
060: 00 00 B8 32 00 64 64 00 00 00 00 00 00 00 BB 32
070: 00 01 01 FF D1 00 00 00 00 00 BC 32 00 64 5F 1C
080: 02 01 00 01 00 00 BD 3A 00 64 64 00 00 00 00 00
090: 00 00 BE 22 00 47 2F 1D 00 19 1D 00 00 00 BF 32
0A0: 00 64 64 68 03 00 00 00 00 00 C0 32 00 64 64 45
0B0: 00 00 00 00 00 01 C1 32 00 5B 5B 6A 48 00 00 00
0C0: 00 00 C2 22 00 1D 35 1D 00 00 00 0A 00 00 C5 12
0D0: 00 64 64 10 00 00 00 00 00 00 C6 10 00 64 64 10
0E0: 00 00 00 00 00 00 C7 3E 00 C8 C7 6B 01 00 00 00
0F0: 00 00 F0 00 00 64 FD C9 15 00 00 87 74 2B F1 00
100: 00 64 FD CC 9B 22 30 05 00 00 F2 00 00 64 FD 89
110: 98 B2 2D 06 00 00 FE 32 00 64 64 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 71
170: 03 00 01 00 01 A8 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 23 00 00 00 00 01 01 01 01 01 01 01
190: 01 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 68 03 08 00 2B A4 3F AF DD 15 00 00
1B0: 00 00 00 00 01 00 FF FF CC 9B 22 30 05 00 00 00
1C0: 89 98 B2 2D 06 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 03 00 00 00 19 00 00 00 03 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12
1F0: 00 00 00 00 00 00 00 00 00 00 03 18 00 00 00 7A

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 2D 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B8 63 00 00 00 00 00 00 00 00 00 00 BB 00
070: 00 00 00 00 00 00 00 00 00 00 BC 00 00 00 00 00
080: 00 00 00 00 00 00 BD 00 00 00 00 00 00 00 00 00
090: 00 00 BE 28 00 00 00 00 00 00 00 00 00 00 BF 00
0A0: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
0B0: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
0C0: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C5 00
0D0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0E0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0F0: 00 00 F0 00 00 00 00 00 00 00 00 00 00 00 F1 00
100: 00 00 00 00 00 00 00 00 00 00 F2 00 00 00 00 00
110: 00 00 00 00 00 00 FE 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 92

Farbar
Kvůli opakovaně zmiňovanému problém s ukládáním čehokoliv na plochu není možné poslat sem log, viz screenshotT:
http://imgbank.cz/image/9HU1[url]
[/url]

[Scientific]

DOUBLEPOST KVULI DLOUHEMU FARBAR LOGU

Farbar
Kvůli opakovaně zmiňovanému problém s ukládáním čehokoliv na plochu není možné poslat sem log, viz screenshotT:
http://imgbank.cz/image/9HU1[url]
[/url]



Vyřešeno přesunutím z plochy pryč:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by micro (administrator) on DESKTOP-QECKKTD (09-08-2018 10:32:04)
Running from C:\smazat
Loaded Profiles: micro & (Available Profiles: micro)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123713.inf_amd64_52ec64e5039f6591\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123713.inf_amd64_52ec64e5039f6591\IntelCpHDCPSvc.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123713.inf_amd64_52ec64e5039f6591\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki123713.inf_amd64_52ec64e5039f6591\igfxEM.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\pcdrwi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Simon Tatham) C:\Program Files (x86)\putty.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\EXCEL.EXE
(Martin Prikryl) C:\Program Files (x86)\WinSCP\WinSCP.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo32.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-06-30] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9231328 2017-07-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493984 2017-07-20] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1195376 2017-07-18] (Waves Audio Ltd.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3237808 2018-01-09] (Dominik Reichl)
HKU\S-1-5-21-923911699-2202984712-226111194-1001\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [2161152 2018-07-18] (ownCloud)
HKU\S-1-5-21-923911699-2202984712-226111194-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08082018095128400\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [2161152 2018-07-18] (ownCloud)
HKU\S-1-5-21-923911699-2202984712-226111194-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08082018095832251\...\Run: [ownCloud] => C:\Program Files (x86)\ownCloud\owncloud.exe [2161152 2018-07-18] (ownCloud)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ACCU-CHEK 360 Connection Manager.lnk [2018-02-09]
ShortcutTarget: ACCU-CHEK 360 Connection Manager.lnk -> C:\Program Files (x86)\Roche Diagnostics\ACCU-CHEK 360 Connection Manager\AcmServerApplication.exe (Roche)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{48c4f13b-a67b-4516-903a-55eeaee64d86}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60d39a54-b47d-46a6-981c-5e1b69c05fc2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f537de8f-0a81-4faf-8850-61efe7785a22}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-923911699-2202984712-226111194-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-923911699-2202984712-226111194-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08082018095128400\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-923911699-2202984712-226111194-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08082018095832251\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
SearchScopes: HKU\S-1-5-21-923911699-2202984712-226111194-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-923911699-2202984712-226111194-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-923911699-2202984712-226111194-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08082018095128400 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-923911699-2202984712-226111194-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08082018095128400 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-923911699-2202984712-226111194-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08082018095832251 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-923911699-2202984712-226111194-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08082018095832251 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: q5grcb9k.default-1516882595571
FF ProfilePath: C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571 [2018-08-09]
FF Homepage: Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571 -> about:newtab
FF NetworkProxy: Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571 -> backup.ftp", ""
FF Extension: (Firefox Multi-Account Containers) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\@testpilot-containers.xpi [2018-02-26]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\cs@dictionaries.addons.mozilla.org [2018-01-27] [Legacy]
FF Extension: (BuiltWith) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\gary@builtwith.com.xpi [2018-07-06]
FF Extension: (IP Address and Domain Information) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack.xpi [2018-03-02]
FF Extension: (I don't care about cookies) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2018-08-01]
FF Extension: (Privacy Badger) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2018-08-02]
FF Extension: (Page Hacker) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\pagehacker-nico@nc.xpi [2018-01-25]
FF Extension: (Proxy přepínač SwitchyOmega) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\switchyomega@feliscatus.addons.mozilla.org.xpi [2018-07-20]
FF Extension: (TinEye Reverse Image Search) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\tineye@ideeinc.com.xpi [2018-02-27]
FF Extension: (Popup-Blocker) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{0fde9597-0508-47ff-ad8a-793fa059c4e7}.xpi [2018-01-25]
FF Extension: (Flagfox) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2018-07-27]
FF Extension: (Disable JavaScript) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{41f9e51d-35e4-4b29-af66-422ff81c8b41}.xpi [2018-07-02]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2018-03-07]
FF Extension: (Empty Cache Button) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2018-04-26]
FF Extension: (Javascript Control) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{591abe66-4392-4d7e-aad5-12f04be2539e}.xpi [2018-03-07]
FF Extension: (NoScript) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-07-28]
FF Extension: (Web of Trust) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-08-07]
FF Extension: (Adblock Plus) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-18]
FF Extension: (Quick JS Switcher) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{d7e0a6e7-9a50-490a-be5c-3b448be39b42}.xpi [2018-03-07]
FF Extension: (Tab Suspender (memory saver)) - C:\Users\micro\AppData\Roaming\Mozilla\Firefox\Profiles\q5grcb9k.default-1516882595571\Extensions\{e225ac78-5e83-484b-a16b-b6ed0924212f}.xpi [2018-01-25]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [414728 2017-11-08] (Windows (R) Win 7 DDK provider)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [312864 2017-07-20] (Dell Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236\DSAPI.exe [935744 2018-07-15] (PC-Doctor, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [1700968 2017-05-11] (Intel Corporation)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-12] (Foxit Software Inc.)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413744 2017-07-01] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-06-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (CloudBees, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2017-07-20] (Realtek Semiconductor)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [45016 2018-07-08] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [829816 2017-07-18] (Waves Audio Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-05-31] (Sony) [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S3 Dell.CommandPowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{8262D0D2-F6AE-48F7-AABF-B6AEA69B6BC4}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [70544 2017-11-08] (Qualcomm)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74168 2017-05-11] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69560 2017-05-11] (Intel Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-03-04] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-03-04] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382392 2017-05-11] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54816 2017-06-12] (Intel Corporation)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [97912 2017-05-09] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70656 2017-07-01] (Intel Corporation)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984040 2017-06-19] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-28] (Realsil Semiconductor Corporation)
R3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [348672 2018-04-12] (Realtek )
R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks, LLC.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-08-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-08-07] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)