KOntrola logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

labutak3
Level 1
Level 1
Příspěvky: 70
Registrován: březen 10
Pohlaví: Muž

KOntrola logu  Vyřešeno

Příspěvekod labutak3 » 29 bře 2019 13:17

Dorý den. Prosím o kontrolu logu. Děkuji.

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:14:59, on 29.3.2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18377)
CHROME: 73.0.3683.86

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Users\Václav\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Václav\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE07DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost:8092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Shopping Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\Václav\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Václav\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Václav\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{917F7E68-1A78-43C2-A3C4-5ADFE18170C8}: NameServer = 192.168.51.250,192.168.51.252
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: HP Touchpoint Analytics (HPTouchpointAnalyticsService) - HP Inc. - C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--
End of file - 13748 bytes



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39523
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: KOntrola logu

Příspěvekod jaro3 » 29 bře 2019 17:57

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

labutak3
Level 1
Level 1
Příspěvky: 70
Registrován: březen 10
Pohlaví: Muž

Re: KOntrola logu

Příspěvekod labutak3 » 29 bře 2019 20:23

-------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 03-13-2019
# Database: 2019-03-25.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-29-2019
# Duration: 00:00:29
# OS: Windows 7 Home Premium
# Scanned: 25876
# Detected: 82


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Ask C:\ProgramData\AskPartnerNetwork
PUP.Optional.Ask C:\Program Files (x86)\AskPartnerNetwork
PUP.Optional.Ask C:\Users\Václav\AppData\Local\AskPartnerNetwork
PUP.Optional.Ask C:\ProgramData\Ask
PUP.Optional.Seznam.cz C:\Program Files (x86)\Seznam.cz
PUP.Optional.Seznam.cz C:\Users\Václav\AppData\Roaming\Seznam.cz
Rogue.ForcedExtension C:\ProgramData\apn

***** [ Files ] *****

PUP.Optional.Legacy C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\1w0gftvn.default-1471177166489\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****


(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 22
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A00-6A76-A76A-76A7-A758B70C2F04}, Žádná uživatelská akce, [3610], [245530],1.0.9914
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5354-2D53-5045-A758B70C2D01}, Žádná uživatelská akce, [3610], [245530],1.0.9914
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\AskPartnerNetwork, Žádná uživatelská akce, [826], [186877],1.0.9914
PUP.Optional.ASK, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Žádná uživatelská akce, [2], [184157],1.0.9914
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Žádná uživatelská akce, [2], [184157],1.0.9914
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}, Žádná uživatelská akce, [2], [184157],1.0.9914
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\AskPartnerNetwork, Žádná uživatelská akce, [826], [186876],1.0.9914
PUP.Optional.ASK, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AC6CA086-7202-4CA7-818E-C45ACA66C0FD}, Žádná uživatelská akce, [2], [258454],1.0.9914
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, Žádná uživatelská akce, [826], [186877],1.0.9914
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Žádná uživatelská akce, [826], [186876],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32, Žádná uživatelská akce, [2018], [345551],1.0.9914

Hodnota v registru: 12
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A00-6A76-A76A-76A7-A758B70C2F04}|INSTALLSOURCE, Žádná uživatelská akce, [3610], [245530],1.0.9914
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5354-2D53-5045-A758B70C2D01}|INSTALLSOURCE, Žádná uživatelská akce, [3610], [245530],1.0.9914
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Žádná uživatelská akce, [2], [184157],1.0.9914
PUP.Optional.ASK, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Žádná uživatelská akce, [2], [184156],1.0.9914
PUP.Optional.ASK, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AC6CA086-7202-4CA7-818E-C45ACA66C0FD}|URL, Žádná uživatelská akce, [2], [258454],1.0.9914
PUP.Optional.ASK, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AC6CA086-7202-4CA7-818E-C45ACA66C0FD}|FAVICONURL, Žádná uživatelská akce, [2], [258454],1.0.9914
PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, Žádná uživatelská akce, [2], [184157],1.0.9914
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|gcncagkkhfoombgbihckkccmkjemhohl, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.ASK.Generic, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D4027C7F-154A-4066-A1AD-4243D8127440}, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, Žádná uživatelská akce, [2018], [345551],1.0.9914
PUP.Optional.ASK, HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00000000-6E41-4FD3-8538-502F5495E5FC}, Žádná uživatelská akce, [2], [327345],1.0.9914

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 87
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, Žádná uživatelská akce, [826], [175062],1.0.9914
PUP.Optional.MindSpark.Generic, C:\USERS\VáCLAV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1W0GFTVN.DEFAULT-1471177166489\BROWSER-EXTENSION-DATA\_4jMembers_@www.radiorage.com, Žádná uživatelská akce, [1738], [468075],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\abstractbutton\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\embedscript\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\thirdparty\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\uninstall\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\embedhtml\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\weather\css, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\topapps\css, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\weather\js, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\weather\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\topapps\js, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\generic\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\radio\css, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\defaultSearch\foreground, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\defaultSearch\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\embedscript\html, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\alert\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\flare\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\radio\js, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\moviereviews\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\menu\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\topapps, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\link\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\weather, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\abstractbutton, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\embedhtml\html, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\embedscript\js, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\common, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\rss\js, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\rss\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\radio, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\test, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\embedhtml\js, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\embedscript, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\flare\icons, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\menu\images, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets\rss, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\radio\radioWrapper, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\search\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\thirdparty, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\moviereviews\html, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\embedhtml, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\menu\html, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\radio\foreground, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\uninstall, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\radio\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\moviereviews\css, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\menu\css, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\moviereviews\js, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\generic, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\menu\js, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\weather, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api\widgets, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\api\background, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\defaultSearch, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\supertab\html, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\alert, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\flare, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\moviereviews, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\supertab\css, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\search\html, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\menu, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\link, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\supertab\js, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components\rss, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\api\window, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\radio\css, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\supertab, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\widget-api, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\components, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\search, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\radio, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\adapter, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components\api, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\native\libs, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\components, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common\js, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\_metadata, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\common, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\images, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\12.9.6.8598_0\native, Žádná uživatelská akce, [1738], [443122],1.0.9914
PUP.Optional.MindSpark.Generic, C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbih

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39523
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: KOntrola logu

Příspěvekod jaro3 » 29 bře 2019 21:02

A Malwarebytes' Anti-Malware?

+
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Skenování“ , po prohledání klikni na „ Čištění

Program provede opravu, po automatickém restartu klikni na „Log soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Diallix
Level 2
Level 2
Příspěvky: 166
Registrován: říjen 08
Pohlaví: Nespecifikováno

Re: KOntrola logu

Příspěvekod Diallix » 30 bře 2019 07:43

Po vykonani horeuvedenych krokov, prosim, urobte nasledovne:

- Stiahnite nastroj FRST, 32/64 bitovy, podla vasho systemu odtialto: https://www.bleepingcomputer.com/downlo ... scan-tool/
- Ulozte program FRST na plochu.
- Spustite program FRST a v okne Whitelist oznacte chlieviky Registry, Services, Drivers, Processes, Internet a v okne Optional Scan oznacte Addition.txt.
- Pokracujte tlacidlom Scan.
- Zacne sken, ktory moze trvat istu chvilu.
- Po skene sem vlozte logy: FRST + ADDITION
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu:CyberSecurity UNIT
----
Bezpečnostná autorita fóra viry.cz Certifikát
----
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

labutak3
Level 1
Level 1
Příspěvky: 70
Registrován: březen 10
Pohlaví: Muž

Re: KOntrola logu

Příspěvekod labutak3 » 30 bře 2019 11:22

-------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 03-13-2019
# Database: 2019-03-25.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-29-2019
# Duration: 00:00:16
# OS: Windows 7 Home Premium
# Cleaned: 81
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\AskPartnerNetwork
Deleted C:\Program Files (x86)\AskPartnerNetwork
Deleted C:\Users\Václav\AppData\Local\AskPartnerNetwork
Deleted C:\ProgramData\Ask
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Users\Václav\AppData\Roaming\Seznam.cz
Deleted C:\ProgramData\apn

***** [ Files ] *****

Deleted C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\1w0gftvn.default-1471177166489\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKU\S-1-5-18\Software\AskPartnerNetwork
Deleted HKCU\Software\AskPartnerNetwork
Deleted HKU\.DEFAULT\Software\AskPartnerNetwork
Deleted HKLM\Software\Wow6432Node\AskPartnerNetwork
Deleted HKLM\Software\AskPartnerNetwork
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Deleted HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Deleted HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Deleted HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Deleted HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\GenericAskToolbar.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Deleted HKLM\Software\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Not Deleted HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Deleted HKLM\Software\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.autoupdate
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm

***** [ Chromium (and derivatives) ] *****

Deleted Allin1Convert
Deleted MSN Homepage & Bing Search Engine
Deleted McAfee Security Scan+
Deleted Seznam Lištička - Email
Deleted Seznam doplněk - Esko

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [10503 octets] - [29/03/2019 19:24:40]
AdwCleaner[S01].txt - [10565 octets] - [29/03/2019 22:58:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

labutak3
Level 1
Level 1
Příspěvky: 70
Registrován: březen 10
Pohlaví: Muž

Re: KOntrola logu

Příspěvekod labutak3 » 30 bře 2019 11:26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by V clav (Administrator) on so 30.03.2019 at 10:41:15,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 33

Failed to delete: C:\Users\V clav\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{00CBF37F-3BCD-42F8-9A76-D57B82AB08DB} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{08D18C4B-967B-469B-BB3B-0D63914A571F} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{0F344081-6C3C-4651-9A0F-CF1BD3343050} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{1A99DCEE-BF01-4260-B77E-79170DC9405F} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{3828C3C9-00E3-435B-A80A-F6BF92EFAAFB} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{5B095AF3-B309-4708-B0DE-281E6FBF9244} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{6E55A3A5-BE21-46E4-A8E1-3DADBDD73A77} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{71FD44B7-8D28-4A23-A8D2-5E326A010631} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{7A79770C-3249-46A4-9A2F-9CF396D0BDC4} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{7FEBB4C8-5061-4F83-B9BB-6E6014A449AF} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{9B148CC9-DCAE-43EA-B367-79B0403A6BC1} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{A722FBC4-6514-4E4A-9E42-6B8AF98A2921} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{AB344F0E-D479-44ED-A3BC-DCDED544393C} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{B6639518-AD58-42AD-B8F2-629749ABE9E9} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{C368BAC7-7BBB-4819-8301-B7FDF6D83EAD} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{C86E259F-6AF9-4018-A377-F615687EE501} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{D1DEB608-C50C-40B4-A333-89A3F4E8B732} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{E487C1EF-333C-4013-9B00-A5C7F2B2FD37} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{E5DE73B4-889E-4FA1-B9B2-E9D2B42909A0} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{F577A0D4-430F-4EB6-81DB-E4699D7EF6A3} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\{FC8FE90E-0942-47B4-B474-EECAD2C9E20C} (Empty Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\V clav\AppData\Roaming\Mozilla\Firefox\Profiles\1w0gftvn.default-1471177166489\extensions\staged (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\V clav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IG3EE81E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRNXVJGZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2MSWZUL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\V clav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUSH8KCW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IG3EE81E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRNXVJGZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2MSWZUL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUSH8KCW (Temporary Internet Files Folder)



Registry: 6

Successfully deleted: HKCU\Software\Google\Chrome\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Registry Key)
Successfully deleted: HKCU\Software\Google\Chrome\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Registry Key)
Successfully deleted: HKCU\Software\Google\Chrome\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9706EE9D-A412-415A-A220-087DB32826B1} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 30.03.2019 at 10:45:05,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

labutak3
Level 1
Level 1
Příspěvky: 70
Registrován: březen 10
Pohlaví: Muž

Re: KOntrola logu

Příspěvekod labutak3 » 30 bře 2019 11:26

can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Václav (administrator) on VACLAV (30-03-2019 10:55:16)
Running from C:\Users\Václav\Desktop
Loaded Profiles: Václav (Available Profiles: Václav)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Communications Inc. -> Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(PDF Complete Inc. -> PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-21] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-01] (Atheros Communications Inc. -> Atheros Communications) [File not signed]
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) [File not signed]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2018-03-26] (PDF Complete Inc. -> PDF Complete Inc)
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\...\Run: [Google Update] => C:\Users\Václav\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-28] (Google Inc -> Google LLC)
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG -> Nero AG)
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-23] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\...\MountPoints2: {3b4f6b0d-e3e2-11e1-9882-74de2b222207} - F:\MI.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1552833122-1532610881-2548711782-1000] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{917F7E68-1A78-43C2-A3C4-5ADFE18170C8}: [NameServer] 192.168.51.250,192.168.51.252
Tcpip\..\Interfaces\{D62F29B8-A3DD-4F59-8357-DD8170D2DFD6}: [DhcpNameServer] 192.168.0.254

Internet Explorer:
==================
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDF
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {023FB5AB-E551-4A99-A105-A44DAD08BCA2} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {1393AAC5-0460-49B3-9496-CA91EA561E70} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {5EDFBC0F-84ED-4AF9-8076-938609288DE1} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {721F2F86-147B-41AE-ABFD-7A294A995F4D} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {8072144D-EE65-4CC8-A991-DC186EE931AE} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {A97BCDD0-0F21-4618-84DD-34F33F2242B6} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {B2A27D46-5682-4D73-AD60-0FE6778893B5} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {E1D089D0-557F-4AD9-A5B2-C81819E82A1B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc. -> HP Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation -> Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc. -> HP Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation -> Microsoft Corporation.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\1w0gftvn.default-1471177166489 [2019-03-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-13] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1552833122-1532610881-2548711782-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Václav\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-1552833122-1532610881-2548711782-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Václav\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/newTab.html"
CHR Profile: C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default [2019-03-29]
CHR Extension: (YouTube) - C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Vyhledávání Google) - C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-06]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2018-03-09]
CHR Extension: (Skype) - C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (No Name) - C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2019-02-17]
CHR Extension: (Gmail) - C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-28]
CHR HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.3TMGXG427BJOSGWVTEEMIHPMSU - C:\Users\Václav\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros Communications Inc. -> Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation -> Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1804352 2018-03-26] (PDF Complete Inc. -> PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation -> Xobni Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2768384 2011-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2011-02-09] (CyberLink -> CyberLink Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12256512 2010-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation -> Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation -> Microsoft Corporation)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
U3 aswbdisk; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-30 10:55 - 2019-03-30 10:56 - 000022534 _____ C:\Users\Václav\Desktop\FRST.txt
2019-03-30 10:54 - 2019-03-30 10:55 - 000000000 ____D C:\FRST
2019-03-30 10:54 - 2019-03-30 10:49 - 002434048 _____ (Farbar) C:\Users\Václav\Desktop\FRST64.exe
2019-03-30 10:49 - 2019-03-30 10:49 - 002434048 _____ (Farbar) C:\Users\Václav\Downloads\FRST64.exe
2019-03-30 10:45 - 2019-03-30 10:45 - 000005347 _____ C:\Users\Václav\Desktop\JRT.txt
2019-03-30 10:39 - 2019-03-30 10:39 - 001790024 _____ (Malwarebytes) C:\Users\Václav\Downloads\JRT.exe
2019-03-30 06:56 - 2019-03-30 06:56 - 000073153 _____ C:\Users\Václav\Documents\test.txt
2019-03-29 22:53 - 2019-03-29 22:54 - 007039184 _____ (Malwarebytes) C:\Users\Václav\Downloads\adwcleaner_7.3(1).exe
2019-03-29 20:11 - 2019-03-29 20:21 - 000080464 _____ C:\Users\Václav\Documents\soubor.txt
2019-03-29 20:11 - 2019-03-29 20:11 - 012846828 _____ C:\Users\Václav\Downloads\Malwarebytes-Mac-3.7.34.2263(1).pkg
2019-03-29 19:50 - 2019-03-29 19:50 - 000000000 ____D C:\Users\Václav\AppData\Local\mbam
2019-03-29 19:49 - 2019-03-29 19:49 - 000000000 ____D C:\Users\Václav\AppData\Local\mbamtray
2019-03-29 19:45 - 2019-03-29 19:47 - 062504568 _____ (Malwarebytes ) C:\Users\Václav\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.563-1.0.9892.exe
2019-03-29 19:32 - 2019-03-29 19:33 - 012846828 _____ C:\Users\Václav\Downloads\Malwarebytes-Mac-3.7.34.2263.pkg
2019-03-29 19:23 - 2019-03-29 22:59 - 000000000 ____D C:\AdwCleaner
2019-03-29 19:22 - 2019-03-29 19:22 - 007039184 _____ (Malwarebytes) C:\Users\Václav\Downloads\adwcleaner_7.3.exe
2019-03-29 18:38 - 2019-03-29 18:38 - 000448512 _____ (OldTimer Tools) C:\Users\Václav\Downloads\TFC.exe
2019-03-29 18:29 - 2019-03-29 18:29 - 000050688 _____ (Atribune.org) C:\Users\Václav\Downloads\ATF-Cleaner.exe
2019-03-29 13:14 - 2019-03-29 13:14 - 000388608 _____ (Trend Micro Inc.) C:\Users\Václav\Downloads\HijackThis.exe
2019-03-28 10:46 - 2019-03-28 14:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-03-26 13:23 - 2019-03-27 12:23 - 000914701 _____ C:\Users\Václav\Documents\41_Kooperativa_Zp_101_ukonceni_smlouvy_03_2018_final_6.pdf
2019-03-20 23:15 - 2019-03-20 23:15 - 000204439 _____ C:\Users\Václav\Documents\vykaz_1.pdf
2019-03-20 23:14 - 2019-03-20 23:14 - 000191502 _____ C:\Users\Václav\Documents\vykaz_2.pdf
2019-03-16 13:34 - 2019-03-16 13:35 - 000000000 ____D C:\Users\Václav\Desktop\Flasch
2019-03-16 12:50 - 2019-03-16 12:50 - 000012769 _____ C:\Users\Václav\Downloads\seznam členů.xlsx
2019-03-16 12:06 - 2019-03-16 12:19 - 000000000 ____D C:\Users\Václav\Desktop\Knihy
2019-03-16 11:47 - 2019-03-21 07:12 - 000000000 ____D C:\Users\Václav\Desktop\Články do novin
2019-03-15 11:03 - 2019-03-15 11:03 - 000000000 ___RD C:\Users\Václav\Desktop\VACLAV
2019-03-09 18:22 - 2019-03-09 18:22 - 000001086 _____ C:\Users\Václav\Documents\Dokumenty – zástupce.lnk
2019-03-09 15:32 - 2019-03-06 19:30 - 1471711224 _____ C:\Users\Václav\Desktop\Labuť 2018.mp4
2019-03-09 15:29 - 2019-03-09 16:39 - 010093428 _____ C:\Users\Václav\Documents\MDŽ.pptx
2019-03-09 12:06 - 2019-03-09 15:17 - 142221798 _____ C:\Users\Václav\Documents\Prezentace1.mp4
2019-03-09 06:53 - 2019-03-09 06:53 - 015616567 _____ C:\Users\Václav\Downloads\Obnovený hit.mp4
2019-03-06 19:05 - 2019-03-06 19:06 - 000448984 _____ C:\Users\Václav\Downloads\Skener_20190306 (5)-compressed.pdf
2019-03-06 19:02 - 2019-03-06 19:03 - 000472916 _____ C:\Users\Václav\Downloads\Skener_20190306 (4)-compressed(1).pdf
2019-03-06 19:01 - 2019-03-06 19:01 - 000472916 _____ C:\Users\Václav\Downloads\Skener_20190306 (4)-compressed.pdf
2019-03-06 18:50 - 2019-03-06 18:50 - 005308645 _____ C:\Users\Václav\Documents\Skener_20190306 (4).7z

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-30 10:52 - 2016-12-07 13:17 - 000000000 ____D C:\Users\Václav\AppData\LocalLow\Mozilla
2019-03-30 09:19 - 2009-07-14 05:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-30 09:19 - 2009-07-14 05:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-30 09:08 - 2011-05-10 00:48 - 000669132 _____ C:\Windows\system32\perfh005.dat
2019-03-30 09:08 - 2011-05-10 00:48 - 000141760 _____ C:\Windows\system32\perfc005.dat
2019-03-30 09:08 - 2009-07-14 06:13 - 001584626 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-30 09:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2019-03-30 09:04 - 2018-02-25 06:36 - 000000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2019-03-30 09:04 - 2011-05-09 15:24 - 000000000 ____D C:\ProgramData\PDFC
2019-03-30 09:04 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-29 18:09 - 2018-12-22 09:49 - 000086016 ___SH C:\Users\Václav\Desktop\Thumbs.db
2019-03-29 13:05 - 2018-02-27 08:42 - 000000000 ____D C:\Users\Václav\Documents\Záloha registrů
2019-03-29 13:02 - 2012-03-24 08:47 - 000000000 ____D C:\Users\Václav\AppData\Local\CrashDumps
2019-03-28 14:39 - 2013-07-06 20:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-28 11:59 - 2012-01-31 19:17 - 000003564 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000UA
2019-03-28 11:59 - 2012-01-31 19:17 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000Core
2019-03-27 10:57 - 2014-03-18 20:42 - 000000000 ____D C:\Users\Václav\AppData\Local\Windows Live
2019-03-27 08:43 - 2019-02-20 07:03 - 000000336 _____ C:\Windows\Tasks\HPCeeScheduleForVáclav.job
2019-03-27 06:43 - 2019-02-20 07:03 - 000003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForVáclav
2019-03-26 17:26 - 2012-01-31 19:19 - 000002424 _____ C:\Users\Václav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-25 19:58 - 2019-02-10 10:55 - 000000000 ____D C:\Users\Václav\Documents\Článka do novin 2019
2019-03-24 21:52 - 2018-02-24 10:30 - 000000000 ____D C:\Users\Václav\Documents\Články do novin 2018
2019-03-15 19:45 - 2018-02-24 11:17 - 000000000 ____D C:\Users\Václav\Documents\Bluetooth Folder
2019-03-13 10:06 - 2018-03-13 18:53 - 000004526 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-03-13 10:06 - 2012-04-27 06:57 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-03-13 10:06 - 2012-04-27 06:57 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-03-13 10:06 - 2012-02-01 06:22 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-13 10:06 - 2012-02-01 06:22 - 000000000 ____D C:\Windows\system32\Macromed
2019-03-13 10:06 - 2011-05-09 15:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-03-12 17:56 - 2018-03-12 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-03-12 17:56 - 2017-11-27 17:53 - 000001310 _____ C:\Users\Public\Desktop\Skype.lnk
2019-03-11 07:27 - 2018-02-14 09:21 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-03-10 15:20 - 2009-07-14 06:08 - 000032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-03-08 19:03 - 2019-02-10 18:20 - 000000000 ____D C:\Users\Václav\Documents\Recepty
2019-03-04 18:55 - 2015-03-26 20:37 - 000000000 ____D C:\Users\Václav\Documents\Kronika Labuť
2019-03-01 16:27 - 2017-11-03 17:26 - 000000000 ____D C:\Users\Václav\Desktop\Domácí evidence

==================== Files in the root of some directories =======

2012-03-24 18:18 - 2009-09-24 07:50 - 003520256 _____ (Ghisler Software GmbH) C:\Program Files (x86)\TOTALCMD.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-04 07:14

==================== End of FRST.txt ============================

labutak3
Level 1
Level 1
Příspěvky: 70
Registrován: březen 10
Pohlaví: Muž

Re: KOntrola logu

Příspěvekod labutak3 » 30 bře 2019 11:27

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Václav (30-03-2019 10:56:54)
Running from C:\Users\Václav\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-31 11:41:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1552833122-1532610881-2548711782-500 - Administrator - Disabled)
Guest (S-1-5-21-1552833122-1532610881-2548711782-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1552833122-1532610881-2548711782-1002 - Limited - Enabled)
Václav (S-1-5-21-1552833122-1532610881-2548711782-1000 - Administrator - Enabled) => C:\Users\Václav

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.06 (x64) (HKLM\...\7-Zip) (Version: 18.06 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.0.170814 - )
Balíček ovladače systému Windows - Hewlett-Packard Image (04/27/2007 9.0.0.0) (HKLM\...\A6BCA7876CD547CFB5821019998F044515D81B74) (Version: 04/27/2007 9.0.0.0 - Hewlett-Packard)
Bejeweled 2 Deluxe (HKLM-x32\...\WT089453) (Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WT089498) (Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.60 - Atheros Communications)
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (HKLM-x32\...\WT089470) (Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (HKLM-x32\...\WT089504) (Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{124DB96E-CBF5-44FB-AB59-7D2444DEC777}) (Version: 1.0.7 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{B97E3520-C726-475E-BC0C-7561952633AB}) (Version: 1.2.1 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{A312ABBC-E4A0-4595-BB69-95AFF48A9838}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.7.50.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{83D9E6C0-5F20-49B4-9ACF-80A24A1A045D}) (Version: 12.10.49.21 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Wireless Assistant (HKLM\...\{B962DFD6-45C1-49D8-AEBA-197BF6576D29}) (Version: 4.0.10.0 - Hewlett-Packard)
Chuzzle Deluxe (HKLM-x32\...\WT089454) (Version: 2.2.0.95 - WildTangent) Hidden
ICP 9.0 (HKLM\...\ICP install2_is1) (Version: - )
ImageConverter Plus 8.0 (HKLM-x32\...\ImageConverter Plus_is1) (Version: 8.0.105 (build: 110201) - fCoder Group, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Mah Jong Medley (HKLM-x32\...\WT087393) (Version: 2.2.0.95 - WildTangent) Hidden
Mariáš 3.1 (HKLM-x32\...\{BA58C040-B206-41BB-92CF-D0A2975477BB}) (Version: 3.1.0 - Ganttsoft)
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 66.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 66.0.2 (x64 cs)) (Version: 66.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 66.0.2.7024 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\WT089496) (Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089484) (Version: 2.2.0.95 - WildTangent) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nero 7 Premium (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.36 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089458) (Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}) (Version: 1.0.22 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verze 8.40 (HKLM-x32\...\Skype_is1) (Version: 8.40 - Skype Technologies S.A.)
Slingo Supreme (HKLM-x32\...\WT089457) (Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.3 - Synaptics Incorporated)
Update for Skype for Business 2015 (KB3115033) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{BD10518F-3463-429E-8761-0AEDCEEA6297}) (Version: - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
WhatsApp (HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\...\WhatsApp) (Version: 0.3.1847 - WhatsApp)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.)
Xobni Core (HKLM-x32\...\{8DC069E7-893C-41E1-9442-DE89FEC33371}) (Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (HKLM-x32\...\WT089455) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\...\ChromeHTML: -> C:\Users\Václav\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Václav\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Václav\AppData\Local\Google\Chrome\Application\73.0.3683.86\notification_helper.exe (Google LLC -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Václav\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll (Google Inc -> Google LLC)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
ContextMenuHandlers1: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\Windows\system32\cnvshell.dll [2013-03-03] (fCoder Group, Inc. -> fCoder Group International)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-06-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-04-05] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2011-03-01] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-04-05] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-12-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\Windows\system32\cnvshell.dll [2013-03-03] (fCoder Group, Inc. -> fCoder Group International)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2010-04-05] (WinZip Computing -> WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {117BA244-D33E-41A0-A1F6-1C263E08EF23} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {12D4B1D5-86A2-49D9-86AD-835AD21E7002} - System32\Tasks\HPCeeScheduleForVáclav => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {23459481-FCA8-4742-93BC-F6265876B894} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {2EB476B4-F601-4D45-A993-B06EC125E1A2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {34818E82-94FE-4F19-A58D-20CBBB57C95E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {39117275-B7A0-426B-8860-5F35492BAB12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {3992859E-3F38-445B-97AE-92C9074DAF54} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {3E8F2C2A-10C2-44FB-813D-4610F8504238} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {3E8F2C2A-10C2-44FB-813D-4610F8504238} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {3E8F2C2A-10C2-44FB-813D-4610F8504238} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Windows -> Microsoft Corporation)
Task: {764C3B71-A68E-4677-A91E-AAA530789FF8} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe (Hewlett-Packard Company -> Hewlett-Packard)
Task: {784C2AD3-08C4-419E-83A0-4FC62AA00EB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000UA => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {7B66F197-4C2D-473B-99FF-BC5EDCE66C5D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {7B66F197-4C2D-473B-99FF-BC5EDCE66C5D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Windows -> Microsoft Corporation)
Task: {7CE168D5-3567-4C69-97A9-BB65749F1D98} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000Core => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {83F39DF1-1D03-4E83-9BCD-5507996292AA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink -> CyberLink)
Task: {85D5D0A4-E307-4AD8-9850-AA80128BBF0B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> )
Task: {86D32953-B049-42A3-BE6A-86C3F020840E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {A1770A7F-915C-4FE3-98C2-AC5F82662D8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {A963FDBB-D94D-41C8-9E67-B2FB0EFAD34F} - System32\Tasks\{02642639-9FE2-4FE6-8F1A-D537394EB920} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {B06C742E-623A-47BF-894A-E26BB1E77349} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {B06C742E-623A-47BF-894A-E26BB1E77349} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Windows -> Microsoft Corporation)
Task: {C58881E2-0128-4005-B39A-10C8D76601D5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {C58881E2-0128-4005-B39A-10C8D76601D5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Windows -> Microsoft Corporation)
Task: {CB82F81B-FDEB-47B7-B41A-DC34F517A0E1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D4C63B00-2E28-4B50-8B62-03C2AB7F8A76} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd -> Piriform Ltd)
Task: {E4C1BB68-3F52-45C4-AEC5-EA455D5C062A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F1F48C4A-7954-459C-9295-55EC228E9153} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {FE90CD1B-81A0-4A75-89C3-78D7BF129381} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForVáclav.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2017-09-13 11:36 - 2011-08-09 17:46 - 000443040 _____ (Atheros Communications Inc. -> Atheros) [File not signed] C:\Windows\system32\athihvs.dll
2012-03-20 16:10 - 2010-05-16 05:00 - 000344064 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLMA4.DLL
2012-03-20 16:10 - 2010-05-16 05:00 - 000028672 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\CNMPDA4.DLL
2011-03-01 14:44 - 2011-03-01 14:44 - 000138400 _____ (Atheros Communications Inc. -> Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
2011-03-01 14:43 - 2011-03-01 14:43 - 000076448 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
2012-02-01 07:02 - 2012-02-01 07:02 - 001654784 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL
2011-03-01 14:43 - 2011-03-01 14:43 - 000061088 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll
2011-03-01 14:44 - 2011-03-01 14:44 - 000425632 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll
2011-03-01 14:43 - 2011-03-01 14:43 - 000181408 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll
2011-03-01 14:44 - 2011-03-01 14:44 - 002233504 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Bluetooth Suite\OutLookLib.dll
2012-02-01 07:02 - 2012-02-01 07:02 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.DLL
2019-01-22 11:25 - 2018-12-30 08:00 - 000077824 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2011-09-30 13:12 - 2010-12-28 01:30 - 001817088 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2012-02-01 07:03 - 2012-02-01 07:03 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2011-09-30 13:12 - 2010-12-10 18:07 - 000120832 _____ (Realsil Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll
2016-12-09 18:05 - 2016-12-09 18:05 - 000474624 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c3c300c796341c62acd102d7d8c4ee22\IAStorUtil.ni.dll
2011-09-30 13:10 - 2010-09-13 17:28 - 000032768 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\cs-CZ\IAStorIcon.resources.dll
2011-09-30 13:10 - 2010-09-13 17:28 - 001108480 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2011-09-30 13:10 - 2010-09-13 17:28 - 000004608 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\cs-CZ\IntelVisualDesign.resources.dll
2014-10-19 10:49 - 2014-10-19 10:49 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\802a9bff6be56d5ea8384d20bee78562\IAStorCommon.ni.dll
2011-09-30 13:10 - 2010-09-13 17:28 - 000165376 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2003-03-19 06:14 - 2003-03-19 06:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCP71.dll
2003-02-21 14:42 - 2003-02-21 14:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCR71.dll
2016-12-09 18:05 - 2016-12-09 18:05 - 000019968 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\0550cfa876407c90445560836c075e8a\IAStorDataMgrSvc.ni.exe
2016-12-09 18:05 - 2016-12-09 18:05 - 000219136 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\3c2800f656f07b3072c69728f4f6aa4a\IAStorDataMgr.ni.dll
2016-12-09 18:05 - 2016-12-09 18:05 - 000169472 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\22e6307b0cd5955ebf3f8abd9e3ab58d\IsdiInterop.ni.dll
2011-09-30 13:10 - 2010-09-13 17:28 - 000058880 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-09-30 13:10 - 2010-09-13 17:25 - 000275456 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2012-02-01 07:13 - 2012-02-01 07:13 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2011-09-30 13:10 - 2010-09-13 17:28 - 000006656 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\cs-CZ\IAStorDataMgr.resources.dll
2011-09-30 13:11 - 2010-12-31 20:44 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2011-09-30 13:11 - 2010-12-31 20:44 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-03-21 18:06 - 000000848 _____ C:\Windows\system32\drivers\etc\hosts


2012-01-31 13:20 - 2012-01-31 16:19 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Václav\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D8E3557B-ECA1-47D8-8B72-4D2A5BCB0F8C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FCF131FD-945A-4422-AFED-AABC725B7229}] => (Allow) LPort=2869
FirewallRules: [{7E323A61-D177-4290-B8B3-531F7B823B0A}] => (Allow) LPort=1900
FirewallRules: [{468DB2EB-FCC1-43D3-9F39-14FBC84B82D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AC061861-C727-448E-8A11-13E9D8EF5063}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{63C453F7-2004-4400-93E5-515479EC5268}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{FDCC91A6-B7CB-49E4-9A41-B6DF338DE41E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F3F78F89-9FF7-4A4D-8DDA-607C60D56B48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BB645954-1214-401D-B2A4-D279707444D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E9CDC655-0275-48A0-8183-48D19BC6D622}C:\users\václav\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\václav\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [UDP Query User{9A790581-6E81-4BFB-9561-8BE864920E4F}C:\users\václav\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\václav\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [TCP Query User{26DD2731-973B-4563-8065-C672B3D62423}C:\users\václav\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\václav\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [UDP Query User{48421560-632D-4C55-B0E3-59B221843711}C:\users\václav\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\václav\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{84A37B2B-A42F-4333-BEA4-53848E0F5F27}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{D5AD2FBA-9B69-495B-9F45-86E6320C8AA4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{F31CE401-3DE6-4151-94A9-0DD1AB313CB3}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F169DBEB-820A-4229-8213-51BAD5490207}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

21-02-2019 06:33:33 Windows Update
28-02-2019 06:38:45 Windows Update
07-03-2019 06:47:13 Windows Update
12-03-2019 10:18:42 Windows Zálohování
14-03-2019 06:26:58 Windows Update
21-03-2019 06:26:32 Windows Update
28-03-2019 06:23:30 Windows Update
30-03-2019 10:40:25 JRT Pre-Junkware Removal
30-03-2019 10:41:16 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2019 09:04:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2019 06:30:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2019 11:01:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2019 06:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2019 06:09:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2019 12:27:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2019 09:07:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2019 06:58:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/30/2019 07:08:03 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware zjistil chybu při pokusu o aktualizaci podpisů.

Nová verze podpisu:

Předchozí verze podpisu: 1.291.553.0

Zdroj aktualizace: Server Microsoft Update

Fáze aktualizace: Vyhledat

Zdrojová cesta: http://www.microsoft.com

Typ podpisu: Antivirový program

Typ aktualizace: Úplné

Uživatel: NT AUTHORITY\SYSTEM

Aktuální verze modulu:

Předchozí verze modulu: 1.1.15800.1

Kód chyby: 0x8024001e

Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Error: (03/29/2019 11:00:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\athihvs.dll

Error: (03/29/2019 11:00:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\athihvs.dll

Error: (03/29/2019 11:00:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\athihvs.dll

Error: (03/29/2019 10:59:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\athihvs.dll

Error: (03/29/2019 10:59:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\athihvs.dll

Error: (03/29/2019 10:59:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Management and Security Application User Notification Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/29/2019 10:59:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Touchpoint Analytics byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================

Date: 2012-02-02 19:56:18.592
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VCLAV~1\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-02-02 19:56:18.576
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\VCLAV~1\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-02-02 19:56:18.436
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-02-02 19:56:18.404
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz
Percentage of memory in use: 92%
Total physical RAM: 3947.86 MB
Available physical RAM: 306.45 MB
Total Virtual: 7893.91 MB
Available Virtual: 3914.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:449.89 GB) (Free:355.86 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.57 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{1a19f044-4bef-11e1-b762-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS
\\?\Volume{1a19f047-4bef-11e1-b762-806e6f6e6963}\ (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 1B0CEA89)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39523
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: KOntrola logu

Příspěvekod jaro3 » 31 bře 2019 20:26

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {023FB5AB-E551-4A99-A105-A44DAD08BCA2} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {1393AAC5-0460-49B3-9496-CA91EA561E70} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {5EDFBC0F-84ED-4AF9-8076-938609288DE1} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {721F2F86-147B-41AE-ABFD-7A294A995F4D} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {8072144D-EE65-4CC8-A991-DC186EE931AE} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {A97BCDD0-0F21-4618-84DD-34F33F2242B6} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {B2A27D46-5682-4D73-AD60-0FE6778893B5} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {E1D089D0-557F-4AD9-A5B2-C81819E82A1B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
CHR HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.3TMGXG427BJOSGWVTEEMIHPMSU - C:\Users\Václav\AppData\Local\Google\Chrome\Application\chrome.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {784C2AD3-08C4-419E-83A0-4FC62AA00EB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000UA => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {7CE168D5-3567-4C69-97A9-BB65749F1D98} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000Core => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

labutak3
Level 1
Level 1
Příspěvky: 70
Registrován: březen 10
Pohlaví: Muž

Re: KOntrola logu

Příspěvekod labutak3 » 01 dub 2019 14:22

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Václav (31-03-2019 23:54:23) Run:1
Running from C:\Users\Václav\Desktop
Loaded Profiles: Václav (Available Profiles: Václav)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {023FB5AB-E551-4A99-A105-A44DAD08BCA2} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {1393AAC5-0460-49B3-9496-CA91EA561E70} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {5EDFBC0F-84ED-4AF9-8076-938609288DE1} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {721F2F86-147B-41AE-ABFD-7A294A995F4D} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {8072144D-EE65-4CC8-A991-DC186EE931AE} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {A97BCDD0-0F21-4618-84DD-34F33F2242B6} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {B2A27D46-5682-4D73-AD60-0FE6778893B5} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {E1D089D0-557F-4AD9-A5B2-C81819E82A1B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-1552833122-1532610881-2548711782-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
CHR HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.3TMGXG427BJOSGWVTEEMIHPMSU - C:\Users\V�clav\AppData\Local\Google\Chrome\Application\chrome.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {784C2AD3-08C4-419E-83A0-4FC62AA00EB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000UA => C:\Users\V�clav\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {7CE168D5-3567-4C69-97A9-BB65749F1D98} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000Core => C:\Users\V�clav\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => removed successfully
HKLM\Software\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => not found
"HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{023FB5AB-E551-4A99-A105-A44DAD08BCA2} => removed successfully
HKLM\Software\Classes\CLSID\{023FB5AB-E551-4A99-A105-A44DAD08BCA2} => not found
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1393AAC5-0460-49B3-9496-CA91EA561E70} => removed successfully
HKLM\Software\Classes\CLSID\{1393AAC5-0460-49B3-9496-CA91EA561E70} => not found
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EDFBC0F-84ED-4AF9-8076-938609288DE1} => removed successfully
HKLM\Software\Classes\CLSID\{5EDFBC0F-84ED-4AF9-8076-938609288DE1} => not found
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721F2F86-147B-41AE-ABFD-7A294A995F4D} => removed successfully
HKLM\Software\Classes\CLSID\{721F2F86-147B-41AE-ABFD-7A294A995F4D} => not found
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8072144D-EE65-4CC8-A991-DC186EE931AE} => removed successfully
HKLM\Software\Classes\CLSID\{8072144D-EE65-4CC8-A991-DC186EE931AE} => not found
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A97BCDD0-0F21-4618-84DD-34F33F2242B6} => removed successfully
HKLM\Software\Classes\CLSID\{A97BCDD0-0F21-4618-84DD-34F33F2242B6} => not found
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2A27D46-5682-4D73-AD60-0FE6778893B5} => removed successfully
HKLM\Software\Classes\CLSID\{B2A27D46-5682-4D73-AD60-0FE6778893B5} => not found
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1D089D0-557F-4AD9-A5B2-C81819E82A1B} => removed successfully
HKLM\Software\Classes\CLSID\{E1D089D0-557F-4AD9-A5B2-C81819E82A1B} => not found
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => removed successfully
HKLM\Software\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000} => removed successfully
"HKLM\Software\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}" => removed successfully
HKU\S-1-5-21-1552833122-1532610881-2548711782-1000\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.3TMGXG427BJOSGWVTEEMIHPMSU\shell\open\command\\Default => value restored successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{784C2AD3-08C4-419E-83A0-4FC62AA00EB4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{784C2AD3-08C4-419E-83A0-4FC62AA00EB4}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000UA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CE168D5-3567-4C69-97A9-BB65749F1D98}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CE168D5-3567-4C69-97A9-BB65749F1D98}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1552833122-1532610881-2548711782-1000Core" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14386342 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2737734 B
Edge => 0 B
Chrome => 1010064 B
Firefox => 1089388216 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 49569 B
LocalService => 0 B
NetworkService => 1239065302 B
Václav => 4839563 B

RecycleBin => 12850738 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:59:53 ====



RogueKiller Anti-Malware V13.1.9.0 (x64) [Mar 27 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Václav [Administrator]
Started from : C:\Users\Václav\Desktop\RogueKiller_portable64.exe
Signatures : 20190326_132530, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/04/01 13:01:11 (Duration : 00:35:52)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
[PUP.Tific (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1552833122-1532610881-2548711782-1000\Software\Tific -- N/A -> Found
>>>>>> R5 - Proxy
[PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1552833122-1532610881-2548711782-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable -- 1 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.InstallCore (Potentially Malicious)] (file) ssins.exe -- (PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39523
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: KOntrola logu

Příspěvekod jaro3 » 01 dub 2019 19:05

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Stáhni si Malwarebytes' Anti-Malware na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 5 hostů