V chromu vyskakují divné stránky

[Astronaut]

Dobré ráno,
chtěl jsem stáhnout aktuální verzi jedné aplikace a místo instalace se mi vypnul a zapnul Google chrome a od té doby mě občas po kliknutí myší v chromu vyskočí záložka s nějakou reklamou...
Nastavení chromu jsem resetoval, počítač jsem projel adwcleanerem, ale furt to tam mám. Objevilo se mi mezi rozšířeními Chromu nějaké rozšíření, co jsem tam nedával, tak jsem ho smazal. Možná to bylo tím, ale raději bych poprosil o kontrolu logu.
Děkuji moc

Mimochodem chrome mi zakázal stáhnutí frstlauncheru (http://viry.xf.cz/pro_usery/FRSTLauncher.exe) - prý je to škodlivý soubor, tak jsem ho stáhnul přes jiný prohlížeč.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Cecko (administrator) on CECKO-PC (24-08-2016 03:50:24)
Running from C:\Users\Cecko\Desktop
Loaded Profiles: Cecko (Available Profiles: Cecko)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files\Gramblr\gramblr.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Razer Inc.) D:\Programy\Razer\Razer Game Booster\RzKLService.exe
(LULU SOFTWARE LIMITED) D:\Programy\Soda PDF 3D Reader\creator-ws.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) D:\Programy\Microsoft Office\Office12\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(IObit) D:\Programy\IObit\Game Booster 3\gbtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Cecko\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [GrooveMonitor] => d:\programy\microsoft office\office12\groovemonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\...\Run: [Xvid] => C:\Programy\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\...\Run: [HotkeyP] => C:\Users\Cecko\Downloads\hotkeyp\HotkeyP.exe [147456 2012-11-20] (Petr Laštovička)
HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\...\MountPoints2: {e4284d93-de05-11e3-9b84-b8ac6f55ccb5} - G:\Setup.now.exe
Startup: C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk [2015-01-05]
ShortcutTarget: MultiSkypeLauncher.lnk -> D:\Programy\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
Startup: C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-08-09]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> D:\Programy\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2153277708-1227587191-2765475175-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555
Hosts: 127.0.0.1 nlsk.neulion.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{610AFE7D-7EF5-4778-91A3-B1E3904A5AC9}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C5112575-C41F-401D-9812-E71002D93DF1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-30] (Oracle Corporation)
BHO-x32: Soda PDF 3D Reader Helper -> {841263D3-B7F7-42B7-9C72-0959BDBEC346} -> D:\Programy\Soda PDF 3D Reader\creator-ie-helper.dll [2015-03-06] (LULU SOFTWARE LIMITED)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-30] (Oracle Corporation)
Toolbar: HKLM-x32 - Soda PDF 3D Reader Toolbar - {4DB8FC50-B206-44B3-9B28-442F326056B9} - D:\Programy\Soda PDF 3D Reader\creator-ie-plugin.dll [2015-03-06] (LULU SOFTWARE LIMITED)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programy\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-06-29] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2153277708-1227587191-2765475175-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cecko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2153277708-1227587191-2765475175-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-06-29] (Pando Networks)
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\7Vz@A0yUTx.com [2016-08-21] [not signed]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\artur.dubovoy@gmail.com [2016-08-21]
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\d2@1S0XPfEf6.edu [2016-08-21] [not signed]
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\h@Gol2yQF.net [2016-08-21] [not signed]
FF Extension: bestadblocker - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\NCg6F@cl.net [2016-08-21] [not signed]
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\NK0c@Sie2FyD.edu [2016-08-21] [not signed]
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\u1qav@3kcnp.com [2016-08-21] [not signed]
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\uAn3@r.edu [2016-08-21] [not signed]
FF Extension: Adblock Plus - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_3d_reader@sodapdf.com] - D:\Programy\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension
FF Extension: Soda PDF 3D Reader Creator - D:\Programy\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension [2015-11-09] [not signed]
StartMenuInternet: FIREFOX.EXE - C:\Programy\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-30]
CHR Extension: (The Great Suspender) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-10-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Cecko\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-04-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10081872 2016-08-21] () [File not signed]
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-12-19] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [864464 2015-12-19] (AnchorFree Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-27] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
S3 LULU Software CrashHandler; D:\Programy\Soda PDF 3D Reader\crash-handler-ws.exe [784152 2015-03-06] (LULU SOFTWARE LIMITED)
S3 Microsoft Office Groove Audit Service; D:\Programy\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
R2 RzKLService; D:\Programy\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
S3 Soda PDF 3D Reader; D:\Programy\Soda PDF 3D Reader\ws.exe [1860888 2015-03-06] (LULU SOFTWARE LIMITED)
R2 Soda PDF 3D Reader Creator; D:\Programy\Soda PDF 3D Reader\creator-ws.exe [623384 2015-03-06] (LULU SOFTWARE LIMITED)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-31] (Dell Computer Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-10-12] (Anchorfree Inc.)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-24 03:50 - 2016-08-24 03:51 - 00015291 _____ C:\Users\Cecko\Desktop\FRST.txt
2016-08-24 03:48 - 2016-08-24 03:48 - 00112640 _____ (forum.viry.cz) C:\Users\Cecko\Downloads\Nepotvrzeno 483017.crdownload
2016-08-24 03:48 - 2016-08-24 03:48 - 00112640 _____ (forum.viry.cz) C:\Users\Cecko\Desktop\FRSTLauncher.exe
2016-08-24 03:47 - 2016-08-24 03:47 - 02396672 _____ (Farbar) C:\Users\Cecko\Desktop\FRST64.exe
2016-08-24 01:09 - 2016-08-24 01:10 - 448396392 _____ C:\Users\Cecko\Downloads\Všechnopárty — Petr Čtvrtníček — Tomáš Klus — Josef Alois Náhlovský 15.8.2015 HD.mp4
2016-08-24 01:09 - 2016-08-24 01:09 - 00000000 ____D C:\Users\Cecko\Documents\sestřih
2016-08-23 18:36 - 2016-08-23 18:36 - 00000000 ____D C:\Users\Cecko\AppData\Local\Geckofx
2016-08-23 18:35 - 2016-08-23 18:35 - 00000329 _____ C:\Users\Cecko\Desktop\MyScript2.ahk
2016-08-23 17:50 - 2016-08-23 17:50 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-08-23 17:50 - 2016-08-23 17:50 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-08-23 17:50 - 2016-08-23 17:50 - 00002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk
2016-08-23 17:50 - 2016-08-23 17:50 - 00002037 _____ C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Маrtinа Ваlоgоvá - Маt dámоu - YоuТubе.lnk
2016-08-23 17:50 - 2016-08-23 17:50 - 00002029 _____ C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2016-08-22 21:48 - 2016-08-23 17:49 - 00000000 ____D C:\Users\Cecko\Downloads\HaxBall Window v1.0 (1)
2016-08-22 21:47 - 2016-08-22 21:47 - 07539442 _____ C:\Users\Cecko\Downloads\HaxBall Window v1.0 (1).rar
2016-08-22 20:28 - 2016-08-22 21:08 - 714923008 _____ C:\Users\Cecko\Downloads\Curse-of-the-Blair-Witch-avi.-eng.avi
2016-08-22 07:36 - 2016-08-22 07:35 - 529870571 ____N C:\Users\Cecko\Desktop\20160822_073053.mp4
2016-08-22 04:07 - 2016-08-22 05:09 - 392797965 _____ C:\Users\Cecko\Documents\Mongol.mp4
2016-08-22 04:05 - 2016-08-22 05:19 - 00385600 _____ C:\Users\Cecko\Documents\out.CT(1).mpeg.sfk
2016-08-22 04:03 - 2016-08-22 04:04 - 121366408 _____ C:\Users\Cecko\Documents\mongol.avi
2016-08-22 04:01 - 2016-08-22 04:01 - 00000779 _____ C:\Users\Cecko\Downloads\61924494877181399-pc (1).m3u8
2016-08-22 02:21 - 2016-08-22 02:21 - 03784256 _____ C:\Users\Cecko\Downloads\adwcleaner_6.000.exe
2016-08-22 02:18 - 2016-08-22 02:18 - 00000527 _____ C:\Users\Cecko\Documents\Mongol.txt
2016-08-21 23:58 - 2016-08-22 00:13 - 127584409 _____ C:\Users\Cecko\Documents\out.CT(1).mpeg
2016-08-21 23:32 - 2016-08-21 23:33 - 121366408 _____ C:\Users\Cecko\Documents\out.CT.mpeg
2016-08-21 23:22 - 2016-08-21 23:22 - 00000779 _____ C:\Users\Cecko\Downloads\61924494877181399-pc.m3u8
2016-08-20 22:05 - 2016-08-20 22:05 - 00000000 _____ C:\icon_4025115194
2016-08-20 22:05 - 2016-08-20 22:05 - 00000000 _____ C:\icon_3393301181
2016-08-10 01:49 - 2016-08-10 01:49 - 00088687 _____ C:\Users\Cecko\Downloads\Wet-Hot-American-Summer(0000257533).srt
2016-08-09 15:59 - 2016-08-09 15:59 - 00000000 ____D C:\Users\Cecko\Documents\Poznámkové bloky aplikace OneNote
2016-08-07 23:14 - 2016-08-07 23:14 - 00066905 _____ C:\Users\Cecko\Downloads\Taxi(0000272969).srt
2016-08-05 15:10 - 2016-08-05 15:51 - 733018112 _____ C:\Users\Cecko\Downloads\1933---Pobočník-Jeho-Výsosti.avi
2016-08-04 23:21 - 2016-08-04 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evrsoft First Page 2006
2016-08-04 23:21 - 2005-09-23 17:02 - 00887296 _____ (Kurt Senfer) C:\Windows\SysWOW64\KsDHTMLEDLib.ocx
2016-08-04 23:19 - 2016-08-04 23:20 - 09870032 _____ C:\Users\Cecko\Downloads\fp2006-final-3.00-setup.zip
2016-08-01 17:50 - 2016-08-01 17:50 - 00672795 _____ C:\Users\Cecko\Downloads\OLUDospeli (1).pdf
2016-08-01 17:40 - 2016-08-01 17:40 - 00765143 _____ C:\Users\Cecko\Downloads\OLUDospeli.pdf
2016-08-01 17:10 - 2016-08-01 18:36 - 777962956 _____ C:\Users\Cecko\Downloads\Polednice-2016-cz.avi
2016-07-27 01:36 - 2016-07-27 01:44 - 00000000 ____D C:\Users\Cecko\Documents\Bandicam
2016-07-27 01:36 - 2016-07-27 01:36 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\BANDISOFT
2016-07-27 01:36 - 2016-07-27 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2016-07-27 01:36 - 2016-07-27 01:36 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2016-07-27 01:27 - 2016-07-27 01:28 - 15675616 _____ (Bandisoft) C:\Users\Cecko\Downloads\bdcamsetup.exe
2016-07-26 14:38 - 2016-07-26 14:40 - 00000000 ____D C:\Users\Cecko\Documents\Mixcraft Projects
2016-07-26 14:30 - 2016-07-26 14:30 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\SynthMaker
2016-07-26 14:27 - 2016-07-26 14:27 - 00000814 _____ C:\Users\Cecko\Desktop\Mixcraft Pro Studio 7 (64-bit).lnk
2016-07-26 14:27 - 2016-07-26 14:27 - 00000814 _____ C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Mixcraft Pro Studio 7 (64-bit).lnk
2016-07-26 14:27 - 2016-07-26 14:27 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 7 (64-bit)
2016-07-26 14:27 - 2016-07-26 14:27 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\Acoustica
2016-07-26 14:26 - 2016-07-26 14:26 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-07-26 14:26 - 2016-07-26 14:26 - 00000000 ____D C:\Program Files (x86)\VST
2016-07-26 14:22 - 2016-07-26 14:26 - 00000000 ____D C:\ProgramData\Acoustica
2016-07-26 14:20 - 2016-07-26 14:20 - 00000000 ____D C:\Users\Cecko\Downloads\Acoustica-Mixcraft-Pro-Studio-7.1.277-+-Slovenčina-%2Fmarshal%2F
2016-07-25 11:41 - 2016-07-25 12:01 - 360631779 _____ C:\Users\Cecko\Downloads\Acoustica-Mixcraft-Pro-Studio-7.1.277-+-Slovenčina-%2Fmarshal%2F.zip
2016-07-25 08:50 - 2016-07-25 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-07-25 08:50 - 2016-07-25 08:50 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-07-25 08:45 - 2016-07-25 08:45 - 00001577 _____ C:\Users\Cecko\Documents\lukypunky.txt
2016-07-25 08:45 - 2016-07-25 08:45 - 00000026 _____ C:\Users\Cecko\Documents\nezapomen.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-24 03:52 - 2016-01-02 14:12 - 00000000 ____D C:\ProgramData\Gramblr
2016-08-24 03:51 - 2014-04-28 20:54 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\Skype
2016-08-24 03:50 - 2015-05-21 21:40 - 00000000 ____D C:\FRST
2016-08-24 03:46 - 2015-06-02 10:30 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-24 03:45 - 2014-07-25 16:25 - 00000000 ____D C:\AdwCleaner
2016-08-23 22:46 - 2015-06-02 10:30 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-23 19:59 - 2014-05-05 00:25 - 00000000 ____D C:\Users\Cecko\Documents\Camtasia Studio
2016-08-23 19:58 - 2015-07-21 12:56 - 00011264 _____ C:\Users\Cecko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-23 18:36 - 2016-07-16 14:40 - 00003052 _____ C:\Windows\System32\Tasks\Game_Booster_Startup
2016-08-23 18:32 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-23 18:32 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-23 18:27 - 2016-05-30 15:50 - 00000000 ____D C:\Users\Cecko\AppData\Local\LogMeIn Hamachi
2016-08-23 18:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-22 07:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-22 04:05 - 2014-10-19 01:07 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\vlc
2016-08-22 02:32 - 2014-04-29 04:28 - 00671734 _____ C:\Windows\system32\perfh005.dat
2016-08-22 02:32 - 2014-04-29 04:28 - 00142298 _____ C:\Windows\system32\perfc005.dat
2016-08-22 02:32 - 2009-07-14 07:13 - 01590850 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-22 02:27 - 2016-07-15 15:57 - 00000000 ____D C:\ProgramData\ProductData
2016-08-21 23:57 - 2014-07-15 23:38 - 00000000 ____D C:\Users\Cecko\Documents\DVDVideoSoft
2016-08-21 22:05 - 2016-01-02 14:12 - 00000000 ____D C:\Program Files\Gramblr
2016-08-21 01:38 - 2016-02-02 14:50 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-18 23:50 - 2014-05-10 17:48 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\uTorrent
2016-08-12 04:39 - 2009-07-14 04:34 - 00000749 _____ C:\Windows\win.ini
2016-08-07 20:05 - 2014-04-28 20:24 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-05 21:33 - 2016-03-11 13:43 - 00006157 _____ C:\Users\Cecko\Desktop\Filmy.txt
2016-08-05 16:11 - 2014-11-06 01:04 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1398709478
2016-08-05 15:43 - 2014-05-16 17:56 - 00000000 ____D C:\Users\Cecko\Downloads\Subs
2016-08-01 00:16 - 2016-05-30 16:21 - 00000000 ____D C:\Users\Cecko\Desktop\GPC
2016-07-28 22:41 - 2015-06-02 10:30 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 22:41 - 2015-06-02 10:30 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 16:39 - 2016-07-15 17:17 - 00000000 ____D C:\Users\Cecko\Documents\FIFA 11
2016-07-25 22:46 - 2016-07-19 14:27 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-07-25 22:46 - 2016-07-19 14:27 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-07-25 08:50 - 2016-07-19 14:26 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-07-25 08:44 - 2016-07-24 22:15 - 00000384 _____ C:\Users\Cecko\Documents\Z872.txt

==================== Files in the root of some directories =======

2015-07-21 12:56 - 2016-08-23 19:58 - 0011264 _____ () C:\Users\Cecko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-10 18:48 - 2015-02-04 07:05 - 0007607 _____ () C:\Users\Cecko\AppData\Local\Resmon.ResmonCfg
2016-02-18 19:17 - 2016-02-18 19:17 - 0000003 _____ () C:\Users\Cecko\AppData\Local\updater.log
2016-02-18 19:17 - 2016-02-18 19:17 - 0000424 _____ () C:\Users\Cecko\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
C:\Users\Cecko\AppData\Local\Temp\bdfilters.dll
C:\Users\Cecko\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Cecko\Desktop" je 531 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"c:\program files\ccleaner\ccleaner64.exe" /monitor [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"d:\programy\daemon tools lite\dtlite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter
"C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
C:\Users\Cecko\AppData\Roaming\ICQM\icq.exe -CU [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq
"C:\Programy\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
Re�im ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[Astronaut]

Jediná novinka posledních dní je "Geckofx"


# AdwCleaner v6.000 - Logfile created 24/08/2016 at 12:52:42
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-23.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Cecko - CECKO-PC
# Running from : C:\Users\Cecko\Desktop\adwcleaner_6.000 (1).exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Cecko\AppData\Local\Geckofx


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Conduit


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C10].txt - [6083 Bytes] - [23/08/2016 18:22:29]
C:\AdwCleaner\AdwCleaner[C11].txt - [1029 Bytes] - [24/08/2016 12:52:42]
C:\AdwCleaner\AdwCleaner[C1].txt - [7199 Bytes] - [14/02/2016 19:41:03]
C:\AdwCleaner\AdwCleaner[C24].txt - [3850 Bytes] - [15/10/2015 20:33:25]
C:\AdwCleaner\AdwCleaner[C25].txt - [2351 Bytes] - [27/12/2015 16:52:28]
C:\AdwCleaner\AdwCleaner[C26].txt - [1210 Bytes] - [14/01/2016 17:39:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [5045 Bytes] - [28/04/2016 23:00:13]
C:\AdwCleaner\AdwCleaner[C3].txt - [5170 Bytes] - [04/06/2016 07:40:15]
C:\AdwCleaner\AdwCleaner[C4].txt - [5055 Bytes] - [12/07/2016 10:17:38]
C:\AdwCleaner\AdwCleaner[C5].txt - [5194 Bytes] - [15/07/2016 16:04:20]
C:\AdwCleaner\AdwCleaner[C9].txt - [5904 Bytes] - [22/08/2016 02:23:57]
C:\AdwCleaner\AdwCleaner[R0].txt - [1244 Bytes] - [25/07/2014 16:26:00]
C:\AdwCleaner\AdwCleaner[R10].txt - [2990 Bytes] - [18/12/2014 04:35:07]
C:\AdwCleaner\AdwCleaner[R11].txt - [2208 Bytes] - [23/12/2014 20:24:30]
C:\AdwCleaner\AdwCleaner[R12].txt - [2372 Bytes] - [13/01/2015 21:47:50]
C:\AdwCleaner\AdwCleaner[R13].txt - [2495 Bytes] - [18/01/2015 21:26:59]
C:\AdwCleaner\AdwCleaner[R14].txt - [2642 Bytes] - [27/01/2015 21:45:29]
C:\AdwCleaner\AdwCleaner[R15].txt - [2764 Bytes] - [28/01/2015 21:27:40]
C:\AdwCleaner\AdwCleaner[R16].txt - [3175 Bytes] - [06/02/2015 10:33:19]
C:\AdwCleaner\AdwCleaner[R17].txt - [3228 Bytes] - [14/03/2015 19:46:25]
C:\AdwCleaner\AdwCleaner[R18].txt - [3202 Bytes] - [22/03/2015 21:53:30]
C:\AdwCleaner\AdwCleaner[R19].txt - [22906 Bytes] - [21/05/2015 20:50:57]
C:\AdwCleaner\AdwCleaner[R1].txt - [7654 Bytes] - [31/08/2014 21:51:18]
C:\AdwCleaner\AdwCleaner[R20].txt - [3457 Bytes] - [23/05/2015 04:33:15]
C:\AdwCleaner\AdwCleaner[R21].txt - [7992 Bytes] - [18/06/2015 16:19:00]
C:\AdwCleaner\AdwCleaner[R22].txt - [3817 Bytes] - [14/07/2015 15:48:43]
C:\AdwCleaner\AdwCleaner[R23].txt - [3876 Bytes] - [14/07/2015 16:04:49]
C:\AdwCleaner\AdwCleaner[R2].txt - [1558 Bytes] - [14/09/2014 21:31:39]
C:\AdwCleaner\AdwCleaner[R3].txt - [1243 Bytes] - [28/09/2014 02:03:54]
C:\AdwCleaner\AdwCleaner[R4].txt - [1624 Bytes] - [11/10/2014 22:58:32]
C:\AdwCleaner\AdwCleaner[R5].txt - [1684 Bytes] - [17/10/2014 23:05:00]
C:\AdwCleaner\AdwCleaner[R6].txt - [1620 Bytes] - [26/10/2014 05:12:59]
C:\AdwCleaner\AdwCleaner[R7].txt - [1773 Bytes] - [28/10/2014 16:09:37]
C:\AdwCleaner\AdwCleaner[R8].txt - [2274 Bytes] - [13/11/2014 00:29:59]
C:\AdwCleaner\AdwCleaner[R9].txt - [2015 Bytes] - [27/11/2014 17:43:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [1304 Bytes] - [25/07/2014 16:27:13]
C:\AdwCleaner\AdwCleaner[S10].txt - [3027 Bytes] - [18/12/2014 04:43:20]
C:\AdwCleaner\AdwCleaner[S11].txt - [2232 Bytes] - [23/12/2014 20:27:08]
C:\AdwCleaner\AdwCleaner[S12].txt - [2396 Bytes] - [13/01/2015 21:49:36]
C:\AdwCleaner\AdwCleaner[S13].txt - [2518 Bytes] - [18/01/2015 21:29:15]
C:\AdwCleaner\AdwCleaner[S14].txt - [2665 Bytes] - [27/01/2015 21:48:19]
C:\AdwCleaner\AdwCleaner[S15].txt - [2787 Bytes] - [28/01/2015 21:29:00]
C:\AdwCleaner\AdwCleaner[S16].txt - [3172 Bytes] - [06/02/2015 10:35:24]
C:\AdwCleaner\AdwCleaner[S17].txt - [3260 Bytes] - [14/03/2015 19:48:29]
C:\AdwCleaner\AdwCleaner[S18].txt - [3232 Bytes] - [22/03/2015 21:58:39]
C:\AdwCleaner\AdwCleaner[S19].txt - [15444 Bytes] - [21/05/2015 20:52:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [14627 Bytes] - [31/08/2014 21:55:12]
C:\AdwCleaner\AdwCleaner[S20].txt - [3519 Bytes] - [23/05/2015 04:34:35]
C:\AdwCleaner\AdwCleaner[S21].txt - [6044 Bytes] - [18/06/2015 16:22:15]
C:\AdwCleaner\AdwCleaner[S22].txt - [3891 Bytes] - [14/07/2015 16:13:01]
C:\AdwCleaner\AdwCleaner[S25].txt - [3552 Bytes] - [15/10/2015 20:31:55]
C:\AdwCleaner\AdwCleaner[S26].txt - [2175 Bytes] - [27/12/2015 16:50:09]
C:\AdwCleaner\AdwCleaner[S27].txt - [1094 Bytes] - [14/01/2016 17:38:09]
C:\AdwCleaner\AdwCleaner[S28].txt - [5939 Bytes] - [22/08/2016 02:23:09]
C:\AdwCleaner\AdwCleaner[S29].txt - [5570 Bytes] - [22/08/2016 02:28:34]
C:\AdwCleaner\AdwCleaner[S2].txt - [6608 Bytes] - [14/09/2014 21:35:55]
C:\AdwCleaner\AdwCleaner[S30].txt - [6089 Bytes] - [23/08/2016 17:59:10]
C:\AdwCleaner\AdwCleaner[S31].txt - [5894 Bytes] - [24/08/2016 03:45:26]
C:\AdwCleaner\AdwCleaner[S32].txt - [5970 Bytes] - [24/08/2016 12:52:09]
C:\AdwCleaner\AdwCleaner[S3].txt - [6337 Bytes] - [28/09/2014 02:06:37]
C:\AdwCleaner\AdwCleaner[S4].txt - [6618 Bytes] - [11/10/2014 23:02:45]
C:\AdwCleaner\AdwCleaner[S5].txt - [6804 Bytes] - [17/10/2014 23:12:18]
C:\AdwCleaner\AdwCleaner[S6].txt - [1596 Bytes] - [26/10/2014 05:31:24]
C:\AdwCleaner\AdwCleaner[S7].txt - [1790 Bytes] - [28/10/2014 18:06:18]
C:\AdwCleaner\AdwCleaner[S8].txt - [2304 Bytes] - [13/11/2014 00:33:29]
C:\AdwCleaner\AdwCleaner[S9].txt - [2039 Bytes] - [27/11/2014 17:46:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C11].txt - [5816 Bytes] ##########

[Rudy]

Dejte nový log FRST.

[Astronaut]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Cecko (administrator) on CECKO-PC (25-08-2016 03:40:18)
Running from C:\Users\Cecko\Desktop
Loaded Profiles: Cecko (Available Profiles: Cecko)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files\Gramblr\gramblr.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Razer Inc.) D:\Programy\Razer\Razer Game Booster\RzKLService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(LULU SOFTWARE LIMITED) D:\Programy\Soda PDF 3D Reader\creator-ws.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) D:\Programy\Microsoft Office\Office12\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(forum.viry.cz) C:\Users\Cecko\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [GrooveMonitor] => d:\programy\microsoft office\office12\groovemonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\...\Run: [Xvid] => C:\Programy\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\...\Run: [HotkeyP] => C:\Users\Cecko\Downloads\hotkeyp\HotkeyP.exe [147456 2012-11-20] (Petr Laštovička)
HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\...\MountPoints2: {e4284d93-de05-11e3-9b84-b8ac6f55ccb5} - G:\Setup.now.exe
Startup: C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk [2015-01-05]
ShortcutTarget: MultiSkypeLauncher.lnk -> D:\Programy\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
Startup: C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-08-09]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> D:\Programy\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2153277708-1227587191-2765475175-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555
Hosts: 127.0.0.1 nlsk.neulion.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{610AFE7D-7EF5-4778-91A3-B1E3904A5AC9}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C5112575-C41F-401D-9812-E71002D93DF1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-30] (Oracle Corporation)
BHO-x32: Soda PDF 3D Reader Helper -> {841263D3-B7F7-42B7-9C72-0959BDBEC346} -> D:\Programy\Soda PDF 3D Reader\creator-ie-helper.dll [2015-03-06] (LULU SOFTWARE LIMITED)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-30] (Oracle Corporation)
Toolbar: HKLM-x32 - Soda PDF 3D Reader Toolbar - {4DB8FC50-B206-44B3-9B28-442F326056B9} - D:\Programy\Soda PDF 3D Reader\creator-ie-plugin.dll [2015-03-06] (LULU SOFTWARE LIMITED)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programy\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-06-29] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2153277708-1227587191-2765475175-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cecko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2153277708-1227587191-2765475175-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-06-29] (Pando Networks)
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\7Vz@A0yUTx.com [2016-08-21] [not signed]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\artur.dubovoy@gmail.com [2016-08-21]
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\d2@1S0XPfEf6.edu [2016-08-21] [not signed]
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\h@Gol2yQF.net [2016-08-21] [not signed]
FF Extension: bestadblocker - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\NCg6F@cl.net [2016-08-21] [not signed]
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\NK0c@Sie2FyD.edu [2016-08-21] [not signed]
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\u1qav@3kcnp.com [2016-08-21] [not signed]
FF Extension: UniDeals - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\uAn3@r.edu [2016-08-21] [not signed]
FF Extension: Adblock Plus - C:\Users\Cecko\AppData\Roaming\Mozilla\Firefox\Profiles\tinxjr3p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_3d_reader@sodapdf.com] - D:\Programy\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension
FF Extension: Soda PDF 3D Reader Creator - D:\Programy\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension [2015-11-09] [not signed]
StartMenuInternet: FIREFOX.EXE - C:\Programy\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (The Great Suspender) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-10-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Cecko\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-04-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10081872 2016-08-21] () [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-12-19] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [864464 2015-12-19] (AnchorFree Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-27] (IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
S3 LULU Software CrashHandler; D:\Programy\Soda PDF 3D Reader\crash-handler-ws.exe [784152 2015-03-06] (LULU SOFTWARE LIMITED)
S3 Microsoft Office Groove Audit Service; D:\Programy\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
R2 RzKLService; D:\Programy\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
S3 Soda PDF 3D Reader; D:\Programy\Soda PDF 3D Reader\ws.exe [1860888 2015-03-06] (LULU SOFTWARE LIMITED)
R2 Soda PDF 3D Reader Creator; D:\Programy\Soda PDF 3D Reader\creator-ws.exe [623384 2015-03-06] (LULU SOFTWARE LIMITED)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-31] (Dell Computer Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-10-12] (Anchorfree Inc.)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 03:40 - 2016-08-25 03:41 - 00014495 _____ C:\Users\Cecko\Desktop\FRST.txt
2016-08-24 15:26 - 2016-08-24 15:26 - 86074935 _____ C:\Users\Cecko\Downloads\Plná Srbská a výhra se Spartou - taková byla domácí rozlučka se sezonou!.mp4
2016-08-24 12:50 - 2016-08-24 12:50 - 03784256 _____ C:\Users\Cecko\Desktop\adwcleaner_6.000 (1).exe
2016-08-24 03:58 - 2016-08-24 03:58 - 00006110 _____ C:\Users\Cecko\Desktop\Addition.rar
2016-08-24 03:48 - 2016-08-24 03:48 - 00112640 _____ (forum.viry.cz) C:\Users\Cecko\Downloads\Nepotvrzeno 483017.crdownload
2016-08-24 03:48 - 2016-08-24 03:48 - 00112640 _____ (forum.viry.cz) C:\Users\Cecko\Desktop\FRSTLauncher.exe
2016-08-24 03:47 - 2016-08-24 03:47 - 02396672 _____ (Farbar) C:\Users\Cecko\Desktop\FRST64.exe
2016-08-24 01:09 - 2016-08-24 01:10 - 448396392 _____ C:\Users\Cecko\Downloads\Všechnopárty — Petr Čtvrtníček — Tomáš Klus — Josef Alois Náhlovský 15.8.2015 HD.mp4
2016-08-24 01:09 - 2016-08-24 01:09 - 00000000 ____D C:\Users\Cecko\Documents\sestřih
2016-08-23 18:35 - 2016-08-23 18:35 - 00000329 _____ C:\Users\Cecko\Desktop\MyScript2.ahk
2016-08-23 17:50 - 2016-08-23 17:50 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-08-23 17:50 - 2016-08-23 17:50 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-08-23 17:50 - 2016-08-23 17:50 - 00002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk
2016-08-23 17:50 - 2016-08-23 17:50 - 00002037 _____ C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Маrtinа Ваlоgоvá - Маt dámоu - YоuТubе.lnk
2016-08-23 17:50 - 2016-08-23 17:50 - 00002029 _____ C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2016-08-22 21:48 - 2016-08-23 17:49 - 00000000 ____D C:\Users\Cecko\Downloads\HaxBall Window v1.0 (1)
2016-08-22 21:47 - 2016-08-22 21:47 - 07539442 _____ C:\Users\Cecko\Downloads\HaxBall Window v1.0 (1).rar
2016-08-22 20:28 - 2016-08-22 21:08 - 714923008 _____ C:\Users\Cecko\Downloads\Curse-of-the-Blair-Witch-avi.-eng.avi
2016-08-22 07:36 - 2016-08-22 07:35 - 529870571 ____N C:\Users\Cecko\Desktop\20160822_073053.mp4
2016-08-22 04:07 - 2016-08-22 05:09 - 392797965 _____ C:\Users\Cecko\Documents\Mongol.mp4
2016-08-22 04:05 - 2016-08-22 05:19 - 00385600 _____ C:\Users\Cecko\Documents\out.CT(1).mpeg.sfk
2016-08-22 04:03 - 2016-08-22 04:04 - 121366408 _____ C:\Users\Cecko\Documents\mongol.avi
2016-08-22 04:01 - 2016-08-22 04:01 - 00000779 _____ C:\Users\Cecko\Downloads\61924494877181399-pc (1).m3u8
2016-08-22 02:21 - 2016-08-22 02:21 - 03784256 _____ C:\Users\Cecko\Downloads\adwcleaner_6.000.exe
2016-08-22 02:18 - 2016-08-22 02:18 - 00000527 _____ C:\Users\Cecko\Documents\Mongol.txt
2016-08-21 23:58 - 2016-08-22 00:13 - 127584409 _____ C:\Users\Cecko\Documents\out.CT(1).mpeg
2016-08-21 23:32 - 2016-08-21 23:33 - 121366408 _____ C:\Users\Cecko\Documents\out.CT.mpeg
2016-08-21 23:22 - 2016-08-21 23:22 - 00000779 _____ C:\Users\Cecko\Downloads\61924494877181399-pc.m3u8
2016-08-20 22:05 - 2016-08-20 22:05 - 00000000 _____ C:\icon_4025115194
2016-08-20 22:05 - 2016-08-20 22:05 - 00000000 _____ C:\icon_3393301181
2016-08-10 01:49 - 2016-08-10 01:49 - 00088687 _____ C:\Users\Cecko\Downloads\Wet-Hot-American-Summer(0000257533).srt
2016-08-09 15:59 - 2016-08-09 15:59 - 00000000 ____D C:\Users\Cecko\Documents\Poznámkové bloky aplikace OneNote
2016-08-07 23:14 - 2016-08-07 23:14 - 00066905 _____ C:\Users\Cecko\Downloads\Taxi(0000272969).srt
2016-08-05 15:10 - 2016-08-05 15:51 - 733018112 _____ C:\Users\Cecko\Downloads\1933---Pobočník-Jeho-Výsosti.avi
2016-08-04 23:21 - 2016-08-04 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evrsoft First Page 2006
2016-08-04 23:21 - 2005-09-23 17:02 - 00887296 _____ (Kurt Senfer) C:\Windows\SysWOW64\KsDHTMLEDLib.ocx
2016-08-04 23:19 - 2016-08-04 23:20 - 09870032 _____ C:\Users\Cecko\Downloads\fp2006-final-3.00-setup.zip
2016-08-01 17:50 - 2016-08-01 17:50 - 00672795 _____ C:\Users\Cecko\Downloads\OLUDospeli (1).pdf
2016-08-01 17:40 - 2016-08-01 17:40 - 00765143 _____ C:\Users\Cecko\Downloads\OLUDospeli.pdf
2016-08-01 17:10 - 2016-08-01 18:36 - 777962956 _____ C:\Users\Cecko\Downloads\Polednice-2016-cz.avi
2016-07-27 01:36 - 2016-07-27 01:44 - 00000000 ____D C:\Users\Cecko\Documents\Bandicam
2016-07-27 01:36 - 2016-07-27 01:36 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\BANDISOFT
2016-07-27 01:36 - 2016-07-27 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2016-07-27 01:36 - 2016-07-27 01:36 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2016-07-27 01:27 - 2016-07-27 01:28 - 15675616 _____ (Bandisoft) C:\Users\Cecko\Downloads\bdcamsetup.exe
2016-07-26 14:38 - 2016-07-26 14:40 - 00000000 ____D C:\Users\Cecko\Documents\Mixcraft Projects
2016-07-26 14:30 - 2016-07-26 14:30 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\SynthMaker
2016-07-26 14:27 - 2016-07-26 14:27 - 00000814 _____ C:\Users\Cecko\Desktop\Mixcraft Pro Studio 7 (64-bit).lnk
2016-07-26 14:27 - 2016-07-26 14:27 - 00000814 _____ C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Mixcraft Pro Studio 7 (64-bit).lnk
2016-07-26 14:27 - 2016-07-26 14:27 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 7 (64-bit)
2016-07-26 14:27 - 2016-07-26 14:27 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\Acoustica
2016-07-26 14:26 - 2016-07-26 14:26 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2016-07-26 14:26 - 2016-07-26 14:26 - 00000000 ____D C:\Program Files (x86)\VST
2016-07-26 14:22 - 2016-07-26 14:26 - 00000000 ____D C:\ProgramData\Acoustica
2016-07-26 14:20 - 2016-07-26 14:20 - 00000000 ____D C:\Users\Cecko\Downloads\Acoustica-Mixcraft-Pro-Studio-7.1.277-+-Slovenčina-%2Fmarshal%2F

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 03:41 - 2016-01-02 14:12 - 00000000 ____D C:\ProgramData\Gramblr
2016-08-25 03:39 - 2015-05-21 21:40 - 00000000 ____D C:\FRST
2016-08-25 03:38 - 2016-05-30 15:50 - 00000000 ____D C:\Users\Cecko\AppData\Local\LogMeIn Hamachi
2016-08-25 03:36 - 2015-06-02 10:30 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-25 03:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-24 21:46 - 2015-06-02 10:30 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-24 21:10 - 2014-04-28 20:54 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\Skype
2016-08-24 16:02 - 2014-05-05 00:25 - 00000000 ____D C:\Users\Cecko\Documents\Camtasia Studio
2016-08-24 13:02 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-24 13:02 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-24 12:52 - 2014-07-25 16:25 - 00000000 ____D C:\AdwCleaner
2016-08-23 19:58 - 2015-07-21 12:56 - 00011264 _____ C:\Users\Cecko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-23 18:36 - 2016-07-16 14:40 - 00003052 _____ C:\Windows\System32\Tasks\Game_Booster_Startup
2016-08-22 07:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-22 04:05 - 2014-10-19 01:07 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\vlc
2016-08-22 02:32 - 2014-04-29 04:28 - 00671734 _____ C:\Windows\system32\perfh005.dat
2016-08-22 02:32 - 2014-04-29 04:28 - 00142298 _____ C:\Windows\system32\perfc005.dat
2016-08-22 02:32 - 2009-07-14 07:13 - 01590850 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-22 02:27 - 2016-07-15 15:57 - 00000000 ____D C:\ProgramData\ProductData
2016-08-21 23:57 - 2014-07-15 23:38 - 00000000 ____D C:\Users\Cecko\Documents\DVDVideoSoft
2016-08-21 22:05 - 2016-01-02 14:12 - 00000000 ____D C:\Program Files\Gramblr
2016-08-21 01:38 - 2016-02-02 14:50 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-18 23:50 - 2014-05-10 17:48 - 00000000 ____D C:\Users\Cecko\AppData\Roaming\uTorrent
2016-08-12 04:39 - 2009-07-14 04:34 - 00000749 _____ C:\Windows\win.ini
2016-08-07 20:05 - 2014-04-28 20:24 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-05 21:33 - 2016-03-11 13:43 - 00006157 _____ C:\Users\Cecko\Desktop\Filmy.txt
2016-08-05 16:11 - 2014-11-06 01:04 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1398709478
2016-08-05 15:43 - 2014-05-16 17:56 - 00000000 ____D C:\Users\Cecko\Downloads\Subs
2016-08-01 00:16 - 2016-05-30 16:21 - 00000000 ____D C:\Users\Cecko\Desktop\GPC
2016-07-28 22:41 - 2015-06-02 10:30 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 22:41 - 2015-06-02 10:30 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 16:39 - 2016-07-15 17:17 - 00000000 ____D C:\Users\Cecko\Documents\FIFA 11

==================== Files in the root of some directories =======

2015-07-21 12:56 - 2016-08-23 19:58 - 0011264 _____ () C:\Users\Cecko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-10 18:48 - 2015-02-04 07:05 - 0007607 _____ () C:\Users\Cecko\AppData\Local\Resmon.ResmonCfg
2016-02-18 19:17 - 2016-02-18 19:17 - 0000003 _____ () C:\Users\Cecko\AppData\Local\updater.log
2016-02-18 19:17 - 2016-02-18 19:17 - 0000424 _____ () C:\Users\Cecko\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
C:\Users\Cecko\AppData\Local\Temp\bdfilters.dll
C:\Users\Cecko\AppData\Local\Temp\libeay32.dll
C:\Users\Cecko\AppData\Local\Temp\msvcr120.dll
C:\Users\Cecko\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Cecko\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Cecko\Desktop" je 535 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"c:\program files\ccleaner\ccleaner64.exe" /monitor [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"d:\programy\daemon tools lite\dtlite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter
"C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
C:\Users\Cecko\AppData\Roaming\ICQM\icq.exe -CU [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq
"C:\Programy\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
Re�im ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\...\MountPoints2: {e4284d93-de05-11e3-9b84-b8ac6f55ccb5} - G:\Setup.now.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Cecko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Cecko\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Astronaut]

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Cecko (25-08-2016 17:03:50) Run:2
Running from C:\Users\Cecko\Desktop
Loaded Profiles: Cecko (Available Profiles: Cecko)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\...\MountPoints2: {e4284d93-de05-11e3-9b84-b8ac6f55ccb5} - G:\Setup.now.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Cecko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Cecko\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-2153277708-1227587191-2765475175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4284d93-de05-11e3-9b84-b8ac6f55ccb5}" => key removed successfully
HKCR\CLSID\{e4284d93-de05-11e3-9b84-b8ac6f55ccb5} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Cecko\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Users\Cecko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully

"C:\Users\Cecko\AppData\Local\Temp" folder move:

Could not move "C:\Users\Cecko\AppData\Local\Temp" => Scheduled to move on reboot.

[Rudy]

Smazáno. Nastala nějaká změna?

[Astronaut]

Dám tomu čas a dám kdyžtak vědět. Zatím to vypadá, že super.
Děkuju moc.

[Rudy]

OK, zartím není zač!