Sekání ntb

Zpráva

Poiu · #1 Příspěvek od **Poiu** » 23 zář 2016 20:01

Dobrý den, při prohlížení stránky, kde byla reklama s flash playerem, Windows Defender nahlásil vir/malware a dal ho karantény. Při dalším spuštění notebooku vyskočila hláška Defenderu, že probíhá čištění od malware.
Od té doby se mi notebook vždy na cca 15 minut sekne (myš funguje, ale programy nereagují), pak se rozejde na cca 1 minutu a pak se to zase opakuje. Přitom běží kontrola (tray ikona s vlaječkou a hodinami), ale i když kontrola po dlouhé době skončí, stejně se to seká, a za chvíli se kontrola spustí znovu.
Žádný antivir nemám (jen Windows Defender) a mám Windows 8.1.
Díky moc za Vaše rady.

#2 Příspěvek od **Rudy** » 23 zář 2016 20:10

Zdracvím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Poiu · #3 Příspěvek od **Poiu** » 23 zář 2016 21:14

Dobrý večer, děkuji, zasílám (doufám, že je to správně - vytvořený soubor FRST nešel otevřít - přístup odepřen, tak kopíruji data z FRST3):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by Martin (administrator) on SAMSUNG (23-09-2016 21:32:25)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Renier Crause) C:\Program Files (x86)\PopTray\PopTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\ib\olycamdetect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems) C:\Program Files (x86)\DynamicUSBTool\DynamicUSB.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-7c937493.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Olympus ib] => C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [96128 2012-02-02] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [223104 2011-08-30] (CyberLink Corp.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DynamicUSB] => C:\Program Files (x86)\DynamicUSBTool\DynamicUSB.exe [94208 2007-03-02] (Citrix Systems)
HKLM-x32\...\Run: [STO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [192512 2010-11-12] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe [397824 2010-11-12] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [5629720 2013-01-23] (Piriform Ltd)
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung)
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Fliqlo.scr [679936 2016-03-30] (ScreenTime Media)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk [2016-04-09]
ShortcutTarget: PopTray.lnk -> C:\Program Files (x86)\PopTray\PopTray.exe (Renier Crause)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0428706A-D724-4002-8CFA-0F92FA3EE332}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-3924631814-2070736627-2583747663-1001 -> DefaultScope {F66CFC56-A593-419D-BB84-F15C84A86258} URL =
SearchScopes: HKU\S-1-5-21-3924631814-2070736627-2583747663-1001 -> {F66CFC56-A593-419D-BB84-F15C84A86258} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll ()
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2016-09-23]
CHR Extension: (Prezentace Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-30]
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-30]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-30]
CHR Extension: (CloudCockpit Secure Logon) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dophmjgbpmiehjobemfhckfgdpnkphpe [2016-04-23]
CHR Extension: (Tabulky Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (Click&Clean) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-08-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3289448 2016-05-11] (Samsung Electronics Co., Ltd.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-03-26] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-03-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-03-24] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-03-25] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2016-03-26] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2016-03-26] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2016-03-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-23 21:32 - 2016-09-23 21:41 - 00018977 _____ C:\Users\Martin\Desktop\FRST.txt
2016-09-23 21:32 - 2016-09-23 21:32 - 00000000 ____D C:\FRST
2016-09-23 21:30 - 2016-09-23 21:30 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\FRSTLauncher.exe
2016-09-23 21:26 - 2016-09-23 21:26 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\Nepotvrzeno 277322.crdownload
2016-09-23 21:25 - 2016-09-23 21:25 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\Nepotvrzeno 164181.crdownload
2016-09-23 21:24 - 2016-09-23 21:24 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\Nepotvrzeno 690028.crdownload
2016-09-23 21:19 - 2016-09-23 21:19 - 02402816 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-09-20 21:12 - 2016-08-06 00:09 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-09-20 21:12 - 2016-08-06 00:02 - 00030400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-09-20 20:57 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-20 20:57 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-09-20 20:57 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe
2016-09-20 20:57 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-09-20 20:57 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-09-20 20:57 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe
2016-09-20 20:57 - 2016-08-27 18:33 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-09-20 20:57 - 2016-08-27 18:11 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-09-20 20:57 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-20 20:57 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-09-20 20:57 - 2016-08-25 22:50 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-09-20 20:57 - 2016-08-25 21:40 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-09-20 20:57 - 2016-08-21 00:24 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-09-20 20:57 - 2016-08-21 00:12 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-09-20 20:57 - 2016-08-13 02:05 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-09-20 20:57 - 2016-08-13 02:03 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys
2016-09-20 20:57 - 2016-08-13 02:02 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-09-20 20:57 - 2016-08-13 02:01 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-09-20 20:57 - 2016-08-13 00:35 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2016-09-20 20:57 - 2016-08-13 00:19 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-09-20 20:57 - 2016-08-12 23:47 - 15431168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-09-20 20:57 - 2016-08-12 23:17 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2016-09-20 20:57 - 2016-08-12 22:52 - 13317120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-09-20 20:57 - 2016-08-12 03:58 - 02315496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-09-20 20:57 - 2016-08-12 03:58 - 01946176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-09-20 20:57 - 2016-08-11 20:33 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys
2016-09-20 20:57 - 2016-08-11 20:33 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-09-20 20:57 - 2016-08-11 20:33 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys
2016-09-20 20:57 - 2016-08-11 19:17 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-09-20 20:57 - 2016-08-11 15:39 - 00445765 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-09-20 20:57 - 2016-08-11 07:46 - 00420184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-09-20 20:57 - 2016-08-03 17:42 - 01317888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-20 20:57 - 2016-08-03 17:36 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-09-20 20:57 - 2016-08-03 17:36 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-09-20 20:57 - 2016-08-03 17:33 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-09-20 20:57 - 2016-07-30 19:12 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-09-20 20:57 - 2016-07-30 18:36 - 02537472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-09-20 20:57 - 2016-07-26 15:40 - 00162850 _____ C:\WINDOWS\SysWOW64\C_932.NLS
2016-09-20 20:57 - 2016-07-26 15:40 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-09-20 20:57 - 2016-07-23 20:18 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-09-20 20:57 - 2016-07-23 20:12 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-09-17 07:22 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-09-17 07:22 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-09-17 07:22 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-09-17 07:21 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-17 07:21 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-09-17 07:21 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-09-17 07:21 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-09-17 07:21 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-09-17 07:21 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-09-17 07:21 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-09-17 07:21 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-17 07:21 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-09-17 07:21 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-09-17 07:21 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-09-17 07:21 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-17 07:21 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-09-17 07:21 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-17 07:21 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-09-17 07:21 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-17 07:21 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-17 07:21 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-17 07:21 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-17 07:21 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-17 07:21 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-17 07:21 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-09-17 07:21 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-09-17 07:21 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-17 07:21 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-09-17 07:21 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-09-17 07:21 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-17 07:21 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-09-17 07:21 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-17 07:21 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-09-17 07:20 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-17 07:20 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-09-17 07:20 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-17 07:20 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-17 07:20 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-17 07:20 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-17 07:20 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-17 07:20 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-09-17 07:20 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-17 07:20 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-09-17 07:20 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-09-17 07:20 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-17 07:20 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-17 07:20 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-17 07:20 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-17 07:20 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-17 07:20 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-17 07:20 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-17 07:20 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-09-17 07:20 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-09-17 07:20 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-09-17 07:19 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-17 07:19 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-17 07:19 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-09-14 18:43 - 2016-09-14 18:43 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxpfqzhq.sys
2016-09-06 05:40 - 2016-09-12 18:56 - 13542041 _____ C:\Users\Martin\Desktop\Tesco.pdf
2016-09-05 11:10 - 2016-09-05 11:10 - 00696900 _____ C:\Users\Martin\Desktop\Směny.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-23 21:45 - 2016-03-30 16:13 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-23 21:22 - 2016-03-30 16:13 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-23 21:20 - 2013-03-29 10:34 - 00000000 ____D C:\ProgramData\WinClon
2016-09-23 21:18 - 2016-03-30 16:02 - 00003970 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{539EE8A2-D867-4ED6-BBCA-093E520496C2}
2016-09-23 21:14 - 2016-04-09 12:15 - 00000000 ____D C:\Users\Martin\AppData\Local\Sidebar7
2016-09-22 19:01 - 2016-04-23 12:47 - 00000000 ____D C:\CitrixUSBStore
2016-09-22 18:18 - 2014-11-21 06:53 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-22 18:18 - 2014-11-21 06:10 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2016-09-22 18:18 - 2014-11-21 06:10 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2016-09-22 18:18 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-21 06:09 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-20 23:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-09-20 21:46 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-09-20 21:20 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-19 19:35 - 2013-08-22 16:44 - 00620432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-19 19:33 - 2016-03-26 12:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-19 19:33 - 2016-03-26 12:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-18 07:15 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-09-18 05:15 - 2016-03-25 08:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-18 04:02 - 2016-03-25 08:43 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-17 09:32 - 2016-03-24 20:04 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3924631814-2070736627-2583747663-1001
2016-09-17 09:19 - 2016-03-26 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-16 22:15 - 2016-03-26 20:16 - 00000000 ____D C:\Users\Martin
2016-09-16 21:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-16 21:56 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-16 21:55 - 2016-04-23 12:46 - 00000000 ____D C:\Users\Martin\AppData\Roaming\ICAClient
2016-09-16 21:50 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-16 19:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration
2016-09-15 05:43 - 2016-03-30 16:44 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-14 05:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-07 03:11 - 2016-07-14 06:07 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 03:11 - 2016-07-14 06:07 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-03-30 15:18 - 2016-03-30 15:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-29 10:22 - 2013-02-19 09:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-03-29 10:22 - 2013-01-12 16:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin\Desktop" je 16 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#4 Příspěvek od **Rudy** » 24 zář 2016 10:03

To je ten správný. Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Poiu · #5 Příspěvek od **Poiu** » 26 zář 2016 17:00

Dobrý den, zasílám log:

# AdwCleaner v6.020 - Log soubor vytvořen 26/09/2016 na 17:34:07
# Aktualizováno dne 14/09/2016 z ToolsLib
# Databáze : 2016-09-26.1 [Server]
# Operační systém : Windows 8.1 (X64)
# Uživatelské jméno : Martin - SAMSUNG
# Beží od : C:\Users\Martin\Desktop\adwcleaner_6.020.exe
# Mod: Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

***** [ Adresáře ] *****

[-] Adresář smazán:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Adresář smazán:C:\Program Files (x86)\myfree codec

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupce ] *****

***** [ Plánovač úloh ] *****

***** [ Registry ] *****

[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Klíč smazán:HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\Software\Myfree Codec
[-] Klíč smazán:HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Klíč smazán po restartování:HKCU\Software\Myfree Codec
[-] Klíč smazán:HKLM\SOFTWARE\Myfree Codec
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Klíč smazán po restartování:[x64] HKCU\Software\Myfree Codec
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1635 Bajtů] - [26/09/2016 17:34:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [2033 Bajtů] - [26/09/2016 17:26:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1783 Bajtů] ##########

#6 Příspěvek od **Rudy** » 26 zář 2016 17:05

Dejte nový log FRST.

Poiu · #7 Příspěvek od **Poiu** » 26 zář 2016 18:34

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016
Ran by Martin (administrator) on SAMSUNG (26-09-2016 18:41:46)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Renier Crause) C:\Program Files (x86)\PopTray\PopTray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\ib\olycamdetect.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems) C:\Program Files (x86)\DynamicUSBTool\DynamicUSB.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(forum.viry.cz) C:\Users\Martin\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Olympus ib] => C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [96128 2012-02-02] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [223104 2011-08-30] (CyberLink Corp.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DynamicUSB] => C:\Program Files (x86)\DynamicUSBTool\DynamicUSB.exe [94208 2007-03-02] (Citrix Systems)
HKLM-x32\...\Run: [STO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [192512 2010-11-12] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe [397824 2010-11-12] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [5629720 2013-01-23] (Piriform Ltd)
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung)
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Fliqlo.scr [679936 2016-03-30] (ScreenTime Media)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk [2016-04-09]
ShortcutTarget: PopTray.lnk -> C:\Program Files (x86)\PopTray\PopTray.exe (Renier Crause)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0428706A-D724-4002-8CFA-0F92FA3EE332}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-3924631814-2070736627-2583747663-1001 -> DefaultScope {F66CFC56-A593-419D-BB84-F15C84A86258} URL =
SearchScopes: HKU\S-1-5-21-3924631814-2070736627-2583747663-1001 -> {F66CFC56-A593-419D-BB84-F15C84A86258} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll ()
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2016-09-26]
CHR Extension: (Prezentace Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-30]
CHR Extension: (Dokumenty Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-30]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-30]
CHR Extension: (CloudCockpit Secure Logon) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dophmjgbpmiehjobemfhckfgdpnkphpe [2016-04-23]
CHR Extension: (Tabulky Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (Click&Clean) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-09-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3289448 2016-05-11] (Samsung Electronics Co., Ltd.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-03-26] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-03-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-03-24] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-03-25] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2016-03-26] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2016-03-26] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2016-03-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-26 18:41 - 2016-09-26 18:42 - 00018258 _____ C:\Users\Martin\Desktop\FRST.txt
2016-09-26 18:41 - 2016-09-26 18:41 - 00029696 _____ C:\Users\Martin\AppData\Local\MSGBOX.EXE
2016-09-26 18:41 - 2016-09-26 18:41 - 00015327 _____ C:\Users\Martin\Desktop\LM.bat
2016-09-26 18:25 - 2016-09-26 18:41 - 00000000 ____D C:\Users\Martin\Desktop\FRST-OlderVersion
2016-09-26 17:07 - 2016-09-26 17:34 - 00000000 ____D C:\AdwCleaner
2016-09-26 16:47 - 2016-09-26 16:50 - 03861056 _____ C:\Users\Martin\Desktop\adwcleaner_6.020.exe
2016-09-23 22:03 - 2016-09-23 22:03 - 00038294 _____ C:\Users\Martin\Desktop\FRST3.txt
2016-09-23 21:32 - 2016-09-26 18:41 - 00000000 ____D C:\FRST
2016-09-23 21:26 - 2016-09-23 21:26 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\Nepotvrzeno 277322.crdownload
2016-09-23 21:25 - 2016-09-23 21:25 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\Nepotvrzeno 164181.crdownload
2016-09-23 21:24 - 2016-09-23 21:24 - 00112640 _____ (forum.viry.cz) C:\Users\Martin\Desktop\Nepotvrzeno 690028.crdownload
2016-09-23 21:19 - 2016-09-26 18:25 - 02403328 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2016-09-20 21:12 - 2016-08-06 00:09 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-09-20 21:12 - 2016-08-06 00:02 - 00030400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-09-20 20:57 - 2016-08-27 21:44 - 22360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-20 20:57 - 2016-08-27 21:44 - 02755504 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-09-20 20:57 - 2016-08-27 21:44 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe
2016-09-20 20:57 - 2016-08-27 20:26 - 19789232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-09-20 20:57 - 2016-08-27 20:26 - 02411048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-09-20 20:57 - 2016-08-27 20:26 - 00113656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe
2016-09-20 20:57 - 2016-08-27 18:33 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-09-20 20:57 - 2016-08-27 18:11 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-09-20 20:57 - 2016-08-27 18:09 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-20 20:57 - 2016-08-27 17:55 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-09-20 20:57 - 2016-08-25 22:50 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-09-20 20:57 - 2016-08-25 21:40 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-09-20 20:57 - 2016-08-21 00:24 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-09-20 20:57 - 2016-08-21 00:12 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-09-20 20:57 - 2016-08-13 02:05 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-09-20 20:57 - 2016-08-13 02:03 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys
2016-09-20 20:57 - 2016-08-13 02:02 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-09-20 20:57 - 2016-08-13 02:01 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-09-20 20:57 - 2016-08-13 00:35 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2016-09-20 20:57 - 2016-08-13 00:19 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-09-20 20:57 - 2016-08-12 23:47 - 15431168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-09-20 20:57 - 2016-08-12 23:17 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2016-09-20 20:57 - 2016-08-12 22:52 - 13317120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-09-20 20:57 - 2016-08-12 03:58 - 02315496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-09-20 20:57 - 2016-08-12 03:58 - 01946176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-09-20 20:57 - 2016-08-11 20:33 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys
2016-09-20 20:57 - 2016-08-11 20:33 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-09-20 20:57 - 2016-08-11 20:33 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys
2016-09-20 20:57 - 2016-08-11 19:17 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-09-20 20:57 - 2016-08-11 15:39 - 00445765 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-09-20 20:57 - 2016-08-11 07:46 - 00420184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-09-20 20:57 - 2016-08-03 17:42 - 01317888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-20 20:57 - 2016-08-03 17:36 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-09-20 20:57 - 2016-08-03 17:36 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-09-20 20:57 - 2016-08-03 17:33 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-09-20 20:57 - 2016-07-30 19:12 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-09-20 20:57 - 2016-07-30 18:36 - 02537472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-09-20 20:57 - 2016-07-26 15:40 - 00162850 _____ C:\WINDOWS\SysWOW64\C_932.NLS
2016-09-20 20:57 - 2016-07-26 15:40 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-09-20 20:57 - 2016-07-23 20:18 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-09-20 20:57 - 2016-07-23 20:12 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-09-17 07:22 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-09-17 07:22 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-09-17 07:22 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-09-17 07:21 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-17 07:21 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-09-17 07:21 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-09-17 07:21 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-09-17 07:21 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-09-17 07:21 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-09-17 07:21 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-09-17 07:21 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-17 07:21 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-09-17 07:21 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-09-17 07:21 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-09-17 07:21 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-17 07:21 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-09-17 07:21 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-17 07:21 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-09-17 07:21 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-17 07:21 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-17 07:21 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-17 07:21 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-17 07:21 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-17 07:21 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-17 07:21 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-09-17 07:21 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-09-17 07:21 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-17 07:21 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-09-17 07:21 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-09-17 07:21 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-17 07:21 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-09-17 07:21 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-17 07:21 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-09-17 07:20 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-17 07:20 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-09-17 07:20 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-17 07:20 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-17 07:20 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-17 07:20 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-17 07:20 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-17 07:20 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-09-17 07:20 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-17 07:20 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-09-17 07:20 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-09-17 07:20 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-17 07:20 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-17 07:20 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-17 07:20 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-17 07:20 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-17 07:20 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-17 07:20 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-17 07:20 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-09-17 07:20 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-09-17 07:20 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-09-17 07:19 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-17 07:19 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-17 07:19 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-09-14 18:43 - 2016-09-14 18:43 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxpfqzhq.sys
2016-09-06 05:40 - 2016-09-12 18:56 - 13542041 _____ C:\Users\Martin\Desktop\Tesco.pdf
2016-09-05 11:10 - 2016-09-05 11:10 - 00696900 _____ C:\Users\Martin\Desktop\Směny.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-26 18:48 - 2016-04-09 12:15 - 00000000 ____D C:\Users\Martin\AppData\Local\Sidebar7
2016-09-26 18:45 - 2016-03-30 16:13 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-26 17:59 - 2013-03-29 10:34 - 00000000 ____D C:\ProgramData\WinClon
2016-09-26 17:48 - 2016-03-30 16:13 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-26 17:47 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-26 16:38 - 2016-03-30 16:02 - 00003970 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{539EE8A2-D867-4ED6-BBCA-093E520496C2}
2016-09-23 21:58 - 2016-03-30 17:34 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-22 19:01 - 2016-04-23 12:47 - 00000000 ____D C:\CitrixUSBStore
2016-09-22 18:18 - 2014-11-21 06:53 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-22 18:18 - 2014-11-21 06:10 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2016-09-22 18:18 - 2014-11-21 06:10 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2016-09-22 18:18 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-09-20 23:59 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-09-20 21:46 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-09-20 21:20 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-19 19:35 - 2013-08-22 16:44 - 00620432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-19 19:33 - 2016-03-26 12:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-19 19:33 - 2016-03-26 12:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-18 07:15 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-09-18 05:15 - 2016-03-25 08:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-18 04:02 - 2016-03-25 08:43 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-17 09:32 - 2016-03-24 20:04 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3924631814-2070736627-2583747663-1001
2016-09-17 09:19 - 2016-03-26 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-16 22:15 - 2016-03-26 20:16 - 00000000 ____D C:\Users\Martin
2016-09-16 21:56 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-16 21:56 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-16 21:55 - 2016-04-23 12:46 - 00000000 ____D C:\Users\Martin\AppData\Roaming\ICAClient
2016-09-16 21:50 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-16 19:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration
2016-09-15 05:43 - 2016-03-30 16:44 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-14 05:30 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-07 03:11 - 2016-07-14 06:07 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 03:11 - 2016-07-14 06:07 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-09-26 18:41 - 2016-09-26 18:41 - 0029696 _____ () C:\Users\Martin\AppData\Local\MSGBOX.EXE
2016-03-30 15:18 - 2016-03-30 15:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-03-29 10:22 - 2013-02-19 09:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-03-29 10:22 - 2013-01-12 16:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\libeay32.dll
C:\Users\Martin\AppData\Local\Temp\msvcr120.dll
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-19 20:00

==================== End of FRST.txt ============================

#8 Příspěvek od **Rudy** » 26 zář 2016 19:14

Otevřte poznámkový blok a zkopírujte do něj:

Start
SearchScopes: HKU\S-1-5-21-3924631814-2070736627-2583747663-1001 -> {F66CFC56-A593-419D-BB84-F15C84A86258} URL =
SearchScopes: HKU\S-1-5-21-3924631814-2070736627-2583747663-1001 -> DefaultScope {F66CFC56-A593-419D-BB84-F15C84A86258} URL =
C:\WINDOWS\system32\ApnDatabase.xml
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Users\Martin\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Poiu · #9 Příspěvek od **Poiu** » 27 zář 2016 04:17

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by Martin (26-09-2016 21:57:59) Run:1
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
SearchScopes: HKU\S-1-5-21-3924631814-2070736627-2583747663-1001 -> {F66CFC56-A593-419D-BB84-F15C84A86258} URL =
SearchScopes: HKU\S-1-5-21-3924631814-2070736627-2583747663-1001 -> DefaultScope {F66CFC56-A593-419D-BB84-F15C84A86258} URL =
C:\WINDOWS\system32\ApnDatabase.xml
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Users\Martin\AppData\Local\Temp
End
*****************

"HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F66CFC56-A593-419D-BB84-F15C84A86258}" => key removed successfully
HKCR\CLSID\{F66CFC56-A593-419D-BB84-F15C84A86258} => key not found.
HKU\S-1-5-21-3924631814-2070736627-2583747663-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\WINDOWS\system32\ApnDatabase.xml => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Martin\AppData\Local\Temp" folder move:

Could not move "C:\Users\Martin\AppData\Local\Temp" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-09-2016 22:04:53)

C:\Users\Martin\AppData\Local\Temp => moved successfully

==== End of Fixlog 22:04:54 ====

#10 Příspěvek od **Rudy** » 27 zář 2016 16:22

Smazáno. Nastala nějaká změna?

Poiu · #11 Příspěvek od **Poiu** » 28 zář 2016 07:22

Dobrý den, zatím to funguje v pořádku, nezasekává se.

Takže to bylo zavirováním?
Moc Vám děkuji za rychlou pomoc.

#12 Příspěvek od **Rudy** » 28 zář 2016 18:35

Bylo tam pár AdWarů a nějaké zbytečnosti. Nemáte zač!

VIRY.CZ

Sekání ntb

Sekání ntb

Re: Sekání ntb

Re: Sekání ntb

Re: Sekání ntb

Re: Sekání ntb

Re: Sekání ntb

Re: Sekání ntb

Re: Sekání ntb

Re: Sekání ntb

Re: Sekání ntb

Re: Sekání ntb

Re: Sekání ntb