Zpomalený pc- dlouhá odezva

[Hook_1hp]

Dobrý den, prosím Vás o kontrolu logů. PC je velmi pomalý (nebyl čištěný přes rok). Předem díky za pomoc.

Log FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2017
Ran by Toshiba (administrator) on TOSH (14-02-2017 07:34:36)
Running from C:\Users\Toshiba\Desktop
Loaded Profiles: Toshiba (Available Profiles: Toshiba)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26414208 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\Run: [Google Update] => C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\MountPoints2: {6ad94e18-4290-11e6-a4d4-00266c7c5f10} - F:\autorun.exe
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-12-31] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-21]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-21]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B8533C26-E6B1-4FED-95EA-A55F0DC1494F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=27368
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> DefaultScope {F5D6F02F-F53E-4A79-8855-3E209C76F8A2} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> 079B45E8534F983BE4F584287D046DFD URL = hxxp://www.zbozi.cz/?sourceid=quicksearch_6826&q={searchTerms}
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> 41A39C2DE31D958A4B89BABFF9DAA1B6 URL =
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> 7F01D70BFEFB934BA161B9AD8979F1FD URL = hxxp://videa.seznam.cz/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> A2B396AC96C168442F43A5113A588BAF URL = hxxp://www.firmy.cz/phr/{searchTerms}
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> F5C907575233E8D73E504F986286A271 URL = hxxp://www.mapy.cz/?sourceid=quicksearch_6826& ... earchTerms}
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {2F37C187-BEF3-4EAB-80AB-EA5297A43D98} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {4DF69133-72A6-4808-BC21-5AB08FBDCE48} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keyw ... nkCode=ur2
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {5D31D73E-3D80-45BC-A41E-E465884FB20E} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {8F578E91-1464-458C-9FBB-26B222EED7F6} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {B029E542-AE52-42A1-A8A3-C0E671CFA0C2} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {B172F16F-2868-426C-BC25-184CB9AD7B62} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {B384E0C5-F75F-4A6E-82B5-C5A61D33602F} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {E0D10DFF-E459-47D1-B0AD-E34FDFEDE9C7} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {E1BD3646-F74B-403F-8645-4F14AFA24831} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {F5D6F02F-F53E-4A79-8855-3E209C76F8A2} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-31] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-31] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-02] (<TOSHIBA>)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\9nhpqzea.default [2016-08-20]
FF Homepage: Mozilla\Firefox\Profiles\9nhpqzea.default -> hxxp://www.seznam.cz/?clid=6826
FF Extension: (Avira Browser Safety) - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\9nhpqzea.default\Extensions\abs@avira.com [2014-12-29] [not signed]
FF Extension: (Seznam lištička) - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\9nhpqzea.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-08-15]
FF Extension: (No Name) - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha5336\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1413\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha577\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3874\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home266\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6712\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7823\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha1603\ff [not found]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-808137394-3989240724-1605283320-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-808137394-3989240724-1605283320-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-808137394-3989240724-1605283320-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Toshiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-05] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.yandex.ru/?__PARAM__from=chromehp
CHR DefaultSearchURL: Default -> hxxp://yandex.ru/yandsearch?__PARAM__from=chromesearch&text={searchTerms}
CHR DefaultSearchKeyword: Default -> yandex.ru
CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms}
CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default [2017-02-14]
CHR Extension: (Dokumenty Google) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Volání přes Skype) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-08-25]
CHR Extension: (Avast Online Security) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-31]
StartMenuInternet: Google Chrome.TXZ3EZMFRXESRW2SL4IWG7NJV4 - C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-31] (AVAST Software)
S4 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-31] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-05-07] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-14 07:34 - 2017-02-14 07:35 - 00016129 _____ C:\Users\Toshiba\Desktop\FRST.txt
2017-02-14 07:34 - 2017-02-14 07:34 - 00000000 ____D C:\FRST
2017-02-14 07:33 - 2017-02-14 07:33 - 00025660 _____ C:\Users\Toshiba\Desktop\info.txt
2017-02-14 07:22 - 2017-02-14 07:22 - 02422272 _____ (Farbar) C:\Users\Toshiba\Desktop\FRST64.exe
2017-02-14 07:20 - 2017-02-14 07:21 - 00000000 ____D C:\rsit
2017-02-14 07:20 - 2017-02-14 07:21 - 00000000 ____D C:\Program Files\trend micro
2017-02-14 07:20 - 2017-02-14 07:20 - 01323520 _____ C:\Users\Toshiba\Desktop\RSITx64.exe
2017-02-14 07:18 - 2017-02-14 07:18 - 00008895 _____ C:\Users\Toshiba\Desktop\dds.txt
2017-02-14 07:18 - 2017-02-14 07:18 - 00003728 _____ C:\Users\Toshiba\Desktop\attach.txt
2017-02-14 07:13 - 2017-02-14 07:14 - 00688992 ____R (Swearware) C:\Users\Toshiba\Desktop\dds.exe
2017-02-14 07:10 - 2017-02-14 07:10 - 00003838 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409078827
2017-01-29 11:32 - 2017-01-29 11:32 - 00388452 _____ C:\Users\Toshiba\Downloads\vypoved-z-najmu-vzor.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-14 07:31 - 2013-09-18 08:44 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-14 07:14 - 2009-07-14 05:45 - 00016080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-14 07:14 - 2009-07-14 05:45 - 00016080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-14 07:11 - 2014-08-26 19:47 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-14 07:06 - 2014-12-31 11:29 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-02-14 07:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-12 10:46 - 2009-07-14 16:18 - 00623104 _____ C:\Windows\system32\perfh005.dat
2017-02-12 10:46 - 2009-07-14 16:18 - 00118996 _____ C:\Windows\system32\perfc005.dat
2017-02-12 10:46 - 2009-07-14 06:13 - 01447310 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-12 10:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-11 20:49 - 2016-02-25 22:22 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-07 17:02 - 2014-12-20 20:03 - 00002386 _____ C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-28 21:58 - 2012-04-12 16:37 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\SoftGrid Client
2017-01-28 13:47 - 2015-07-25 14:50 - 00000000 ___SD C:\Users\Toshiba\AppData\LocalLow\Temp

==================== Files in the root of some directories =======

2014-08-27 19:23 - 2014-08-27 19:23 - 0000029 _____ () C:\Users\Toshiba\AppData\Roaming\msjfecf.dat
2014-08-19 16:54 - 2014-08-19 16:54 - 0009488 _____ () C:\Users\Toshiba\AppData\Roaming\msjnhtjj.dat
2014-08-27 19:23 - 2014-08-27 19:23 - 0008342 _____ () C:\Users\Toshiba\AppData\Roaming\mslcoh.dat
2014-08-19 16:54 - 2014-08-26 20:54 - 0000028 _____ () C:\Users\Toshiba\AppData\Roaming\msrccbr.dat
2014-06-18 00:29 - 2014-06-18 00:29 - 0007602 _____ () C:\Users\Toshiba\AppData\Local\Resmon.ResmonCfg
2013-07-12 13:49 - 2013-07-12 13:49 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-09-06 12:49 - 2013-09-06 12:49 - 0064604 ____T (Microsoft Corporation) C:\ProgramData\wlwlbngla.pzz

Some files in TEMP:
====================
2017-01-26 18:05 - 2017-01-26 18:05 - 0000000 _____ () C:\Users\Toshiba\AppData\Local\Temp\GUR3DE9.exe
2016-08-20 16:04 - 2016-08-11 12:33 - 5168856 _____ (Mail.Ru) C:\Users\Toshiba\AppData\Local\Temp\MailRuUpdater.exe
2016-08-20 16:17 - 2016-08-20 16:17 - 1972224 _____ (BitTorrent Inc.) C:\Users\Toshiba\AppData\Local\Temp\utt1393.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-12 10:49

==================== End of FRST.txt ============================

[Hook_1hp]

Log RSIT:

Logfile of random's system information tool 1.14 (written by random/random)
Run by Toshiba at 2017-02-14 07:20:50
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 53 GB (35%) free of 152 GB
Total RAM: 3964 MB (65% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:21:09, on 14.2.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.56\opera_crashreporter.exe
C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
C:\Program Files\trend micro\Toshiba_RSITx64.exe
C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=27368
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8100 bytes

======Enumerating Processes======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\41.0.2353.56\opera_crashreporter.exe" --ran-launcher --crash-reporter-parent-id=1172
"C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe" --type=gpu-process --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=off --crash-reporter-pid=2992 --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,12,14,15,16,19,33,50,59 --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2086 --gpu-driver-date=2-20-2010 --gpu-secondary-vendor-ids=0x8086 --gpu-secondary-device-ids=0x2a43 --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=off --crash-reporter-pid=2992 --mojo-application-channel-token=773850190AA4D4384A1513D30BB27129 --mojo-platform-channel-handle=1156 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --primordial-pipe-token=028378C8D7BADD75E51B94139E13C674 --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=off --crash-reporter-pid=2992 --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --mojo-application-channel-token=028378C8D7BADD75E51B94139E13C674 --channel="1172.6.574647480\1807487021" --mojo-platform-channel-handle=2236 /prefetch:1
"C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --primordial-pipe-token=84F5568117D715C2A506957B8E67EB6D --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=off --crash-reporter-pid=2992 --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --mojo-application-channel-token=84F5568117D715C2A506957B8E67EB6D --channel="1172.8.107251064\2109114523" --mojo-platform-channel-handle=1952 /prefetch:1
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Toshiba\Desktop\RSITx64.exe"
"C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --primordial-pipe-token=8EDBFF23661AAB7CC6A3EB72BDC7A07F --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --with-feature:installer-support-x64-download=off --crash-reporter-pid=2992 --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --mojo-application-channel-token=8EDBFF23661AAB7CC6A3EB72BDC7A07F --channel="1172.33.216636866\1167003873" --mojo-platform-channel-handle=5344 /prefetch:1

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\ConfigFree Startup Programs - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\tasks\Google Update - C:\Users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-808137394-3989240724-1605283320-1000Core - C:\Users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-808137394-3989240724-1605283320-1000UA - C:\Users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1409078827 - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\SidebarExecute - C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Windows\system32\tasks\{003936D3-A951-4F2F-AC92-62AE120435EF} - C:\Program Files (x86)\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe
C:\Windows\system32\tasks\{52224676-DCAA-40FE-86D5-9A1E43CD3EFF} - C:\Users\Toshiba\Desktop\dyna\DYNA.EXE
C:\Windows\system32\tasks\{A8C7C7F6-4665-4DBD-AD7D-504FF82B2D2D} - C:\Program Files (x86)\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe
C:\Windows\system32\tasks\{AD7C0A23-F198-468B-8F2D-61981F0BC0DE} - C:\Users\Toshiba\Desktop\dyna\DYNA.EXE
C:\Windows\system32\tasks\{DD40C1AA-D4E1-433A-A45E-79F2BBD80105} - "c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.14.0.104/cs/ ... rogressBar
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-808137394-3989240724-1605283320-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs

=========Google Chrome=========

C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension aminlpmkfcdibgpgfajlgnamicjckkjf 2 Поиск Яндекса 1.0.3
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blakpkgjpemejpbmfiglncklihnhjkij 1 Volání přes Skype 0.0.0.26
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo
Extension coobgpohoikkiipiblmjeljniedjpjpf
Extension dljndemlaopjkhneemlebbldodokcoee
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension fheoggkfdfchfphceeifdbepaooicaho 2 SiteAdvisor 3.65.135.1
Extension flliilndjeohchalpbbcdekjklbdgfkk 2 Avira Browser Safety 1.4.3
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension higmeeehobepgmnoknimjpgalchibalf
Extension jdkihdhlegcdggknokfekoemkjjnjhgi 2 Стартовая — Яндекс 1.0.3
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lceaofbmdppmfekebdichndbhofaflja
Extension lifbcibllhkdhoafpjfnlhfpfgnpldfl 2 Skype Click to Call 7.3.16540.9015
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pafkbggdmjlpgkdkcbjmhmfcdpncadgh Google Now 1.2.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: http://www.seznam.cz/?clid=6826
default_search_provider.search_url:
C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-31 705448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-31 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-02 529784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392]
"FAHConsole"=C:\Program Files\File Association Helper\FAHConsole.exe [2014-01-28 729272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-06-29 26414208]
"Google Update"=C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [2016-12-17 601752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-03-30 5227648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-02-14 07:20:50 ----D---- C:\Program Files\trend micro
2017-02-14 07:20:48 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2017-02-14 07:20:56 ----D---- C:\Windows\Temp
2017-02-14 07:20:50 ----RD---- C:\Program Files
2017-02-14 07:11:09 ----D---- C:\Program Files (x86)\Opera
2017-02-14 07:10:43 ----D---- C:\Windows\system32\Tasks
2017-02-12 10:46:58 ----D---- C:\Windows\System32
2017-02-12 10:46:58 ----D---- C:\Windows\inf
2017-02-12 10:46:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-01-28 21:58:20 ----D---- C:\Users\Toshiba\AppData\Roaming\SoftGrid Client
2017-01-18 18:05:10 ----D---- C:\Windows\system32\catroot2
2017-01-17 20:14:08 ----D---- C:\Windows\Prefetch

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-31 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-31 267632]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-07 408600]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-05-07 834544]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-31 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-31 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-31 436624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-31 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-31 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-31 116728]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-11-06 1550848]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-01-18 717368]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-02-20 10300800]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
R3 SynTP;Synaptics Pointing Device Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-01 232992]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 36352]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-31 50344]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10 270936]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-12-28 114688]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
S4 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S4 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
S4 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]

-----------------EOF-----------------

[Hook_1hp]

Log dds:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Toshiba at 7:14:53 on 2017-02-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3964.2625 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.56\opera_crashreporter.exe
C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/?clid=27368
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B8533C26-E6B1-4FED-95EA-A55F0DC1494F} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B8533C26-E6B1-4FED-95EA-A55F0DC1494F}\05968756C613 : DHCPNameServer = 192.168.11.254 81.19.10.34
TCP: Interfaces\{B8533C26-E6B1-4FED-95EA-A55F0DC1494F}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{B8533C26-E6B1-4FED-95EA-A55F0DC1494F}\4656661657C647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B8533C26-E6B1-4FED-95EA-A55F0DC1494F}\6516E65637B616 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B8533C26-E6B1-4FED-95EA-A55F0DC1494F}\E416E697F5E65647 : DHCPNameServer = 10.0.0.138
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-12-31 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-12-31 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-12-31 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-12-31 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-12-31 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-12-31 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-12-31 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-31 50344]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-4-21 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-5-30 35008]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-28 114688]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-21 232992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-12-28 59392]
.
=============== File Associations ===============
.
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-02-14 06:11:36 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFAF3986-72F8-4B49-917C-B8CE7B27FFD3}\offreg.dll
.
==================== Find3M ====================
.
2017-01-10 18:32:00 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-01-10 18:32:00 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 7:18:19,76 ===============

[altrok]

Krasny den Vam preju


Pokud je Vas log dlouhy a nevejde se do jednoho prispevku (je delsi nez 100.000 znaku), pridejte do nazvu tematu informaci o tom, ze je log dlouhy a je rozdelen do vice casti (napr. "virus, 3 posty"). Primarne resime temata bez odpovedi, takze ve Vasem pripade to vypada, ze se Vam jiz nektery z kolegu venuje a tema snadno zapadne.


V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

• spuste dvojklikem a extrahujte na plochu
• kliknete na Next
• aktualizujte virovou databazi klikem na Update a pokracujte na Next
• vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 20 minut)
• zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
• kliknete na Cleanup a souhlaste s restartem - Yes
• obsah logu ulozene na plose v mbar\mbar-log-2016-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

[Hook_1hp]

Zdraví, vkládám log:


Dekuji

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2017.02.14.05
rootkit: v2017.02.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Toshiba :: TOSH [administrator]

14.2.2017 14:39:26
mbar-log-2017-02-14 (14-39-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 293263
Time elapsed: 42 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Windows\SysWOW64\lcpmncblyko.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [cb122b77d0d84fe7d314d9e457a9f60a]
C:\Windows\SysWOW64\dcgmncblyko.exe (Trojan.BitCoinMiner) -> Delete on reboot. [eeef386ac6e22d09ff62343752b0c13f]
C:\ProgramData\wlwlbngla.pzz (Trojan.FakeMS.ED) -> Delete on reboot. [d5085151a206db5b9e04670022df8e72]
C:\ProgramData\Windows Genuine Advantage\{2717258F-B642-40FB-A71A-FFA1E5F939F4}\msiexec.exe (Trojan.Agent.ED) -> Delete on reboot. [fbe21f83bdeb4beb2815ff83da27c838]
C:\ProgramData\Windows Genuine Advantage\{51BEF53F-5EF2-45F6-8E2F-28B163AE8810}\msiexec.exe (Trojan.Agent.ED) -> Delete on reboot. [fde0aff3238523136797e0a169980df3]
C:\Users\Toshiba\AppData\Roaming\OKXYYoIy\RiQfZtYL\hbgKMrEC\migUjkZgr.exe (Trojan.Agent.ED) -> Delete on reboot. [edf08b17317762d485b8176b68999070]
C:\Windows\inf\ntvdm.inf (Trojan.Agent.Trace) -> Delete on reboot. [ca13ced46840bf77e6438215798abb45]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[altrok]

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan (Skenovani), pote na Clean (Cisteni)
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

[Hook_1hp]

Dobrý den, vkládám log. Děkuji

# AdwCleaner v6.043 - Log vytvořen 15/02/2017 v 06:59:47
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-13.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Toshiba - TOSH
# Spuštěno z : C:\Users\Toshiba\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\Toshiba\AppData\Local\10086
[-] Složka smazána: C:\ProgramData\Mail.Ru
[#] Složka smazána po restartu: C:\ProgramData\Application Data\Mail.Ru
[-] Složka smazána: C:\Program Files (x86)\Mail.Ru


***** [ Soubory ] *****

[-] Soubor smazán: C:\Program Files (x86)\Common Files\config\uninstinethnfd.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-808137394-3989240724-1605283320-1000\Software\Conduit
[-] Klíč smazán: HKU\S-1-5-21-808137394-3989240724-1605283320-1000\Software\PRODUCTSETUP
[-] Klíč smazán: HKU\S-1-5-21-808137394-3989240724-1605283320-1000\Software\Mail.Ru
[-] Klíč smazán: HKU\S-1-5-21-808137394-3989240724-1605283320-1000\Software\Amigo
[-] Klíč smazán: HKU\S-1-5-21-808137394-3989240724-1605283320-1000\Software\csastats
[-] Klíč smazán: HKU\S-1-5-21-808137394-3989240724-1605283320-1000\Software\GotClip Downloader
[-] Klíč smazán: HKU\S-1-5-21-808137394-3989240724-1605283320-1000\Software\AppDataLow\Software\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\Mail.Ru
[#] Klíč smazán po restartu: HKCU\Software\Amigo
[#] Klíč smazán po restartu: HKCU\Software\csastats
[#] Klíč smazán po restartu: HKCU\Software\GotClip Downloader
[#] Klíč smazán po restartu: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klíč smazán: HKLM\SOFTWARE\Mail.Ru
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: [x64] HKCU\Software\Mail.Ru
[#] Klíč smazán po restartu: [x64] HKCU\Software\Amigo
[#] Klíč smazán po restartu: [x64] HKCU\Software\csastats
[#] Klíč smazán po restartu: [x64] HKCU\Software\GotClip Downloader
[#] Klíč smazán po restartu: [x64] HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Prohlížeče ] *****

[-] [C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: aminlpmkfcdibgpgfajlgnamicjckkjf
[-] [C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: jdkihdhlegcdggknokfekoemkjjnjhgi


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3537 Bajty] - [15/02/2017 06:59:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [3646 Bajty] - [15/02/2017 06:58:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3683 Bajty] ##########

[altrok]

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

[Hook_1hp]

Zdravím, vlkádám log. děkuji


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017
Ran by Toshiba (administrator) on TOSH (15-02-2017 12:51:41)
Running from C:\Users\Toshiba\Desktop
Loaded Profiles: Toshiba (Available Profiles: Toshiba)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26414208 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\Run: [Google Update] => C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.) <===== ATTENTION
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\MountPoints2: {6ad94e18-4290-11e6-a4d4-00266c7c5f10} - F:\autorun.exe
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-12-31] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-21]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-04-21]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B8533C26-E6B1-4FED-95EA-A55F0DC1494F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=27368
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> DefaultScope {F5D6F02F-F53E-4A79-8855-3E209C76F8A2} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> 079B45E8534F983BE4F584287D046DFD URL = hxxp://www.zbozi.cz/?sourceid=quicksearch_6826&q={searchTerms}
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> 41A39C2DE31D958A4B89BABFF9DAA1B6 URL =
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> 7F01D70BFEFB934BA161B9AD8979F1FD URL = hxxp://videa.seznam.cz/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> A2B396AC96C168442F43A5113A588BAF URL = hxxp://www.firmy.cz/phr/{searchTerms}
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> F5C907575233E8D73E504F986286A271 URL = hxxp://www.mapy.cz/?sourceid=quicksearch_6826& ... earchTerms}
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {2F37C187-BEF3-4EAB-80AB-EA5297A43D98} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {4DF69133-72A6-4808-BC21-5AB08FBDCE48} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keyw ... nkCode=ur2
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {5D31D73E-3D80-45BC-A41E-E465884FB20E} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {8F578E91-1464-458C-9FBB-26B222EED7F6} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {B029E542-AE52-42A1-A8A3-C0E671CFA0C2} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {B172F16F-2868-426C-BC25-184CB9AD7B62} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {B384E0C5-F75F-4A6E-82B5-C5A61D33602F} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {E0D10DFF-E459-47D1-B0AD-E34FDFEDE9C7} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {E1BD3646-F74B-403F-8645-4F14AFA24831} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_27368
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> {F5D6F02F-F53E-4A79-8855-3E209C76F8A2} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_27368
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-31] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-31] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-02] (<TOSHIBA>)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\9nhpqzea.default [2016-08-20]
FF Homepage: Mozilla\Firefox\Profiles\9nhpqzea.default -> hxxp://www.seznam.cz/?clid=6826
FF Extension: (Avira Browser Safety) - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\9nhpqzea.default\Extensions\abs@avira.com [2014-12-29] [not signed]
FF Extension: (Seznam lištička) - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\9nhpqzea.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-08-15]
FF Extension: (No Name) - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha5336\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1413\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha577\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3874\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home266\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6712\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7823\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha1603\ff [not found]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-808137394-3989240724-1605283320-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-808137394-3989240724-1605283320-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-808137394-3989240724-1605283320-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Toshiba\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-05] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.seznam.cz/?clid=6826
CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default [2017-02-14]
CHR Extension: (Dokumenty Google) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Volání přes Skype) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-08-25]
CHR Extension: (Avast Online Security) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-31]
StartMenuInternet: Google Chrome.TXZ3EZMFRXESRW2SL4IWG7NJV4 - C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-31] (AVAST Software)
S4 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-31] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-05-07] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-15 12:50 - 2017-02-15 12:51 - 00016142 _____ C:\Users\Toshiba\Desktop\FRST.txt
2017-02-15 12:50 - 2017-02-15 12:50 - 00000921 _____ C:\Users\Toshiba\Desktop\Addition.txt
2017-02-15 12:47 - 2017-02-15 12:50 - 00000000 ____D C:\Users\Toshiba\Desktop\FRST-OlderVersion
2017-02-15 06:54 - 2017-02-15 06:59 - 00000000 ____D C:\AdwCleaner
2017-02-15 06:53 - 2017-02-15 06:53 - 04015056 _____ C:\Users\Toshiba\Desktop\adwcleaner_6.043.exe
2017-02-14 14:39 - 2017-02-14 21:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-14 14:39 - 2017-02-14 14:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-14 14:38 - 2017-02-14 14:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-14 14:38 - 2017-02-14 14:38 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-02-14 14:37 - 2017-02-14 17:42 - 00000000 ____D C:\Users\Toshiba\Desktop\mbar
2017-02-14 14:37 - 2017-02-14 14:38 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Toshiba\Desktop\mbar-1.09.3.1001.exe
2017-02-14 07:34 - 2017-02-15 12:51 - 00000000 ____D C:\FRST
2017-02-14 07:33 - 2017-02-14 07:33 - 00025660 _____ C:\Users\Toshiba\Desktop\info.txt
2017-02-14 07:22 - 2017-02-15 12:47 - 02422784 _____ (Farbar) C:\Users\Toshiba\Desktop\FRST64.exe
2017-02-14 07:20 - 2017-02-14 07:21 - 00000000 ____D C:\rsit
2017-02-14 07:20 - 2017-02-14 07:21 - 00000000 ____D C:\Program Files\trend micro
2017-02-14 07:20 - 2017-02-14 07:20 - 01323520 _____ C:\Users\Toshiba\Desktop\RSITx64.exe
2017-02-14 07:18 - 2017-02-14 07:18 - 00008895 _____ C:\Users\Toshiba\Desktop\dds.txt
2017-02-14 07:18 - 2017-02-14 07:18 - 00003728 _____ C:\Users\Toshiba\Desktop\attach.txt
2017-02-14 07:13 - 2017-02-14 07:14 - 00688992 ____R (Swearware) C:\Users\Toshiba\Desktop\dds.exe
2017-02-14 07:10 - 2017-02-14 07:10 - 00003838 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1409078827
2017-01-29 11:32 - 2017-01-29 11:32 - 00388452 _____ C:\Users\Toshiba\Downloads\vypoved-z-najmu-vzor.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-15 12:38 - 2013-09-18 08:44 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 12:38 - 2013-09-18 08:44 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-15 12:38 - 2012-09-30 17:33 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 12:38 - 2011-05-30 12:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 12:38 - 2009-07-14 16:18 - 00623104 _____ C:\Windows\system32\perfh005.dat
2017-02-15 12:38 - 2009-07-14 16:18 - 00118996 _____ C:\Windows\system32\perfc005.dat
2017-02-15 12:38 - 2009-07-14 06:13 - 01447310 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-15 12:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-15 12:37 - 2012-09-30 17:33 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-15 12:37 - 2011-05-30 12:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 07:12 - 2009-07-14 05:45 - 00016080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-15 07:12 - 2009-07-14 05:45 - 00016080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-15 07:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-14 21:22 - 2016-11-14 07:28 - 340665672 _____ C:\Windows\MEMORY.DMP
2017-02-14 21:22 - 2013-07-18 17:24 - 00000000 ____D C:\Windows\Minidump
2017-02-14 17:49 - 2014-12-31 11:29 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-02-14 17:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2017-02-14 07:11 - 2014-08-26 19:47 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-11 20:49 - 2016-02-25 22:22 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-07 17:02 - 2014-12-20 20:03 - 00002386 _____ C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-28 21:58 - 2012-04-12 16:37 - 00000000 ____D C:\Users\Toshiba\AppData\Roaming\SoftGrid Client
2017-01-28 13:47 - 2015-07-25 14:50 - 00000000 ___SD C:\Users\Toshiba\AppData\LocalLow\Temp

==================== Files in the root of some directories =======

2014-08-27 19:23 - 2014-08-27 19:23 - 0000029 _____ () C:\Users\Toshiba\AppData\Roaming\msjfecf.dat
2014-08-19 16:54 - 2014-08-19 16:54 - 0009488 _____ () C:\Users\Toshiba\AppData\Roaming\msjnhtjj.dat
2014-08-27 19:23 - 2014-08-27 19:23 - 0008342 _____ () C:\Users\Toshiba\AppData\Roaming\mslcoh.dat
2014-08-19 16:54 - 2014-08-26 20:54 - 0000028 _____ () C:\Users\Toshiba\AppData\Roaming\msrccbr.dat
2014-06-18 00:29 - 2014-06-18 00:29 - 0007602 _____ () C:\Users\Toshiba\AppData\Local\Resmon.ResmonCfg
2013-07-12 13:49 - 2013-07-12 13:49 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe


Some files in TEMP:
====================
2017-01-26 18:05 - 2017-01-26 18:05 - 0000000 _____ () C:\Users\Toshiba\AppData\Local\Temp\GUR3DE9.exe
2016-08-20 16:04 - 2016-08-11 12:33 - 5168856 _____ (Mail.Ru) C:\Users\Toshiba\AppData\Local\Temp\MailRuUpdater.exe
2016-08-20 16:17 - 2016-08-20 16:17 - 1972224 _____ (BitTorrent Inc.) C:\Users\Toshiba\AppData\Local\Temp\utt1393.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-12 10:49

==================== End of FRST.txt ============================

[altrok]

Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7



Po restartu dejte vedet, jak se PC chova.

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  File: C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
  HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\Run: [Google Update] => C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.) <===== ATTENTION
  HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
  HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\MountPoints2: {6ad94e18-4290-11e6-a4d4-00266c7c5f10} - F:\autorun.exe
  GroupPolicy: Restriction <======= ATTENTION
  GroupPolicy\User: Restriction <======= ATTENTION
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> 41A39C2DE31D958A4B89BABFF9DAA1B6 URL = 
  FF Extension: (No Name) - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha5336\ff [not found]
  FF Extension: (No Name) - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1413\ff [not found]
  FF Extension: (No Name) - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha577\ff [not found]
  FF Extension: (No Name) - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3874\ff [not found]
  FF Extension: (No Name) - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home266\ff [not found]
  FF Extension: (No Name) - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6712\ff [not found]
  FF Extension: (No Name) - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7823\ff [not found]
  FF Extension: (No Name) - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha1603\ff [not found]
  C:\Program Files (x86)\MediaPlayerV1
  C:\Program Files (x86)\MediaViewV1
  C:\Program Files (x86)\MediaWatchV1
  C:\Program Files (x86)\MediaBuzzV1
  C:\Program Files (x86)\RichMediaViewV1
  C:\Program Files (x86)\TrustMediaViewerV1
  2017-02-15 12:50 - 2017-02-15 12:51 - 00016142 _____ C:\Users\Toshiba\Desktop\FRST.txt
  2017-02-15 12:50 - 2017-02-15 12:50 - 00000921 _____ C:\Users\Toshiba\Desktop\Addition.txt
  2017-02-14 07:20 - 2017-02-14 07:21 - 00000000 ____D C:\rsit
  2017-02-14 07:20 - 2017-02-14 07:21 - 00000000 ____D C:\Program Files\trend micro
  2017-02-14 07:20 - 2017-02-14 07:20 - 01323520 _____ C:\Users\Toshiba\Desktop\RSITx64.exe
  2017-02-14 07:18 - 2017-02-14 07:18 - 00008895 _____ C:\Users\Toshiba\Desktop\dds.txt
  2017-02-14 07:18 - 2017-02-14 07:18 - 00003728 _____ C:\Users\Toshiba\Desktop\attach.txt
  2017-02-14 07:13 - 2017-02-14 07:14 - 00688992 ____R (Swearware) C:\Users\Toshiba\Desktop\dds.exe
  
  File: C:\Users\Toshiba\AppData\Roaming\msjfecf.dat
  2014-08-27 19:23 - 2014-08-27 19:23 - 0000029 _____ () C:\Users\Toshiba\AppData\Roaming\msjfecf.dat
  File: C:\Users\Toshiba\AppData\Roaming\msjnhtjj.dat
  2014-08-19 16:54 - 2014-08-19 16:54 - 0009488 _____ () C:\Users\Toshiba\AppData\Roaming\msjnhtjj.dat
  File: C:\Users\Toshiba\AppData\Roaming\mslcoh.dat
  2014-08-27 19:23 - 2014-08-27 19:23 - 0008342 _____ () C:\Users\Toshiba\AppData\Roaming\mslcoh.dat
  File: C:\Users\Toshiba\AppData\Roaming\msrccbr.dat
  2014-08-19 16:54 - 2014-08-26 20:54 - 0000028 _____ () C:\Users\Toshiba\AppData\Roaming\msrccbr.dat
  File: C:\ProgramData\ezsidmv.dat
  2013-07-12 13:49 - 2013-07-12 13:49 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
  2017-01-26 18:05 - 2017-01-26 18:05 - 0000000 _____ () C:\Users\Toshiba\AppData\Local\Temp\GUR3DE9.exe
  2016-08-20 16:04 - 2016-08-11 12:33 - 5168856 _____ (Mail.Ru) C:\Users\Toshiba\AppData\Local\Temp\MailRuUpdater.exe
  2016-08-20 16:17 - 2016-08-20 16:17 - 1972224 _____ (BitTorrent Inc.) C:\Users\Toshiba\AppData\Local\Temp\utt1393.tmp.exe
  CustomCLSID: HKU\S-1-5-21-808137394-3989240724-1605283320-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Toshiba\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
  Task: {5DE4161A-FC96-4AF3-B020-F81FD21E1484} - System32\Tasks\{52224676-DCAA-40FE-86D5-9A1E43CD3EFF} => C:\Users\Toshiba\Desktop\dyna\DYNA.EXE 
  File: C:\Users\Toshiba\Desktop\dyna\DYNA.EXE
  CMD: dir "C:\PROGRA~1"
  CMD: dir "C:\PROGRA~2"
  CMD: dir "C:\PROGRA~3"
  CMD: dir "%localappdata%"
  CMD: dir "%appdata%"
  Hosts:
  EmptyTemp:
  End

[Hook_1hp]

Zdravím, děkuji za pomoc, je to veliky rozdil, PC je hned o hodně rychlejší. Jeste jednou dekuji za pomoc

Log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 01
Ran by Toshiba (15-02-2017 13:46:56) Run:1
Running from C:\Users\Toshiba\Desktop
Loaded Profiles: Toshiba (Available Profiles: Toshiba)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\Run: [Google Update] => C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.) <===== ATTENTION
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\...\MountPoints2: {6ad94e18-4290-11e6-a4d4-00266c7c5f10} - F:\autorun.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-808137394-3989240724-1605283320-1000 -> 41A39C2DE31D958A4B89BABFF9DAA1B6 URL =
FF Extension: (No Name) - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha5336\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1413\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha577\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3874\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home266\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6712\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7823\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha1603\ff [not found]
C:\Program Files (x86)\MediaPlayerV1
C:\Program Files (x86)\MediaViewV1
C:\Program Files (x86)\MediaWatchV1
C:\Program Files (x86)\MediaBuzzV1
C:\Program Files (x86)\RichMediaViewV1
C:\Program Files (x86)\TrustMediaViewerV1
2017-02-15 12:50 - 2017-02-15 12:51 - 00016142 _____ C:\Users\Toshiba\Desktop\FRST.txt
2017-02-15 12:50 - 2017-02-15 12:50 - 00000921 _____ C:\Users\Toshiba\Desktop\Addition.txt
2017-02-14 07:20 - 2017-02-14 07:21 - 00000000 ____D C:\rsit
2017-02-14 07:20 - 2017-02-14 07:21 - 00000000 ____D C:\Program Files\trend micro
2017-02-14 07:20 - 2017-02-14 07:20 - 01323520 _____ C:\Users\Toshiba\Desktop\RSITx64.exe
2017-02-14 07:18 - 2017-02-14 07:18 - 00008895 _____ C:\Users\Toshiba\Desktop\dds.txt
2017-02-14 07:18 - 2017-02-14 07:18 - 00003728 _____ C:\Users\Toshiba\Desktop\attach.txt
2017-02-14 07:13 - 2017-02-14 07:14 - 00688992 ____R (Swearware) C:\Users\Toshiba\Desktop\dds.exe

File: C:\Users\Toshiba\AppData\Roaming\msjfecf.dat
2014-08-27 19:23 - 2014-08-27 19:23 - 0000029 _____ () C:\Users\Toshiba\AppData\Roaming\msjfecf.dat
File: C:\Users\Toshiba\AppData\Roaming\msjnhtjj.dat
2014-08-19 16:54 - 2014-08-19 16:54 - 0009488 _____ () C:\Users\Toshiba\AppData\Roaming\msjnhtjj.dat
File: C:\Users\Toshiba\AppData\Roaming\mslcoh.dat
2014-08-27 19:23 - 2014-08-27 19:23 - 0008342 _____ () C:\Users\Toshiba\AppData\Roaming\mslcoh.dat
File: C:\Users\Toshiba\AppData\Roaming\msrccbr.dat
2014-08-19 16:54 - 2014-08-26 20:54 - 0000028 _____ () C:\Users\Toshiba\AppData\Roaming\msrccbr.dat
File: C:\ProgramData\ezsidmv.dat
2013-07-12 13:49 - 2013-07-12 13:49 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2017-01-26 18:05 - 2017-01-26 18:05 - 0000000 _____ () C:\Users\Toshiba\AppData\Local\Temp\GUR3DE9.exe
2016-08-20 16:04 - 2016-08-11 12:33 - 5168856 _____ (Mail.Ru) C:\Users\Toshiba\AppData\Local\Temp\MailRuUpdater.exe
2016-08-20 16:17 - 2016-08-20 16:17 - 1972224 _____ (BitTorrent Inc.) C:\Users\Toshiba\AppData\Local\Temp\utt1393.tmp.exe
CustomCLSID: HKU\S-1-5-21-808137394-3989240724-1605283320-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Toshiba\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
Task: {5DE4161A-FC96-4AF3-B020-F81FD21E1484} - System32\Tasks\{52224676-DCAA-40FE-86D5-9A1E43CD3EFF} => C:\Users\Toshiba\Desktop\dyna\DYNA.EXE
File: C:\Users\Toshiba\Desktop\dyna\DYNA.EXE
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Users\Toshiba\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe ========================

File is digitally signed
MD5: FE9E6388A039441098EB09C070EA5049
Creation and modification date: 2016-12-17 08:27 - 2016-12-17 08:24
Size: 0601752
Attributes: ---AT
Company Name: Google Inc.
Internal Name: Google Update
Original Name: GoogleUpdate.exe
Product: Google Update
Description: Google Update Core
File Version: 1.3.32.7
Product Version: 1.3.32.7
Copyright: Copyright 2007-2010 Google Inc.

====== End of File: ======

HKU\S-1-5-21-808137394-3989240724-1605283320-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key removed successfully
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ad94e18-4290-11e6-a4d4-00266c7c5f10} => key removed successfully
HKCR\CLSID\{6ad94e18-4290-11e6-a4d4-00266c7c5f10} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-808137394-3989240724-1605283320-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\41A39C2DE31D958A4B89BABFF9DAA1B6 => key removed successfully
HKCR\CLSID\41A39C2DE31D958A4B89BABFF9DAA1B6 => key not found.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha5336\ff => path removed successfully
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1413\ff => path removed successfully
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha577\ff => path removed successfully
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3874\ff => path removed successfully
C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home266\ff => path removed successfully
C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6712\ff => path removed successfully
C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7823\ff => path removed successfully
C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha1603\ff => path removed successfully
"C:\Program Files (x86)\MediaPlayerV1" => not found.
"C:\Program Files (x86)\MediaViewV1" => not found.
"C:\Program Files (x86)\MediaWatchV1" => not found.
"C:\Program Files (x86)\MediaBuzzV1" => not found.
"C:\Program Files (x86)\RichMediaViewV1" => not found.
"C:\Program Files (x86)\TrustMediaViewerV1" => not found.
C:\Users\Toshiba\Desktop\FRST.txt => moved successfully
C:\Users\Toshiba\Desktop\Addition.txt => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Toshiba\Desktop\RSITx64.exe => moved successfully
C:\Users\Toshiba\Desktop\dds.txt => moved successfully
C:\Users\Toshiba\Desktop\attach.txt => moved successfully
C:\Users\Toshiba\Desktop\dds.exe => moved successfully

========================= File: C:\Users\Toshiba\AppData\Roaming\msjfecf.dat ========================

File not signed
MD5: C4835817FEEB4F707688F292F5B16695
Creation and modification date: 2014-08-27 19:23 - 2014-08-27 19:23
Size: 0000029
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

C:\Users\Toshiba\AppData\Roaming\msjfecf.dat => moved successfully

========================= File: C:\Users\Toshiba\AppData\Roaming\msjnhtjj.dat ========================

File not signed
MD5: ECA507FE0CA28204CAC0260AA575D868
Creation and modification date: 2014-08-19 16:54 - 2014-08-19 16:54
Size: 0009488
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

C:\Users\Toshiba\AppData\Roaming\msjnhtjj.dat => moved successfully

========================= File: C:\Users\Toshiba\AppData\Roaming\mslcoh.dat ========================

File not signed
MD5: F2A39D9AD7064315E4146D3E420B7590
Creation and modification date: 2014-08-27 19:23 - 2014-08-27 19:23
Size: 0008342
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

C:\Users\Toshiba\AppData\Roaming\mslcoh.dat => moved successfully

========================= File: C:\Users\Toshiba\AppData\Roaming\msrccbr.dat ========================

File not signed
MD5: 585970D9D05EAF5A9E74F5DFCFA61090
Creation and modification date: 2014-08-19 16:54 - 2014-08-26 20:54
Size: 0000028
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

C:\Users\Toshiba\AppData\Roaming\msrccbr.dat => moved successfully

========================= File: C:\ProgramData\ezsidmv.dat ========================

File not signed
MD5: 0A02B0784845481531AC4856F4EA5514
Creation and modification date: 2013-07-12 13:49 - 2013-07-12 13:49
Size: 0000056
Attributes: ---AH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

C:\ProgramData\ezsidmv.dat => moved successfully
C:\Users\Toshiba\AppData\Local\Temp\GUR3DE9.exe => moved successfully
C:\Users\Toshiba\AppData\Local\Temp\MailRuUpdater.exe => moved successfully
C:\Users\Toshiba\AppData\Local\Temp\utt1393.tmp.exe => moved successfully
HKU\S-1-5-21-808137394-3989240724-1605283320-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DE4161A-FC96-4AF3-B020-F81FD21E1484} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DE4161A-FC96-4AF3-B020-F81FD21E1484} => key removed successfully
C:\Windows\System32\Tasks\{52224676-DCAA-40FE-86D5-9A1E43CD3EFF} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{52224676-DCAA-40FE-86D5-9A1E43CD3EFF} => key removed successfully

========================= File: C:\Users\Toshiba\Desktop\dyna\DYNA.EXE ========================

"C:\Users\Toshiba\Desktop\dyna\DYNA.EXE" => not found.
====== End of File: ======


========= dir "C:\PROGRA~1" =========

Svazek v jednotce C je WINDOWS.
S‚riov‚ źˇslo svazku je F60D-4DB4.

Věpis adres ýe C:\PROGRA~1

15.02.2017 13:48 <DIR> .
15.02.2017 13:48 <DIR> ..
31.12.2014 11:28 <DIR> AVAST Software
30.09.2012 17:33 <DIR> CCleaner
30.07.2015 07:37 <DIR> Common Files
21.04.2010 17:19 <DIR> CONEXANT
28.12.2014 10:00 <DIR> DVD Maker
26.08.2014 20:46 <DIR> File Association Helper
28.12.2014 11:00 <DIR> Internet Explorer
14.07.2009 16:37 <DIR> Microsoft Games
12.04.2012 16:36 <DIR> Microsoft Office
14.07.2009 06:32 <DIR> MSBuild
21.04.2010 17:10 <DIR> PlayReady
14.07.2009 06:32 <DIR> Reference Assemblies
21.04.2010 17:25 <DIR> Synaptics
30.05.2011 10:16 <DIR> TOSHIBA
28.12.2014 10:00 <DIR> Windows Defender
28.12.2014 10:00 <DIR> Windows Journal
28.12.2014 10:00 <DIR> Windows Mail
28.12.2014 10:00 <DIR> Windows Media Player
30.05.2011 10:22 <DIR> Windows NT
28.12.2014 10:00 <DIR> Windows Photo Viewer
28.12.2014 10:00 <DIR> Windows Portable Devices
28.12.2014 10:00 <DIR> Windows Sidebar
28.12.2014 08:32 <DIR> WinRAR
28.12.2014 13:38 <DIR> WinZip
Soubor…: 0, Bajt…: 0
Adres ý…: 26, Volněch bajt…: 55˙556˙734˙976

========= End of CMD: =========


========= dir "C:\PROGRA~2" =========

Svazek v jednotce C je WINDOWS.
S‚riov‚ źˇslo svazku je F60D-4DB4.

Věpis adres ýe C:\PROGRA~2

15.02.2017 06:59 <DIR> .
15.02.2017 06:59 <DIR> ..
30.09.2012 19:07 <DIR> Adobe
30.09.2012 19:07 <DIR> All Ten Fingers
30.05.2011 10:10 <DIR> Atheros
21.08.2016 15:06 <DIR> AVG
19.07.2016 16:46 <DIR> Common Files
30.09.2012 18:09 <DIR> Elaborate Bytes
05.03.2015 11:22 <DIR> Foxit Software
19.08.2014 17:49 <DIR> Google
20.08.2016 14:51 <DIR> GRETECH
21.04.2010 17:17 <DIR> Intel
28.12.2014 11:00 <DIR> Internet Explorer
21.04.2010 17:44 <DIR> Microsoft
12.04.2012 16:36 <DIR> Microsoft Application Virtualization Client
30.09.2012 18:20 <DIR> Microsoft Office
21.04.2010 17:47 <DIR> Microsoft SQL Server Compact Edition
30.09.2012 18:14 <DIR> Microsoft.NET
14.07.2009 06:32 <DIR> MSBuild
30.09.2012 18:19 <DIR> MSECache
21.04.2010 17:41 <DIR> Nero
27.12.2014 18:44 <DIR> OpenOffice.org 3
14.02.2017 07:11 <DIR> Opera
05.03.2015 11:08 <DIR> PDF Editor 4
21.04.2010 17:44 <DIR> Photo-Service
21.04.2010 17:25 <DIR> Realtek
14.07.2009 06:32 <DIR> Reference Assemblies
15.08.2016 18:09 <DIR> Seznam.cz
19.07.2016 16:46 <DIR> Skype
30.05.2011 10:12 <DIR> Toshiba
21.04.2010 17:45 <DIR> Toshiba TEMPRO
30.05.2011 12:19 <DIR> VideoLAN
30.05.2011 12:20 <DIR> Webteh
14.07.2009 16:18 <DIR> Windows Defender
21.04.2010 17:47 <DIR> Windows Live
21.04.2010 17:46 <DIR> Windows Live SkyDrive
28.12.2014 10:00 <DIR> Windows Mail
28.12.2014 10:00 <DIR> Windows Media Player
14.07.2009 06:32 <DIR> Windows NT
28.12.2014 10:00 <DIR> Windows Photo Viewer
28.12.2014 10:00 <DIR> Windows Portable Devices
28.12.2014 10:00 <DIR> Windows Sidebar
19.12.2014 23:53 <DIR> WinZip
Soubor…: 0, Bajt…: 0
Adres ý…: 43, Volněch bajt…: 55˙556˙755˙456

========= End of CMD: =========


========= dir "C:\PROGRA~3" =========

Svazek v jednotce C je WINDOWS.
S‚riov‚ źˇslo svazku je F60D-4DB4.

Věpis adres ýe C:\PROGRA~3

14.05.2014 14:44 <DIR> .mono
30.09.2012 19:07 <DIR> Adobe
30.05.2011 10:10 <DIR> Atheros
31.12.2014 11:28 <DIR> AVAST Software
21.08.2016 15:05 <DIR> Avg
02.01.2015 18:14 <DIR> Baidu
30.09.2012 17:51 <DIR> DAEMON Tools Lite
30.09.2012 18:04 <DIR> DAEMON Tools Pro
14.02.2017 14:39 <DIR> Malwarebytes
14.02.2017 21:22 <DIR> Malwarebytes' Anti-Malware (portable)
28.12.2014 08:18 <DIR> McAfee
09.01.2013 21:22 <DIR> Microsoft Help
21.04.2010 17:37 <DIR> Nero
27.12.2014 18:46 <DIR> Norton
10.11.2013 02:46 <DIR> NortonInstaller
19.07.2016 16:45 <DIR> Skype
30.05.2011 10:15 <DIR> Toshiba
30.05.2011 10:23 <DIR> ToshibaEurope
23.07.2011 13:58 <DIR> TP-LINK
26.08.2014 21:09 <DIR> TuneUp Software
30.09.2012 18:40 <DIR> VirtualizedApplications
21.08.2014 21:12 <DIR> Windows Genuine Advantage
28.12.2014 13:38 <DIR> WinZip
Soubor…: 0, Bajt…: 0
Adres ý…: 23, Volněch bajt…: 55˙556˙755˙456

========= End of CMD: =========


========= dir "%localappdata%" =========

Svazek v jednotce C je WINDOWS.
S‚riov‚ źˇslo svazku je F60D-4DB4.

Věpis adres ýe C:\Users\Toshiba\AppData\Local

15.02.2017 06:59 <DIR> .
15.02.2017 06:59 <DIR> ..
24.12.2014 13:14 <DIR> 810
25.02.2016 22:22 <DIR> Adobe
19.12.2014 23:42 <DIR> Apps
20.08.2016 17:25 <DIR> Avg
21.08.2016 15:04 <DIR> AvgSetupLog
16.06.2014 18:10 <DIR> cache
26.08.2014 20:57 <DIR> Chromium
15.08.2016 14:04 <DIR> Diagnostics
15.08.2016 18:12 <DIR> DOSBox
07.05.2012 19:47 <DIR> ElevatedDiagnostics
03.09.2014 16:22 <DIR> Gameforge4d
17.12.2012 14:29 93˙536 GDIPFONTCACHEV1.DAT
15.08.2016 18:30 <DIR> GHISLER
31.10.2016 17:10 <DIR> Google
30.09.2012 17:36 <DIR> Macromedia
30.04.2014 11:39 <DIR> Massive Media
02.01.2015 18:22 <DIR> Microsoft
05.10.2011 16:08 <DIR> Microsoft Games
09.01.2013 21:22 <DIR> Microsoft Help
30.05.2011 12:21 <DIR> Mozilla
30.05.2011 12:06 <DIR> Nero_AG
26.08.2014 19:47 <DIR> Opera Software
30.04.2014 11:39 <DIR> Programs
20.08.2016 13:18 <DIR> qbEAB81C.1D
18.06.2014 00:29 7˙602 Resmon.ResmonCfg
19.07.2016 16:46 <DIR> Skype
25.08.2016 18:07 <DIR> SkypePlugin
12.04.2012 16:37 <DIR> SoftGrid Client
15.02.2017 13:48 <DIR> Temp
30.05.2011 10:26 <DIR> Toshiba
30.05.2011 10:29 <DIR> TOSHIBA_Corporation
15.09.2013 17:26 <DIR> Unity
13.08.2011 00:50 <DIR> VirtualStore
04.10.2014 20:05 <DIR> Yandex
Soubor…: 2, Bajt…: 101˙138
Adres ý…: 34, Volněch bajt…: 55˙556˙751˙360

========= End of CMD: =========


========= dir "%appdata%" =========

Svazek v jednotce C je WINDOWS.
S‚riov‚ źˇslo svazku je F60D-4DB4.

Věpis adres ýe C:\Users\Toshiba\AppData\Roaming

15.02.2017 13:48 <DIR> .
15.02.2017 13:48 <DIR> ..
14.05.2014 14:44 <DIR> .mono
31.05.2011 17:23 <DIR> Adobe
31.12.2014 11:30 <DIR> AVAST Software
20.08.2016 17:25 <DIR> AVG
20.08.2016 16:53 <DIR> BitComet
16.07.2014 14:51 <DIR> BSplayer
30.05.2011 12:20 <DIR> BSplayer Pro
05.03.2015 11:08 <DIR> CAD-KAS
30.09.2012 18:01 <DIR> DAEMON Tools Lite
30.09.2012 18:25 <DIR> DAEMON Tools Pro
12.08.2016 09:17 <DIR> dvdcss
22.05.2015 15:24 <DIR> Foxit Software
15.08.2016 18:27 <DIR> GHISLER
30.09.2012 17:43 <DIR> Google
30.05.2011 10:25 <DIR> Identities
21.04.2010 17:44 <DIR> Macromedia
19.12.2014 23:53 <DIR> Massive Media
14.07.2009 16:36 <DIR> Media Center Programs
30.05.2011 12:21 <DIR> Mozilla
30.05.2011 12:05 <DIR> Nero
21.08.2014 21:12 <DIR> OKXYYoIy
30.09.2012 18:48 <DIR> OpenOffice.org
26.08.2014 19:47 <DIR> Opera Software
27.08.2014 11:25 <DIR> Riot Games
20.08.2016 16:40 <DIR> Seznam.cz
06.11.2016 18:43 <DIR> Skype
23.07.2013 12:27 <DIR> skypePM
28.01.2017 21:58 <DIR> SoftGrid Client
15.08.2016 16:58 <DIR> Steam
25.08.2016 12:34 <DIR> TeamViewer
30.05.2011 12:04 <DIR> Toshiba
26.08.2014 21:09 <DIR> TuneUp Software
03.01.2014 23:29 <DIR> Unity
11.11.2016 20:29 <DIR> uTorrent
19.12.2014 23:59 <DIR> uxNDtSCZ
30.12.2014 22:11 <DIR> vlc
16.09.2013 10:09 <DIR> wargaming.net
20.08.2016 16:39 <DIR> WarThunder
07.05.2012 22:46 <DIR> WinRAR
04.10.2014 20:05 <DIR> Yandex
Soubor…: 0, Bajt…: 0
Adres ý…: 42, Volněch bajt…: 55˙556˙751˙360

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 102518326 B
Java, Flash, Steam htmlcache => 723 B
Windows/system/drivers => 707291 B
Edge => 0 B
Chrome => 810335036 B
Firefox => 3072 B
Opera => 330007593 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Toshiba => 1330257226 B

RecycleBin => 6565845869 B
EmptyTemp: => 8.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:52:57 ====

[altrok]

Smazte jeste slozky C:\Users\Toshiba\AppData\Roaming\OKXYYoIy a uxNDtSCZ ve stejnem umisteni.

Pak uz jenom uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[Hook_1hp]

Děkuji mnohokrát za pomoc.

[altrok]

Nemate zac, rad jsem pomohl


Mejte se krasne a treba zase nekdy