Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vyskakování reklam atd.

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Vyskakování reklam atd.

#1 Příspěvek od lukas_t »

Ahoj,
v Chrome mi začali při kliknutí na nějaké tlačítko (třeba při přihlašování na fórum) vyskakovat nové karty s reklamami, občas se změní domovská stránka a celkově se mi zdá, že se něco děje...

Zde log z HJT:

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:23, on 2. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\tesi\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [GarminExpressTrayApp] "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - D:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11591 bytes
Log z FRST:

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by tesi (administrator) on LUKÁŠ (02-02-2016 23:03:31)
Running from C:\Users\tesi\Desktop
Loaded Profiles: tesi & UpdatusUser (Available Profiles: tesi & UpdatusUser)
Platform: Windows 8.1 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\tesi\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2014-11-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2014-11-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2013-04-16] (ASUS)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\MountPoints2: {68445db2-168f-11e5-8268-6817293dffad} - "G:\AutoStarter.EXE" /NAME=RenaultTrucks
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\MountPoints2: {68445e19-168f-11e5-8268-6817293dffad} - "H:\cdi.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2014-11-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2014-11-07] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{05AF8221-4B92-4C28-BC89-2894D6F071F8}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-46381495-113654929-558197678-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.cz/ig?hl=cs
CHR StartupUrls: Default -> "hxxp://www.igoogle.com/"
CHR Profile: C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Dokumenty Google) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Disk Google) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
CHR Extension: (Vyhledávání Google) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Lumin - Best Document Viewer) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkidnlfklnjanneifjjojofckpcogcl [2015-06-13]
CHR Extension: (Tabulky Google) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Facebook) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmmhebkeocjpdjpmcmjcihakclgmcblb [2014-11-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-01-03]
CHR Extension: (Gmail) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-46381495-113654929-558197678-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 Garmin Device Interaction Service; D:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 SDScannerService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [954048 2014-08-25] (@ByELDI) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-02-06] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [62976 2013-08-22] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-19] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-02 23:03 - 2016-02-02 23:03 - 00017826 _____ C:\Users\tesi\Desktop\FRST.txt
2016-02-02 23:02 - 2016-02-02 23:03 - 00000000 ____D C:\FRST
2016-02-02 23:01 - 2016-02-02 23:01 - 00112640 _____ (forum.viry.cz) C:\Users\tesi\Downloads\FRSTLauncher.exe
2016-02-02 23:00 - 2016-02-02 23:02 - 00112640 _____ (forum.viry.cz) C:\Users\tesi\Desktop\FRSTLauncher.exe
2016-02-02 23:00 - 2016-02-02 23:00 - 02370560 _____ (Farbar) C:\Users\tesi\Desktop\FRST64.exe
2016-02-02 22:34 - 2016-02-02 22:34 - 00002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-02 22:34 - 2016-02-02 22:34 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-02 20:47 - 2016-02-02 20:47 - 00000000 ____D C:\Users\tesi\AppData\Roaming\iSkysoft
2016-02-02 20:46 - 2016-02-02 20:46 - 00000000 ____D C:\ProgramData\wondershare
2016-02-02 20:46 - 2016-02-02 20:46 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-02-02 20:46 - 2015-02-27 10:35 - 00000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2016-02-02 20:44 - 2016-02-02 20:45 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
2016-02-02 20:02 - 2016-02-02 20:08 - 00000000 ____D C:\Users\tesi\AppData\Local\iWesoft
2016-02-02 20:02 - 2016-02-02 20:07 - 00000000 ____D C:\Users\tesi\Documents\WePDFWatermarkRemover Output
2016-02-02 20:02 - 2016-02-02 20:02 - 00000000 ____D C:\Users\tesi\AppData\Roaming\iWesoft
2016-02-02 19:49 - 2016-02-02 20:16 - 00000000 ____D C:\ProgramData\pdf-watermark-remover-wm
2016-02-02 19:41 - 2016-02-02 21:19 - 00000000 ____D C:\Users\tesi\Desktop\veronika
2016-02-02 19:14 - 2016-02-02 19:14 - 00000862 _____ C:\Users\tesi\Desktop\Iveco Power.lnk
2016-02-02 09:45 - 2016-02-02 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-01-26 22:56 - 2016-01-26 22:59 - 00000000 ____D C:\Users\tesi\Desktop\Man_Mantis_12.2014
2016-01-26 14:43 - 2016-01-26 14:43 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-25 20:12 - 2016-01-25 20:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-11 23:01 - 2016-01-11 23:01 - 00558451 _____ C:\Users\tesi\Desktop\vizitka.psd
2016-01-11 18:56 - 2016-01-11 18:56 - 00236147 _____ C:\Users\tesi\Documents\Registrace.pdf
2016-01-11 18:55 - 2016-01-11 18:58 - 00231047 _____ C:\Users\tesi\Documents\Vývoj objednávek.pdf
2016-01-11 18:52 - 2016-01-11 18:52 - 00230946 _____ C:\Users\tesi\Documents\objednavky.pdf
2016-01-11 17:15 - 2016-01-11 17:15 - 00162950 _____ C:\Users\tesi\Documents\vypinat.pdf
2016-01-09 14:56 - 2016-01-11 18:44 - 00230836 _____ C:\Users\tesi\Documents\PROJEKT.pdf
2016-01-03 15:37 - 2016-01-03 15:37 - 00371898 _____ C:\Users\tesi\Desktop\oznameni_tesarek.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-02 22:53 - 2016-01-02 17:29 - 00004940 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Lukáš-tesi Lukáš
2016-02-02 22:53 - 2014-11-07 12:00 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-46381495-113654929-558197678-1001
2016-02-02 22:37 - 2014-11-07 12:47 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-02 22:33 - 2014-11-07 12:47 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-02 22:30 - 2014-11-07 12:47 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 22:29 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-02 22:29 - 2013-08-22 15:44 - 05099824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-02 22:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-02-02 22:07 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-02 22:06 - 2014-11-07 16:37 - 00000000 ____D C:\Users\tesi\AppData\Local\CrashDumps
2016-02-02 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\addins
2016-02-02 21:00 - 2014-11-07 15:36 - 00000000 ____D C:\Users\tesi\AppData\Roaming\uTorrent
2016-02-02 20:51 - 2014-11-07 11:49 - 00001608 _____ C:\Users\tesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-02 20:43 - 2014-11-07 13:04 - 00000000 ____D C:\ProgramData\Adobe
2016-02-02 20:34 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-02 20:25 - 2014-11-07 16:34 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-02-02 20:08 - 2015-01-25 21:31 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-02-02 10:32 - 2014-11-07 12:47 - 00003944 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 10:32 - 2014-11-07 12:47 - 00003708 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 09:46 - 2015-12-27 22:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 09:45 - 2015-12-27 22:47 - 00001683 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-02 09:45 - 2015-12-27 22:46 - 00003554 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-01-31 15:33 - 2015-07-06 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-01-28 13:07 - 2013-08-22 13:17 - 00000000 ____D C:\Users\tesi\Documents\Scanned Documents
2016-01-28 09:18 - 2013-08-21 18:42 - 00000000 ____D C:\Users\tesi\AppData\Local\Packages
2016-01-26 22:55 - 2013-09-20 19:56 - 00000000 ____D C:\Users\tesi\Desktop\Škola
2016-01-25 20:44 - 2014-11-07 15:18 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-01-25 20:42 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-01-20 13:00 - 2014-11-07 12:46 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-01-20 13:00 - 2014-11-07 12:46 - 00000000 ____D C:\WINDOWS\system32\NV
2016-01-17 15:56 - 2013-09-30 05:20 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-17 15:56 - 2013-09-30 04:57 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2016-01-17 15:56 - 2013-09-30 04:57 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2016-01-13 15:41 - 2015-11-07 01:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 15:41 - 2014-12-26 08:48 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-10 09:30 - 2014-11-07 12:46 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-05 14:36 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-05 14:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2015-03-22 11:51 - 2015-03-22 12:49 - 0000132 _____ () C:\Users\tesi\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2015-12-31 17:26 - 2015-12-31 17:27 - 0001013 _____ () C:\Users\tesi\AppData\Roaming\burnaware.ini
2014-11-26 22:32 - 2016-01-02 18:37 - 0000600 _____ () C:\Users\tesi\AppData\Roaming\winscp.rnd
2015-10-11 16:31 - 2015-10-11 16:31 - 0000770 _____ () C:\Users\tesi\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-25 19:25

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:99.66 GB) (Free:21.26 GB) NTFS
Drive d: () (Fixed) (Total:598.29 GB) (Free:530.05 GB) NTFS

Available physical RAM: 3766.11 MB
Total physical RAM: 6029.72 MB
Percentage of memory in use: 37%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: B05CD80C)
Partition 1: (Not Active) - (Size=99.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=598.3 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\tesi\Desktop" je 19963 MB.
 
 
***** Startup Programs *****
 
 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="D:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"D:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="D:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"D:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="D:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"D:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="D:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vyskakování reklam atd.

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Re: Vyskakování reklam atd.

#3 Příspěvek od lukas_t »

Teď už se mě zdá počítač v pohodě. Tímhle už jsem to dělal včera (po vložení příspěvku), tady je log:

Kód: Vybrat vše

# AdwCleaner v5.032 - Logfile created 02/02/2016 at 23:18:48
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : tesi - LUKÁŠ
# Running from : C:\Users\tesi\Desktop\adwcleaner_5.032.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : Service KMSELDI

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\tesi\AppData\LocalLow\Tbccint

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\tesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\tesi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
[-] Key Deleted : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[!] Key Not Deleted : HKU\S-1-5-21-46381495-113654929-558197678-1001\Software\Conduit
[!] Key Not Deleted : HKU\S-1-5-21-46381495-113654929-558197678-1001\Software\WEBAPP
[!] Key Not Deleted : HKU\S-1-5-21-46381495-113654929-558197678-1001\Software\AppDataLow\Toolbar
[!] Key Not Deleted : HKU\S-1-5-21-46381495-113654929-558197678-1001\Software\AppDataLow\Software\BackgroundContainerV2
[!] Key Not Deleted : HKU\S-1-5-21-46381495-113654929-558197678-1001\Software\AppDataLow\Software\Tbccint
[!] Key Not Deleted : HKU\S-1-5-21-46381495-113654929-558197678-1001\Software\AppDataLow\Software\TbccintSearchScopes
[-] Value Deleted : HKU\S-1-5-21-46381495-113654929-558197678-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [BackgroundContainerV2]

***** [ Web browsers ] *****

[-] [C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : spokojenypes.cz
[-] [C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : driver-finder.en.softonic.com
[-] [C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : montkovo.cz
[-] [C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : andrie.cz
[-] [C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : sportbild.de

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3115 bytes] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vyskakování reklam atd.

#4 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Re: Vyskakování reklam atd.

#5 Příspěvek od lukas_t »

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by tesi (administrator) on LUKÁŠ (03-02-2016 20:54:47)
Running from C:\Users\tesi\Desktop
Loaded Profiles: tesi & UpdatusUser (Available Profiles: tesi & UpdatusUser)
Platform: Windows 8.1 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Etnoteam S.p.A) D:\IvecoPower\cdi.exe
() D:\IvecoPower\app\mysql\bin\mysqld.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\tesi\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2014-11-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2014-11-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2013-04-16] (ASUS)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\MountPoints2: {68445db2-168f-11e5-8268-6817293dffad} - "G:\AutoStarter.EXE" /NAME=RenaultTrucks
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\MountPoints2: {68445e19-168f-11e5-8268-6817293dffad} - "H:\cdi.exe" 
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2014-11-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2014-11-07] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{05AF8221-4B92-4C28-BC89-2894D6F071F8}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-46381495-113654929-558197678-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.cz/ig?hl=cs
CHR StartupUrls: Default -> "hxxp://www.igoogle.com/"
CHR Profile: C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Dokumenty Google) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Disk Google) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
CHR Extension: (Vyhledávání Google) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Lumin - Best Document Viewer) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkidnlfklnjanneifjjojofckpcogcl [2015-06-13]
CHR Extension: (Tabulky Google) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Facebook) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmmhebkeocjpdjpmcmjcihakclgmcblb [2014-11-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-01-03]
CHR Extension: (Gmail) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-46381495-113654929-558197678-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 Garmin Device Interaction Service; D:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 SDScannerService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-02-06] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [62976 2013-08-22] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-19] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 20:54 - 2016-02-03 20:55 - 00017840 _____ C:\Users\tesi\Desktop\FRST.txt
2016-02-03 20:54 - 2016-02-03 20:54 - 00029696 _____ C:\Users\tesi\AppData\Local\MSGBOX.EXE
2016-02-03 20:54 - 2016-02-03 20:54 - 00015327 _____ C:\Users\tesi\Desktop\LM.bat
2016-02-02 23:17 - 2016-02-02 23:18 - 00000000 ____D C:\AdwCleaner
2016-02-02 23:02 - 2016-02-03 20:54 - 00000000 ____D C:\FRST
2016-02-02 23:01 - 2016-02-02 23:01 - 00112640 _____ (forum.viry.cz) C:\Users\tesi\Downloads\FRSTLauncher.exe
2016-02-02 23:00 - 2016-02-02 23:02 - 00112640 _____ (forum.viry.cz) C:\Users\tesi\Desktop\FRSTLauncher.exe
2016-02-02 23:00 - 2016-02-02 23:00 - 02370560 _____ (Farbar) C:\Users\tesi\Desktop\FRST64.exe
2016-02-02 22:34 - 2016-02-02 22:34 - 00002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-02 22:34 - 2016-02-02 22:34 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-02 20:47 - 2016-02-02 20:47 - 00000000 ____D C:\Users\tesi\AppData\Roaming\iSkysoft
2016-02-02 20:46 - 2016-02-02 20:46 - 00000000 ____D C:\ProgramData\wondershare
2016-02-02 20:46 - 2016-02-02 20:46 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-02-02 20:46 - 2015-02-27 10:35 - 00000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2016-02-02 20:44 - 2016-02-02 20:45 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
2016-02-02 20:02 - 2016-02-02 20:08 - 00000000 ____D C:\Users\tesi\AppData\Local\iWesoft
2016-02-02 20:02 - 2016-02-02 20:07 - 00000000 ____D C:\Users\tesi\Documents\WePDFWatermarkRemover Output
2016-02-02 20:02 - 2016-02-02 20:02 - 00000000 ____D C:\Users\tesi\AppData\Roaming\iWesoft
2016-02-02 19:49 - 2016-02-02 20:16 - 00000000 ____D C:\ProgramData\pdf-watermark-remover-wm
2016-02-02 19:41 - 2016-02-02 21:19 - 00000000 ____D C:\Users\tesi\Desktop\veronika
2016-02-02 19:14 - 2016-02-02 19:14 - 00000862 _____ C:\Users\tesi\Desktop\Iveco Power.lnk
2016-02-02 09:45 - 2016-02-02 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-01-26 22:56 - 2016-01-26 22:59 - 00000000 ____D C:\Users\tesi\Desktop\Man_Mantis_12.2014
2016-01-26 14:43 - 2016-01-26 14:43 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-25 20:12 - 2016-01-25 20:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-11 23:01 - 2016-01-11 23:01 - 00558451 _____ C:\Users\tesi\Desktop\vizitka.psd
2016-01-11 18:56 - 2016-01-11 18:56 - 00236147 _____ C:\Users\tesi\Documents\Registrace.pdf
2016-01-11 18:55 - 2016-01-11 18:58 - 00231047 _____ C:\Users\tesi\Documents\Vývoj objednávek.pdf
2016-01-11 18:52 - 2016-01-11 18:52 - 00230946 _____ C:\Users\tesi\Documents\objednavky.pdf
2016-01-11 17:15 - 2016-01-11 17:15 - 00162950 _____ C:\Users\tesi\Documents\vypinat.pdf
2016-01-09 14:56 - 2016-01-11 18:44 - 00230836 _____ C:\Users\tesi\Documents\PROJEKT.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 20:37 - 2014-11-07 12:47 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-03 17:10 - 2013-08-21 18:42 - 00000000 ____D C:\Users\tesi\AppData\Local\Packages
2016-02-03 12:11 - 2016-01-02 17:29 - 00004942 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Lukáš-tesi Lukáš
2016-02-03 10:37 - 2014-11-07 12:47 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-03 10:24 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-03 09:24 - 2014-11-07 12:00 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-46381495-113654929-558197678-1001
2016-02-02 23:18 - 2014-11-07 11:49 - 00000979 _____ C:\Users\tesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-02 22:33 - 2014-11-07 12:47 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-02 22:29 - 2013-08-22 15:44 - 05099824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-02 22:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-02-02 22:07 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-02 22:06 - 2014-11-07 16:37 - 00000000 ____D C:\Users\tesi\AppData\Local\CrashDumps
2016-02-02 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\addins
2016-02-02 21:00 - 2014-11-07 15:36 - 00000000 ____D C:\Users\tesi\AppData\Roaming\uTorrent
2016-02-02 20:43 - 2014-11-07 13:04 - 00000000 ____D C:\ProgramData\Adobe
2016-02-02 20:34 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-02 20:25 - 2014-11-07 16:34 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-02-02 20:08 - 2015-01-25 21:31 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-02-02 10:32 - 2014-11-07 12:47 - 00003944 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 10:32 - 2014-11-07 12:47 - 00003708 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 09:46 - 2015-12-27 22:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 09:45 - 2015-12-27 22:47 - 00001683 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-02-02 09:45 - 2015-12-27 22:46 - 00003554 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-01-31 15:33 - 2015-07-06 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-01-28 13:07 - 2013-08-22 13:17 - 00000000 ____D C:\Users\tesi\Documents\Scanned Documents
2016-01-26 22:55 - 2013-09-20 19:56 - 00000000 ____D C:\Users\tesi\Desktop\Škola
2016-01-25 20:44 - 2014-11-07 15:18 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-01-25 20:42 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-01-20 13:00 - 2014-11-07 12:46 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-01-20 13:00 - 2014-11-07 12:46 - 00000000 ____D C:\WINDOWS\system32\NV
2016-01-17 15:56 - 2013-09-30 05:20 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-17 15:56 - 2013-09-30 04:57 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2016-01-17 15:56 - 2013-09-30 04:57 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2016-01-13 15:41 - 2015-11-07 01:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 15:41 - 2014-12-26 08:48 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-10 09:30 - 2014-11-07 12:46 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-05 14:36 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-05 14:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2015-03-22 11:51 - 2015-03-22 12:49 - 0000132 _____ () C:\Users\tesi\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2015-12-31 17:26 - 2015-12-31 17:27 - 0001013 _____ () C:\Users\tesi\AppData\Roaming\burnaware.ini
2014-11-26 22:32 - 2016-01-02 18:37 - 0000600 _____ () C:\Users\tesi\AppData\Roaming\winscp.rnd
2016-02-03 20:54 - 2016-02-03 20:54 - 0029696 _____ () C:\Users\tesi\AppData\Local\MSGBOX.EXE
2015-10-11 16:31 - 2015-10-11 16:31 - 0000770 _____ () C:\Users\tesi\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\tesi\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-25 19:25

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vyskakování reklam atd.

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\MountPoints2: {68445db2-168f-11e5-8268-6817293dffad} - "G:\AutoStarter.EXE" /NAME=RenaultTrucks
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\MountPoints2: {68445e19-168f-11e5-8268-6817293dffad} - "H:\cdi.exe"
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-46381495-113654929-558197678-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
CHR Extension: (Facebook) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmmhebkeocjpdjpmcmjcihakclgmcblb [2014-11-07]
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\tesi\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Re: Vyskakování reklam atd.

#7 Příspěvek od lukas_t »

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by tesi (2016-02-03 22:32:44) Run:1
Running from C:\Users\tesi\Desktop
Loaded Profiles: tesi & UpdatusUser (Available Profiles: tesi & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\MountPoints2: {68445db2-168f-11e5-8268-6817293dffad} - "G:\AutoStarter.EXE" /NAME=RenaultTrucks
HKU\S-1-5-21-46381495-113654929-558197678-1001\...\MountPoints2: {68445e19-168f-11e5-8268-6817293dffad} - "H:\cdi.exe" 
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-46381495-113654929-558197678-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
CHR Extension: (Facebook) - C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmmhebkeocjpdjpmcmjcihakclgmcblb [2014-11-07]
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\tesi\AppData\Local\Temp
End
*****************

HKU\S-1-5-21-46381495-113654929-558197678-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-46381495-113654929-558197678-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68445db2-168f-11e5-8268-6817293dffad}" => key removed successfully
HKCR\CLSID\{68445db2-168f-11e5-8268-6817293dffad} => key not found. 
"HKU\S-1-5-21-46381495-113654929-558197678-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68445e19-168f-11e5-8268-6817293dffad}" => key removed successfully
HKCR\CLSID\{68445e19-168f-11e5-8268-6817293dffad} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-46381495-113654929-558197678-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => key removed successfully
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found. 
C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmmhebkeocjpdjpmcmjcihakclgmcblb => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully

"C:\Users\tesi\AppData\Local\Temp" folder move:

Could not move "C:\Users\tesi\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-03 22:34:14)

C:\Users\tesi\AppData\Local\Temp => moved successfully

==== End of Fixlog 22:34:15 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vyskakování reklam atd.

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Re: Vyskakování reklam atd.

#9 Příspěvek od lukas_t »

Děkuji za pomoc! Za celou dobu nic, ale zrovna, než jsem sem šel napsat příspěvek, vyskočila mi opět po běžném kliknutí na inzerát na bazoši reklama na nějaké americké millions... :(
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vyskakování reklam atd.

#10 Příspěvek od Rudy »

Zkuste ještě tato skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Re: Vyskakování reklam atd.

#11 Příspěvek od lukas_t »

ZOEK:

Kód: Vybrat vše

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by tesi on źt 04. 02. 2016 at 20:53:44,94.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\tesi\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

4. 2. 2016 20:54:42 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\Users\tesi\AppData\Local\CrashDumps deleted successfully
C:\Users\tesi\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\tesi\AppData\Local\EmieSiteList deleted successfully
C:\Users\tesi\AppData\Local\EmieUserList deleted successfully
C:\Users\tesi\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Wondershare deleted
C:\Users\tesi\AppData\Roaming\burnaware.ini deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\tesi\AppData\LocalLow\Unity deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\BS_Player_ControlBar_B deleted
C:\windows\SysNative\GroupPolicy\User deleted
"C:\PROGRA~3\Isolated Storage\{6D006200-5200-6F00-5700-6F0061003900}" deleted
"C:\PROGRA~3\Isolated Storage" deleted

==== Orphaned Tasks deleted from Registry ======================

GoogleUpdateTaskMachineCore deleted
GoogleUpdateTaskMachineUA deleted

==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Lumin PDF - tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkidnlfklnjanneifjjojofckpcogcl
Checker Plus for Gmail™ - tesi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tesi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\tesi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\tesi\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\tesi\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\tesi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=97 folders=27 97658793 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\tesi\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\tesi\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" deleted

==== EOF on źt 04. 02. 2016 at 21:07:37,62 ======================
Nahoru
lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Re: Vyskakování reklam atd.

#12 Příspěvek od lukas_t »

JRT:

Kód: Vybrat vše

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 Pro x64 
Ran by tesi (Administrator) on źt 04. 02. 2016 at 21:12:24,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 04. 02. 2016 at 21:14:11,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vyskakování reklam atd.

#13 Příspěvek od Rudy »

Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lukas_t
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 16 dub 2009 18:08

Re: Vyskakování reklam atd.

#14 Příspěvek od lukas_t »

Po tom prvním pročištění včera se omezilo vyskakování na jednu dvě za den. Otestuji a případně dám vědět, pokud by se objevovali dál. Každopádně Vám děkuji za pomoc a velmi si vážím toho, kolik času jste obětoval k řešení mého problémů.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119673
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Vyskakování reklam atd.

#15 Příspěvek od Rudy »

OK. Pak se ozvěte. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“