Facebook SPAM - prosím o kontrolu

[mikkie]

Dobrý den,

chtěl bych poprosit o pomoc a kontrolu logu. Jedná se o FB spam s pornem, a nedokáži se toho sám zbavit. Přikládám log:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Nada (administrator) on NADA-PC (14-03-2016 12:36:19)
Running from C:\Users\Nada\Desktop
Loaded Profiles: Nada (Available Profiles: Nada)
Platform: Windows 8.1 Connected (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Nada\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Samsung Appstore] => C:\Users\Nada\AppData\Roaming\Mozila\autoit.exe [934400 2016-03-08] (AutoIt Team)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-19] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6E5A4AC0-FDFE-437D-9F91-08ED351CA1FF}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8D836E76-BFBF-4D5B-98C8-93B1A8CA35C2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={2800D097-B4F9-48C0-B156-DCC9B6B9623A}&mid=bc2ad292f48b47cda1dc0982ccc252cf-68697508040668318d9d022bd3a6f6170aa796f1&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-06 05:07:14&v=4.2.4.155&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {39C43AF2-84D9-462F-8814-D5D9A06262C6} URL =
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2800D097-B4F9-48C0-B156-DCC9B6B9623A}&mid=bc2ad292f48b47cda1dc0982ccc252cf-68697508040668318d9d022bd3a6f6170aa796f1&lang=cs&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-05-06 05:07:14&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-19] (AVAST Software)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-19] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-22]

Chrome:
=======
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Profile 1 -> "hxxps://www.google.cz/"
CHR DefaultSearchURL: Profile 1 -> hxxps://www.google.cz/images/branding/product/i ... g_lodp.ico
CHR DefaultSearchKeyword: Profile 1 -> https://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Dokumenty Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Disk Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Heartbleed Search) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicaihgfofmggmmbdoaccgaelpfmdiph [2015-08-30]
CHR Extension: (YouTube) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (AVG Secure Search) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-01-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Avast SafePrice) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-29]
CHR Extension: (Tabulky Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (ipRE999e) - C:\Users\Nada\AppData\Roaming\Mozila [2016-03-08]
CHR Profile: C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Dokumenty Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-12]
CHR Extension: (Disk Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-12]
CHR Extension: (YouTube) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-12]
CHR Extension: (Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbkpdmnjjnoecjoplgjofdbekmmkldhb [2016-03-12]
CHR Extension: (Vyhledávání Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-12]
CHR Extension: (Tabulky Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-12]
CHR Extension: (Skype) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-12]
CHR Extension: (www.seznam.cz) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\llbjemicmpmdlpnoehnmoaoajimdchnm [2016-03-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-12]
CHR Extension: (Gmail) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-12]
CHR Extension: (ipRE999e) - C:\Users\Nada\AppData\Roaming\Mozila [2016-03-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-19] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-04-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-19] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-10] ()
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 12:36 - 2016-03-14 12:36 - 00018666 _____ C:\Users\Nada\Desktop\FRST.txt
2016-03-14 12:35 - 2016-03-14 12:36 - 00000000 ____D C:\FRST
2016-03-14 12:32 - 2016-03-14 12:00 - 00112640 ____N (forum.viry.cz) C:\Users\Nada\Desktop\FRSTLauncher.exe
2016-03-14 12:08 - 2016-03-14 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Nada\Desktop\trz2A3D.tmp
2016-03-14 12:02 - 2016-03-14 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Nada\Desktop\trzB28.tmp
2016-03-14 11:55 - 2016-03-14 11:55 - 02374144 _____ (Farbar) C:\Users\Nada\Desktop\FRST64.exe
2016-03-12 22:37 - 2016-03-12 22:38 - 00000000 ____D C:\Users\Nada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2016-03-10 09:34 - 2016-03-10 09:34 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-03-10 09:24 - 2016-03-10 09:24 - 00000000 _____ C:\autoexec.bat
2016-03-08 20:40 - 2016-02-20 16:45 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-08 20:40 - 2016-02-08 21:05 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-03-08 20:40 - 2016-02-05 20:06 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-08 20:40 - 2016-01-06 19:25 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-03-08 20:40 - 2015-12-30 22:53 - 02017624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-03-08 20:39 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-03-08 20:39 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-03-08 20:39 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-03-08 20:39 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2016-03-08 20:39 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-03-08 20:39 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-03-08 20:39 - 2016-02-08 21:07 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-03-08 20:39 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-03-08 20:39 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-03-08 20:39 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-03-08 20:39 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-03-08 20:39 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-03-08 20:39 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-03-08 20:39 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-03-08 20:39 - 2016-02-08 19:27 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-03-08 20:39 - 2016-02-08 19:26 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-03-08 20:39 - 2016-02-08 19:16 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-03-08 20:39 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2016-03-08 20:39 - 2016-02-08 19:13 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-03-08 20:39 - 2016-02-08 18:51 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-03-08 20:39 - 2016-02-08 18:42 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-03-08 20:39 - 2016-02-08 18:37 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-03-08 20:39 - 2016-02-08 18:34 - 00798720 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-03-08 20:39 - 2016-02-08 18:33 - 14613504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-03-08 20:39 - 2016-02-08 18:33 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-03-08 20:39 - 2016-02-08 18:19 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-03-08 20:39 - 2016-02-08 18:15 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2016-03-08 20:39 - 2016-02-08 18:07 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-03-08 20:39 - 2016-02-08 17:55 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-03-08 20:38 - 2016-01-24 19:19 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-03-08 20:38 - 2016-01-24 19:19 - 00378712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-03-08 20:38 - 2016-01-24 19:19 - 00331608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2016-03-08 20:38 - 2016-01-24 12:57 - 01335296 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2016-03-08 20:38 - 2016-01-24 12:45 - 01063424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2016-03-08 20:38 - 2016-01-09 02:38 - 00091992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-03-08 20:37 - 2016-02-11 15:21 - 00869576 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:21 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:20 - 00875720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:20 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-03-08 20:37 - 2016-02-05 15:59 - 07784960 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2016-03-08 20:37 - 2016-02-05 15:55 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 20:37 - 2016-02-05 15:48 - 07075840 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2016-03-08 20:37 - 2016-02-05 15:47 - 05268480 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2016-03-08 20:37 - 2016-01-09 02:49 - 00218448 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2016-03-08 20:37 - 2016-01-09 02:49 - 00192120 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2016-03-08 20:36 - 2016-02-06 17:58 - 00987648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-03-08 20:36 - 2016-02-06 17:32 - 00801792 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-03-08 20:36 - 2016-01-07 00:46 - 00148752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2016-03-08 20:36 - 2016-01-07 00:45 - 00177712 _____ (Microsoft Corporation) C:\windows\system32\wscapi.dll
2016-03-08 20:36 - 2016-01-06 17:47 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2016-03-08 20:35 - 2016-02-12 20:14 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-03-08 20:35 - 2016-02-12 16:14 - 03708416 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-03-08 20:35 - 2016-02-12 15:55 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-03-08 20:35 - 2016-02-12 15:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-03-08 20:35 - 2016-02-12 15:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-03-08 20:35 - 2016-02-12 15:51 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-03-08 20:35 - 2016-02-12 15:48 - 02244096 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-03-08 20:35 - 2016-02-12 15:47 - 00897024 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-03-08 20:35 - 2016-02-12 15:46 - 00726528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-03-08 20:35 - 2016-02-03 21:37 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-03-08 20:35 - 2016-02-03 21:36 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-03-08 20:35 - 2016-02-03 16:09 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-03-08 20:35 - 2016-02-03 16:00 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-03-08 20:35 - 2016-02-03 16:00 - 00077824 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-03-08 20:34 - 2016-01-10 17:41 - 01707008 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-03-08 20:34 - 2016-01-10 17:31 - 01344512 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-03-08 20:34 - 2015-11-19 15:33 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-03-08 20:34 - 2015-11-19 15:26 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-03-08 20:33 - 2016-02-06 19:08 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-03-08 20:33 - 2015-12-30 21:49 - 00470360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-03-08 20:32 - 2016-02-05 20:07 - 00292696 _____ (Microsoft Corporation) C:\windows\system32\WMASF.DLL
2016-03-08 20:32 - 2016-02-05 20:07 - 00243032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMASF.DLL
2016-03-08 20:32 - 2016-02-05 16:03 - 15432704 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-03-08 20:32 - 2016-02-05 16:00 - 13318144 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-03-08 20:32 - 2016-01-31 20:16 - 00148832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-03-08 20:31 - 2016-02-04 19:18 - 04174336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-03-08 20:31 - 2016-02-04 19:18 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-03-08 20:31 - 2016-02-04 19:12 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-03-08 20:31 - 2016-02-04 18:44 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-03-08 20:31 - 2016-02-04 18:39 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-03-08 20:30 - 2015-12-20 15:57 - 00839168 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2016-03-08 20:30 - 2015-12-20 15:56 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\msra.exe
2016-03-08 20:30 - 2015-12-20 15:43 - 00696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2016-03-08 20:29 - 2016-02-04 18:24 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-03-08 20:29 - 2016-02-04 18:02 - 00483328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-03-08 20:29 - 2016-01-15 17:56 - 02487296 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2016-03-08 20:29 - 2016-01-15 17:45 - 01482240 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2016-03-08 20:29 - 2016-01-05 16:00 - 00570880 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-03-08 11:38 - 2016-03-08 11:38 - 00000000 ____D C:\Users\Nada\AppData\Roaming\Mozila
2016-02-22 17:37 - 2015-07-19 10:24 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-02-14 16:11 - 2016-02-14 16:11 - 00004608 ___SH C:\Users\Nada\Desktop\Thumbs.db

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 12:35 - 2015-02-02 16:46 - 00000976 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-14 12:27 - 2015-02-02 17:10 - 00000000 ____D C:\Users\Nada\AppData\Roaming\Skype
2016-03-14 12:22 - 2015-01-31 03:57 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-311984320-3021778478-3963052507-1002
2016-03-14 12:14 - 2014-11-27 02:09 - 01714228 _____ C:\windows\SysWOW64\rootpa.e2e
2016-03-14 12:13 - 2015-02-02 16:46 - 00000972 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 12:11 - 2015-01-31 03:51 - 00000000 ____D C:\Users\Nada
2016-03-14 12:11 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-14 11:58 - 2015-01-31 03:58 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CE3410BC-F0FD-4B1D-AE2B-AD1BCAA0187B}
2016-03-14 11:56 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2016-03-14 11:53 - 2014-11-27 02:56 - 00738666 _____ C:\windows\system32\perfh005.dat
2016-03-14 11:53 - 2014-11-27 02:56 - 00151408 _____ C:\windows\system32\perfc005.dat
2016-03-14 11:53 - 2014-03-18 10:53 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-14 11:53 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-03-13 07:38 - 2015-02-02 16:46 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-13 07:38 - 2015-02-02 16:46 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-12 22:21 - 2015-06-03 20:02 - 00000000 ____D C:\Users\Nada\AppData\Local\CrashDumps
2016-03-12 22:18 - 2015-07-19 10:25 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-03-12 20:14 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2016-03-11 06:43 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-03-11 06:36 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-03-10 10:43 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-03-10 07:24 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 05:18 - 2013-08-22 15:44 - 00346656 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-08 21:49 - 2015-04-16 11:20 - 00000000 ____D C:\windows\system32\appraiser
2016-03-08 21:20 - 2015-02-03 08:51 - 00000000 ____D C:\windows\system32\MRT
2016-03-08 21:13 - 2015-02-03 08:51 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-08 08:00 - 2015-02-04 05:34 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:00 - 2015-02-04 05:34 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-01 05:26 - 2015-02-02 17:09 - 00000000 ____D C:\ProgramData\Skype
2016-02-26 05:56 - 2015-04-04 07:29 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-26 05:56 - 2015-04-04 07:29 - 00000000 ___SD C:\windows\system32\GWX
2016-02-22 17:37 - 2015-07-19 10:25 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-22 17:34 - 2015-12-04 10:56 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-02-22 17:29 - 2013-08-22 16:36 - 00000000 ____D C:\windows\registration

==================== Files in the root of some directories =======

2015-02-02 16:44 - 2015-03-04 05:10 - 0000028 _____ () C:\Users\Nada\AppData\Roaming\msfsxau.dat
2015-02-02 16:44 - 2015-02-02 16:44 - 0008989 _____ () C:\Users\Nada\AppData\Roaming\mstlnagk.dat
2014-11-27 02:07 - 2014-11-27 02:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Nada\AppData\Local\Temp\COMAP.EXE
C:\Users\Nada\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\Nada\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Nada\AppData\Local\Temp\oct1568.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct1B0D.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct2688.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct2D49.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct408D.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct5444.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct7774.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct77F6.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct787E.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct88DE.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct94F9.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octAA50.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBA69.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBA8B.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBBB9.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBCD1.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octDFC2.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octE0D8.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octE484.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octF38E.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octFEC5.tmp.exe
C:\Users\Nada\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nada\AppData\Local\Temp\{FB3D6387-11F3-4AC6-B1BB-3011E8FD1786}-47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Nada\Desktop" je 5324 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[mikkie]

Děkuji. Přikládám LOG:


# AdwCleaner v5.102 - Logfile created 14/03/2016 at 19:27:40
# Updated 13/03/2016 by Xplode
# Database : 2016-03-13.2 [Local]
# Operating system : Windows 8.1 Connected (x64)
# Username : Nada - NADA-PC
# Running from : C:\Users\Nada\Desktop\adwcleaner_5.102.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Amazon\ABB
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Folder Deleted : C:\Users\Nada\AppData\Roaming\Mozila

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Samsung Appstore]
[#] Value Deleted : HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Windows\CurrentVersion\Run [Samsung Appstore]
[-] Value Deleted : HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Samsung Appstore]
[-] Key Deleted : HKCU\Software\Classes\pokki

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2967 bytes] - [14/03/2016 19:27:40]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3783 bytes] - [14/03/2016 19:25:33]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3153 bytes] ##########

[Rudy]

Dejte nový log FRST.

[mikkie]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Nada (administrator) on NADA-PC (14-03-2016 20:40:35)
Running from C:\Users\Nada\Desktop
Loaded Profiles: Nada (Available Profiles: Nada)
Platform: Windows 8.1 Connected (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(forum.viry.cz) C:\Users\Nada\AppData\Local\Microsoft\Windows\INetCache\IE\3000IKCD\FRSTLauncher[1].exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-14] (AVAST Software)
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-14] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6E5A4AC0-FDFE-437D-9F91-08ED351CA1FF}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8D836E76-BFBF-4D5B-98C8-93B1A8CA35C2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {39C43AF2-84D9-462F-8814-D5D9A06262C6} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-14] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-14] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Profile 1 -> "hxxps://www.google.cz/"
CHR DefaultSearchURL: Profile 1 -> hxxps://www.google.cz/images/branding/product/i ... g_lodp.ico
CHR DefaultSearchKeyword: Profile 1 -> https://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Dokumenty Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Disk Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Heartbleed Search) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicaihgfofmggmmbdoaccgaelpfmdiph [2015-08-30]
CHR Extension: (YouTube) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Avast SafePrice) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-29]
CHR Extension: (Tabulky Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Dokumenty Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-12]
CHR Extension: (Disk Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-12]
CHR Extension: (YouTube) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-12]
CHR Extension: (Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbkpdmnjjnoecjoplgjofdbekmmkldhb [2016-03-12]
CHR Extension: (Vyhledávání Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-12]
CHR Extension: (Tabulky Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-12]
CHR Extension: (Skype) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-12]
CHR Extension: (www.seznam.cz) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\llbjemicmpmdlpnoehnmoaoajimdchnm [2016-03-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-12]
CHR Extension: (Gmail) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-12]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-14] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-04-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-14] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-10] ()
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 20:40 - 2016-03-14 20:41 - 00000000 _____ C:\Users\Nada\Desktop\FRSTLauncher.exe
2016-03-14 19:44 - 2016-03-14 19:44 - 00003046 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1457981086
2016-03-14 19:44 - 2016-03-14 19:44 - 00001064 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-14 19:44 - 2016-03-14 19:44 - 00001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-14 19:38 - 2016-03-14 19:37 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-03-14 19:37 - 2016-03-14 19:37 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-03-14 19:37 - 2016-03-14 19:37 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-03-14 19:36 - 2016-03-14 19:36 - 00880208 _____ (Google Inc.) C:\Users\Nada\Desktop\ChromeSetup (1).exe
2016-03-14 19:34 - 2016-03-14 20:41 - 00000050 _____ C:\Users\Nada\Desktop\AdwCleaner[C2].txt
2016-03-14 19:30 - 2016-03-14 19:30 - 00003268 _____ C:\Users\Nada\Desktop\AdwCleaner[C1].txt
2016-03-14 19:25 - 2016-03-14 19:32 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-14 12:42 - 2016-03-14 12:42 - 22908888 _____ (Malwarebytes ) C:\Users\Nada\Desktop\mbam-setup-2.2.0.1024.exe
2016-03-14 12:41 - 2016-03-14 12:41 - 00522240 _____ (OldTimer Tools) C:\Users\Nada\Desktop\OTM.exe
2016-03-14 12:40 - 2016-03-14 12:40 - 01527296 _____ C:\Users\Nada\Desktop\adwcleaner_5.102.exe
2016-03-14 12:36 - 2016-03-14 20:40 - 00017363 _____ C:\Users\Nada\Desktop\FRST.txt
2016-03-14 12:35 - 2016-03-14 12:36 - 00000000 ____D C:\FRST
2016-03-14 12:08 - 2016-03-14 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Nada\Desktop\trz2A3D.tmp
2016-03-14 12:02 - 2016-03-14 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Nada\Desktop\trzB28.tmp
2016-03-14 11:55 - 2016-03-14 11:55 - 02374144 _____ (Farbar) C:\Users\Nada\Desktop\FRST64.exe
2016-03-12 22:37 - 2016-03-12 22:38 - 00000000 ____D C:\Users\Nada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2016-03-10 09:34 - 2016-03-10 09:34 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-03-10 09:24 - 2016-03-10 09:24 - 00000000 _____ C:\autoexec.bat
2016-03-08 20:40 - 2016-02-20 16:45 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-08 20:40 - 2016-02-08 21:05 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-03-08 20:40 - 2016-02-05 20:06 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-08 20:40 - 2016-01-06 19:25 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-03-08 20:40 - 2015-12-30 22:53 - 02017624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-03-08 20:39 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-03-08 20:39 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-03-08 20:39 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-03-08 20:39 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2016-03-08 20:39 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-03-08 20:39 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-03-08 20:39 - 2016-02-08 21:07 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-03-08 20:39 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-03-08 20:39 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-03-08 20:39 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-03-08 20:39 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-03-08 20:39 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-03-08 20:39 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-03-08 20:39 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-03-08 20:39 - 2016-02-08 19:27 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-03-08 20:39 - 2016-02-08 19:26 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-03-08 20:39 - 2016-02-08 19:16 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-03-08 20:39 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2016-03-08 20:39 - 2016-02-08 19:13 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-03-08 20:39 - 2016-02-08 18:51 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-03-08 20:39 - 2016-02-08 18:42 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-03-08 20:39 - 2016-02-08 18:37 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-03-08 20:39 - 2016-02-08 18:34 - 00798720 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-03-08 20:39 - 2016-02-08 18:33 - 14613504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-03-08 20:39 - 2016-02-08 18:33 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-03-08 20:39 - 2016-02-08 18:19 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-03-08 20:39 - 2016-02-08 18:15 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2016-03-08 20:39 - 2016-02-08 18:07 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-03-08 20:39 - 2016-02-08 17:55 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-03-08 20:38 - 2016-01-24 19:19 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-03-08 20:38 - 2016-01-24 19:19 - 00378712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-03-08 20:38 - 2016-01-24 19:19 - 00331608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2016-03-08 20:38 - 2016-01-24 12:57 - 01335296 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2016-03-08 20:38 - 2016-01-24 12:45 - 01063424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2016-03-08 20:38 - 2016-01-09 02:38 - 00091992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-03-08 20:37 - 2016-02-11 15:21 - 00869576 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:21 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:20 - 00875720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:20 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-03-08 20:37 - 2016-02-05 15:59 - 07784960 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2016-03-08 20:37 - 2016-02-05 15:55 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 20:37 - 2016-02-05 15:48 - 07075840 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2016-03-08 20:37 - 2016-02-05 15:47 - 05268480 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2016-03-08 20:37 - 2016-01-09 02:49 - 00218448 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2016-03-08 20:37 - 2016-01-09 02:49 - 00192120 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2016-03-08 20:36 - 2016-02-06 17:58 - 00987648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-03-08 20:36 - 2016-02-06 17:32 - 00801792 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-03-08 20:36 - 2016-01-07 00:46 - 00148752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2016-03-08 20:36 - 2016-01-07 00:45 - 00177712 _____ (Microsoft Corporation) C:\windows\system32\wscapi.dll
2016-03-08 20:36 - 2016-01-06 17:47 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2016-03-08 20:35 - 2016-02-12 20:14 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-03-08 20:35 - 2016-02-12 16:14 - 03708416 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-03-08 20:35 - 2016-02-12 15:55 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-03-08 20:35 - 2016-02-12 15:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-03-08 20:35 - 2016-02-12 15:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-03-08 20:35 - 2016-02-12 15:51 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-03-08 20:35 - 2016-02-12 15:48 - 02244096 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-03-08 20:35 - 2016-02-12 15:47 - 00897024 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-03-08 20:35 - 2016-02-12 15:46 - 00726528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-03-08 20:35 - 2016-02-03 21:37 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-03-08 20:35 - 2016-02-03 21:36 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-03-08 20:35 - 2016-02-03 16:09 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-03-08 20:35 - 2016-02-03 16:00 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-03-08 20:35 - 2016-02-03 16:00 - 00077824 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-03-08 20:34 - 2016-01-10 17:41 - 01707008 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-03-08 20:34 - 2016-01-10 17:31 - 01344512 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-03-08 20:34 - 2015-11-19 15:33 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-03-08 20:34 - 2015-11-19 15:26 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-03-08 20:33 - 2016-02-06 19:08 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-03-08 20:33 - 2015-12-30 21:49 - 00470360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-03-08 20:32 - 2016-02-05 20:07 - 00292696 _____ (Microsoft Corporation) C:\windows\system32\WMASF.DLL
2016-03-08 20:32 - 2016-02-05 20:07 - 00243032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMASF.DLL
2016-03-08 20:32 - 2016-02-05 16:03 - 15432704 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-03-08 20:32 - 2016-02-05 16:00 - 13318144 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-03-08 20:32 - 2016-01-31 20:16 - 00148832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-03-08 20:31 - 2016-02-04 19:18 - 04174336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-03-08 20:31 - 2016-02-04 19:18 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-03-08 20:31 - 2016-02-04 19:12 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-03-08 20:31 - 2016-02-04 18:44 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-03-08 20:31 - 2016-02-04 18:39 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-03-08 20:30 - 2015-12-20 15:57 - 00839168 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2016-03-08 20:30 - 2015-12-20 15:56 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\msra.exe
2016-03-08 20:30 - 2015-12-20 15:43 - 00696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2016-03-08 20:29 - 2016-02-04 18:24 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-03-08 20:29 - 2016-02-04 18:02 - 00483328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-03-08 20:29 - 2016-01-15 17:56 - 02487296 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2016-03-08 20:29 - 2016-01-15 17:45 - 01482240 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2016-03-08 20:29 - 2016-01-05 16:00 - 00570880 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-02-14 16:11 - 2016-02-14 16:11 - 00004608 ___SH C:\Users\Nada\Desktop\Thumbs.db

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 20:35 - 2015-02-02 16:46 - 00000976 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-14 20:22 - 2015-01-31 03:57 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-311984320-3021778478-3963052507-1002
2016-03-14 19:45 - 2015-02-02 17:10 - 00000000 ____D C:\Users\Nada\AppData\Roaming\Skype
2016-03-14 19:45 - 2014-11-27 02:09 - 01810956 _____ C:\windows\SysWOW64\rootpa.e2e
2016-03-14 19:44 - 2015-02-02 16:46 - 00000972 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 19:44 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-14 19:38 - 2015-07-19 10:25 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-03-14 19:38 - 2015-07-19 10:25 - 00463744 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-03-14 19:38 - 2015-07-19 10:25 - 00287016 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-03-14 19:38 - 2015-07-19 10:25 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2016-03-14 19:38 - 2015-07-19 10:25 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-03-14 19:38 - 2015-02-02 16:46 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 19:38 - 2015-02-02 16:46 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-14 19:38 - 2015-01-31 03:58 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CE3410BC-F0FD-4B1D-AE2B-AD1BCAA0187B}
2016-03-14 19:38 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-03-14 19:37 - 2015-07-19 10:25 - 00165344 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-03-14 19:37 - 2015-07-19 10:25 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-03-14 19:37 - 2015-07-19 10:25 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-03-14 19:37 - 2015-07-19 10:25 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-03-14 19:37 - 2015-07-19 10:22 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-14 19:37 - 2015-07-19 10:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-14 19:28 - 2015-01-31 03:51 - 00000000 ____D C:\Users\Nada
2016-03-14 19:27 - 2014-11-27 02:20 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-03-14 11:56 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2016-03-14 11:53 - 2014-11-27 02:56 - 00738666 _____ C:\windows\system32\perfh005.dat
2016-03-14 11:53 - 2014-11-27 02:56 - 00151408 _____ C:\windows\system32\perfc005.dat
2016-03-14 11:53 - 2014-03-18 10:53 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-12 22:21 - 2015-06-03 20:02 - 00000000 ____D C:\Users\Nada\AppData\Local\CrashDumps
2016-03-12 20:14 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2016-03-11 06:43 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-03-11 06:36 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-03-10 10:43 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-03-10 07:24 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 05:18 - 2013-08-22 15:44 - 00346656 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-08 21:49 - 2015-04-16 11:20 - 00000000 ____D C:\windows\system32\appraiser
2016-03-08 21:20 - 2015-02-03 08:51 - 00000000 ____D C:\windows\system32\MRT
2016-03-08 21:13 - 2015-02-03 08:51 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-08 08:00 - 2015-02-04 05:34 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:00 - 2015-02-04 05:34 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-01 05:26 - 2015-02-02 17:09 - 00000000 ____D C:\ProgramData\Skype
2016-02-26 05:56 - 2015-04-04 07:29 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-26 05:56 - 2015-04-04 07:29 - 00000000 ___SD C:\windows\system32\GWX
2016-02-22 17:37 - 2015-07-19 10:25 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-22 17:34 - 2015-12-04 10:56 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-02-22 17:29 - 2013-08-22 16:36 - 00000000 ____D C:\windows\registration

==================== Files in the root of some directories =======

2015-02-02 16:44 - 2015-03-04 05:10 - 0000028 _____ () C:\Users\Nada\AppData\Roaming\msfsxau.dat
2015-02-02 16:44 - 2015-02-02 16:44 - 0008989 _____ () C:\Users\Nada\AppData\Roaming\mstlnagk.dat
2014-11-27 02:07 - 2014-11-27 02:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Nada\AppData\Local\Temp\COMAP.EXE
C:\Users\Nada\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\Nada\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Nada\AppData\Local\Temp\oct1568.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct1B0D.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct2688.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct2D49.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct408D.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct5444.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct7774.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct77F6.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct787E.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct88DE.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct94F9.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octAA50.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBA69.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBA8B.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBBB9.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBCD1.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octDFC2.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octE0D8.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octE484.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octF38E.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octFEC5.tmp.exe
C:\Users\Nada\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nada\AppData\Local\Temp\sqlite3.dll
C:\Users\Nada\AppData\Local\Temp\{FB3D6387-11F3-4AC6-B1BB-3011E8FD1786}-47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Nada\Desktop" je 5349 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {39C43AF2-84D9-462F-8814-D5D9A06262C6} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR DefaultSearchKeyword: Profile 1 -> https://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Users\Nada\AppData\Local\Temp
AlternateDataStreams: C:\Windows:nlsPreferences [386]
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\Nada\Desktop" je 5349 MB.

To je příliš mnoho a může to způsobovat zpomalení startu. Udělejte v C:\Users\Nada novou složku, do ni přesuňte všechna data z plochy (kromě zástupců) a na plochu si dejte pro snazší přístup zástupce té složky.

[mikkie]

Ty data na ploště jsou dočasné fotografie.. Jen jsem došel k poznatku,jelikož mám teď PC k netu připojené přes USB Tethering, tak mi najednou vyskočili viry na FB i v mobilu, aniž bych cokoliv dělal.


LOG z fixit


Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Nada (2016-03-14 21:00:30) Run:1
Running from C:\Users\Nada\Desktop
Loaded Profiles: Nada (Available Profiles: Nada)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {39C43AF2-84D9-462F-8814-D5D9A06262C6} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR DefaultSearchKeyword: Profile 1 -> https://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Users\Nada\AppData\Local\Temp
AlternateDataStreams: C:\Windows:nlsPreferences [386]
End

*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-311984320-3021778478-3963052507-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-311984320-3021778478-3963052507-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39C43AF2-84D9-462F-8814-D5D9A06262C6}" => key removed successfully
HKCR\CLSID\{39C43AF2-84D9-462F-8814-D5D9A06262C6} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
c2cautoupdatesvc => Unable to stop service.
c2cautoupdatesvc => service removed successfully
c2cpnrsvc => Unable to stop service.
c2cpnrsvc => service removed successfully
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Nada\AppData\Local\Temp" folder move:

Could not move "C:\Users\Nada\AppData\Local\Temp" => Scheduled to move on reboot.

C:\Windows => ":nlsPreferences" ADS removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-14 21:03:17)

C:\Users\Nada\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:03:17 ====

[Rudy]

Nevadí, co je to za data, je jich ale moc. Plocha je otevřený adresář, který se při startu kompletně načítá. Čím více je tam dat, tím déle to trvá. Jinak smazáno. Nastala nějaká změna?

[mikkie]

Zřejmě mi to nějakým způsobem zavirovává síť, jelikož i dalšímu členovi rodiny, začali na androidu vyskakovat chyby FB

[Rudy]

Účet na FB přeheslujte a udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[mikkie]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 14. 3. 2016
Čas skenování: 21:17
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.03.14.06
Databáze rootkitů: v2016.03.12.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Nada

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 345464
Uplynulý čas: 11 min, 37 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 3
PUP.Optional.HistoryTool, C:\Users\Nada\AppData\Roaming\wld\iehv.exe, , [802e30572c6d1e18500c136f5fa2c53b],
PUP.Optional.Seznam, C:\$Recycle.Bin\S-1-5-21-311984320-3021778478-3963052507-1002\$R3AG336.exe, , [1d9165224b4e9c9ac766139e7d83847c],
Trojan.Agent.Trace, C:\Windows\Inf\ntvdm.inf, , [7c32cbbc9dfc191d34425bef8a7a5ea2],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Rudy]

Všechny nálezy smažte.

[mikkie]

Smazano, spustil jsem jeste jednou test a zatim nic nenasel.

[Rudy]

Takže vše OK?

[mikkie]

Projel jsem jeste jednou kompletni test mbam a nic nenaslo.. Zatim se vse tvari, ze je v poradku. Mockrat dekuji za Vaši pomoc.