Rozesílání spamu - Facebook

Zpráva

Ram · #1 Příspěvek od **Ram** » 07 říj 2016 15:03

Ahoj, prosím o kotrolu logu. Facebook rozesílá spamy mým kontaktům, + občas PC během práce na webu zamrzne (pomůže jen reset).

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-10-2015 02
Ran by Admin (administrator) on ADMIN-PC (07-10-2016 15:44:05)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Guest)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: "C:\Users\Admin\AppData\Roaming\mxnitro\MxNitro.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Crawler Group, LLC) C:\Program Files\Spyware Terminator\st_rsser.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Crawler Group, LLC) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
() C:\Windows\System32\spool\drivers\w32x86\3\usp01pi.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Crawler Group, LLC) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Telegram Messenger LLP) C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-05-21] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [5321448 2016-04-09] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [5560040 2016-04-09] (Crawler Group, LLC)
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\Run: [Samsung Appstore] => C:\Users\Admin\AppData\Roaming\Mozila\autoit.exe [934400 2016-03-03] (AutoIt Team)
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\MountPoints2: {10739d94-d791-11dd-8ef9-806e6f6e6963} - D:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\MountPoints2: {4d20bea3-2303-11e6-aed8-0021861c7da4} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.122.0.1 10.122.0.3
Tcpip\..\Interfaces\{9C2AA485-A9C4-4BB7-8011-A211EF514387}: [DhcpNameServer] 10.122.0.1 10.122.0.3

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2812501099-2658016741-2431437663-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2812501099-2658016741-2431437663-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-30] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5zg6t03q.default
FF NewTab: hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 0317__yaff
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.seznam.cz/
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "198.71.82.108"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "198.71.82.108"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "198.71.82.108"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "198.71.82.108"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-25] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2812501099-2658016741-2431437663-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Extension: Firefox Hotfix - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5zg6t03q.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-09-25] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-13] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-06]
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-06]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-10]
CHR Extension: (Tabulky Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (vkkshgueg) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmeeleimkfmcglckilghepakdadiakc [2016-10-02]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-06]
CHR Extension: (ipRE999e) - C:\Users\Admin\AppData\Roaming\Mozila [2016-05-10]
CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [2116840 2016-04-09] (Crawler Group, LLC)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-22] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-08-30] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-30] (AVAST Software)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [191656 2010-01-08] (Intel Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [11296 2014-11-13] (Rsupport Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-07 15:39 - 2016-10-07 15:40 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
2016-10-07 15:39 - 2016-10-07 15:39 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Downloads\Nepotvrzeno 535897.crdownload
2016-10-07 15:34 - 2016-10-07 15:34 - 01755136 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2016-10-06 20:45 - 2016-10-06 22:22 - 1552763820 _____ C:\Users\Admin\Downloads\zápas.zip
2016-10-06 10:17 - 2016-10-06 10:17 - 00154624 _____ C:\Users\Admin\Downloads\žádost o dotaci (1).xls
2016-10-06 10:16 - 2016-10-06 10:16 - 00173056 _____ C:\Users\Admin\Downloads\zadost_sa-22.xls
2016-10-06 10:15 - 2016-10-06 10:15 - 00208384 _____ C:\Users\Admin\Downloads\vyuct_vs-1.xls
2016-10-06 10:14 - 2016-10-06 10:14 - 00203776 _____ C:\Users\Admin\Downloads\zadost_scn.xls
2016-10-06 10:11 - 2016-10-06 10:11 - 00060416 _____ C:\Users\Admin\Downloads\prehled_prispevku_REG_2010_2016.xls
2016-10-06 10:07 - 2016-10-06 10:07 - 00181760 _____ C:\Users\Admin\Downloads\SA dotace 2016-1 (2).xls
2016-10-06 10:05 - 2016-10-06 10:05 - 00181760 _____ C:\Users\Admin\Downloads\SA dotace 2016-1.xls
2016-10-06 10:05 - 2016-10-06 10:05 - 00181760 _____ C:\Users\Admin\Downloads\SA dotace 2016-1 (1).xls
2016-10-06 09:58 - 2016-10-06 09:58 - 00154624 _____ C:\Users\Admin\Downloads\žádost o dotaci.xls
2016-10-06 08:51 - 2016-10-06 08:51 - 00134890 _____ C:\Users\Admin\Downloads\Rozpis-MČR-seniorů-a-seniorek-Vítkovice-08102016 (2).xlsx
2016-10-05 18:50 - 2016-10-05 18:50 - 00135464 _____ C:\Users\Admin\Downloads\Rozpis-MČR-ml.žáků-a-seniorů-Kladno-05112016.xlsx
2016-10-05 18:48 - 2016-10-05 18:48 - 00134890 _____ C:\Users\Admin\Downloads\Rozpis-MČR-seniorů-a-seniorek-Vítkovice-08102016 (1).xlsx
2016-09-25 18:52 - 2016-09-25 18:52 - 00000789 _____ C:\Windows\setupact.log
2016-09-25 18:52 - 2016-09-25 18:52 - 00000000 _____ C:\Windows\setuperr.log
2016-09-25 12:32 - 2016-09-28 08:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-23 07:57 - 2016-09-23 07:57 - 00048128 _____ C:\Users\Admin\Downloads\tabulka (2).xls
2016-09-23 07:56 - 2016-09-23 07:56 - 00352311 _____ C:\Users\Admin\Downloads\dokl_pro_riz_soutezi (1).zip
2016-09-23 07:54 - 2016-09-23 07:54 - 00516096 _____ C:\Users\Admin\Downloads\tvorba_rozpisu_soutezi.xls
2016-09-23 07:54 - 2016-09-23 07:54 - 00020992 _____ C:\Users\Admin\Downloads\predsestava_druzstva (2).xls
2016-09-22 03:00 - 2016-08-06 16:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-18 18:07 - 2016-09-18 18:07 - 00000346 _____ C:\Users\Admin\Downloads\ZL3CNbWYBbMyhDCivd4i21N8UneF2a9Zh2W3gCFrvlf9RyAXfcfX-DalfYFCMYVhf72Qx34
2016-09-17 03:04 - 2016-08-10 17:44 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-17 03:04 - 2016-08-10 17:43 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-17 03:04 - 2016-08-10 15:13 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-09-17 03:03 - 2016-08-12 20:56 - 00573952 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-17 03:03 - 2016-08-03 17:45 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-09-17 03:03 - 2016-08-03 16:21 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-17 03:03 - 2016-08-03 16:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-17 03:03 - 2016-08-03 16:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-17 03:02 - 2016-08-14 17:48 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-17 03:02 - 2016-08-14 16:21 - 02072064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-17 03:01 - 2016-08-12 21:03 - 03610344 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-09-17 03:01 - 2016-08-12 21:03 - 03558120 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-17 03:01 - 2016-08-12 20:55 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-16 13:47 - 2016-09-07 18:54 - 12859392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-16 13:47 - 2016-09-07 18:53 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-16 13:47 - 2016-09-07 18:52 - 09731584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-16 13:47 - 2016-09-07 18:51 - 01831424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-16 13:47 - 2016-09-07 18:51 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-16 13:47 - 2016-09-07 18:51 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-16 13:47 - 2016-09-07 18:51 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-16 13:47 - 2016-09-07 18:51 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-16 13:47 - 2016-09-07 18:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-16 13:47 - 2016-09-07 18:50 - 01789952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00711168 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00420352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-09-16 13:47 - 2016-09-07 18:50 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-09-12 16:54 - 2016-09-12 16:25 - 62321873 _____ C:\Users\Admin\Desktop\Nábřeží_sportu_2016_zápas.mp4
2016-09-12 16:23 - 2016-09-12 16:25 - 62321873 _____ C:\Users\Admin\Downloads\Nábřeží_sportu_2016_zápas.mp4
2016-09-12 14:40 - 2016-09-12 14:40 - 00134890 _____ C:\Users\Admin\Downloads\Rozpis-MČR-seniorů-a-seniorek-Vítkovice-08102016.xlsx
2016-09-10 23:09 - 2016-09-10 23:09 - 00000000 ____D C:\Users\Admin\Desktop\Nová složka

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-07 15:44 - 2015-10-26 09:31 - 00016494 _____ C:\Users\Admin\Desktop\FRST.txt
2016-10-07 15:44 - 2015-10-26 09:30 - 00000000 ____D C:\FRST
2016-10-07 15:40 - 2016-07-16 08:24 - 00000000 ____D C:\Users\Admin\Desktop\Plocha
2016-10-07 14:51 - 2016-09-03 16:41 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-07 14:40 - 2006-11-02 14:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-07 14:40 - 2006-11-02 14:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-06 21:00 - 2016-07-16 18:50 - 00024284 _____ C:\Windows\system32\debug.log
2016-10-06 20:40 - 2016-05-09 15:43 - 00000000 ____D C:\ProgramData\Spyware Terminator
2016-10-06 07:23 - 2016-09-03 16:41 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-06 07:22 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-05 23:24 - 2014-11-03 18:06 - 01241639 _____ C:\Windows\WindowsUpdate.log
2016-10-05 23:24 - 2006-11-02 15:01 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-05 18:41 - 2014-11-11 11:35 - 00000000 ____D C:\Program Files\TeamViewer
2016-09-28 20:04 - 2009-04-13 11:21 - 01531394 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-28 08:28 - 2016-08-27 11:55 - 00089096 _____ C:\Windows\PFRO.log
2016-09-28 08:28 - 2014-11-06 13:24 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-28 08:28 - 2014-11-06 13:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-25 08:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2016-09-25 08:27 - 2014-11-06 13:31 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2016-09-25 08:27 - 2014-11-06 13:24 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-09-25 08:27 - 2014-11-06 13:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-09-25 08:27 - 2014-11-06 13:24 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-22 20:53 - 2015-09-16 11:10 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-09-19 15:34 - 2015-07-23 14:26 - 00000000 ____D C:\Users\Admin\Desktop\Zápas
2016-09-19 15:31 - 2014-11-06 13:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-09-17 03:35 - 2006-11-02 14:47 - 00440800 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-17 03:16 - 2014-11-20 19:22 - 00000000 ____D C:\Windows\system32\MRT
2016-09-17 03:05 - 2006-11-02 12:24 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-09-17 03:01 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-09-13 18:33 - 2015-09-16 11:10 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

==================== Files in the root of some directories =======

2009-01-01 01:26 - 2014-11-03 18:43 - 0000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2014-12-14 23:55 - 2016-06-27 09:45 - 0030720 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-13 14:28 - 2016-06-13 14:28 - 0002128 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2015-10-18 20:43 - 2015-10-18 20:43 - 0000107 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Admin\Downloads\VF150205_094128_flv_middle.avi:TOC.WMV

==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Admin\Desktop" je 14198 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Admin\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Companion
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter
Re�im ECHO je vypnut.

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **Rudy** » 07 říj 2016 17:09

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Ram · #3 Příspěvek od **Ram** » 07 říj 2016 18:40

# AdwCleaner v6.021 - Log soubor vytvořen 07/10/2016 na 19:31:50
# Aktualizováno dne 06/10/2016 z ToolsLib
# Databáze : 2016-10-07.1 [Server]
# Operační systém : Windows Vista (TM) Business Service Pack 2 (X86)
# Uživatelské jméno : Admin - ADMIN-PC
# Beží od : C:\Users\Admin\Desktop\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

[-] Služby smazány:sp_rsdrv2

***** [ Adresáře ] *****

[-] Adresář smazán:C:\Users\Admin\AppData\Roaming\Mozila

***** [ Soubory ] *****

[-] Soubor smazán:C:\Windows\system32\lavasofttcpservice.dll
[-] Soubor smazán:C:\Windows\system32\drivers\sp_rsdrv2.sys

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupce ] *****

***** [ Plánovač úloh ] *****

***** [ Registry ] *****

[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Klíč smazán:HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\VbGUI.cToolbar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\VbGUI.cToolbarHost
[-] Klíč smazán:HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Hodnota smazána:HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\Software\Microsoft\Windows\CurrentVersion\Run [Samsung Appstore]
[#] Hodnota smazána po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Samsung Appstore]
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Web Companion

***** [ Prohlížeče ] *****

[-] Firefox nastavení vyčištěno:"browser.newtab.url" - "hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcomp ... 0317__yaff"
[-] Firefox nastavení vyčištěno:
[-] Firefox nastavení vyčištěno:

*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3187 Bajtů] - [24/10/2015 11:10:56]
C:\AdwCleaner\AdwCleaner[C2].txt - [3094 Bajtů] - [07/10/2016 19:31:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [2864 Bajtů] - [24/10/2015 11:08:10]
C:\AdwCleaner\AdwCleaner[S2].txt - [2941 Bajtů] - [24/10/2015 11:09:53]
C:\AdwCleaner\AdwCleaner[S3].txt - [3939 Bajtů] - [07/10/2016 19:28:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3390 Bajtů] ##########

#4 Příspěvek od **Rudy** » 07 říj 2016 19:17

Dejte nový log FRST.

Ram · #5 Příspěvek od **Ram** » 07 říj 2016 19:37

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-10-2015 02
Ran by Admin (administrator) on ADMIN-PC (07-10-2016 20:31:01)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Guest)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: "C:\Users\Admin\AppData\Roaming\mxnitro\MxNitro.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Crawler Group, LLC) C:\Program Files\Spyware Terminator\st_rsser.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Crawler Group, LLC) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-05-21] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [5321448 2016-04-09] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [5560040 2016-04-09] (Crawler Group, LLC)
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\MountPoints2: {10739d94-d791-11dd-8ef9-806e6f6e6963} - D:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\MountPoints2: {4d20bea3-2303-11e6-aed8-0021861c7da4} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.122.0.1 10.122.0.3
Tcpip\..\Interfaces\{9C2AA485-A9C4-4BB7-8011-A211EF514387}: [DhcpNameServer] 10.122.0.1 10.122.0.3

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2812501099-2658016741-2431437663-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2812501099-2658016741-2431437663-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-30] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5zg6t03q.default
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.seznam.cz/
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "198.71.82.108"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "198.71.82.108"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "198.71.82.108"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "198.71.82.108"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-25] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2812501099-2658016741-2431437663-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)
FF Extension: Firefox Hotfix - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5zg6t03q.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-09-25] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-13] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-06]
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-06]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-10]
CHR Extension: (Tabulky Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (vkkshgueg) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkmeeleimkfmcglckilghepakdadiakc [2016-10-02]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-06]
CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [2116840 2016-04-09] (Crawler Group, LLC)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2071064 2010-05-21] (Intel Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-22] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-08-30] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-30] (AVAST Software)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [191656 2010-01-08] (Intel Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [11296 2014-11-13] (Rsupport Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-07 20:30 - 2016-10-07 20:28 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
2016-10-07 20:26 - 2016-10-07 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Downloads\Nepotvrzeno 189679.crdownload
2016-10-07 19:36 - 2011-06-21 11:24 - 00032768 _____ C:\Windows\system32\Drivers\sp_rsdrv2.sys
2016-10-07 19:24 - 2016-10-07 19:24 - 03874368 _____ C:\Users\Admin\Desktop\AdwCleaner.exe
2016-10-07 15:48 - 2016-10-07 15:48 - 00012851 _____ C:\Users\Admin\Desktop\dds.txt
2016-10-07 15:48 - 2016-10-07 15:48 - 00004555 _____ C:\Users\Admin\Desktop\attach.txt
2016-10-07 15:46 - 2016-10-07 15:46 - 01107968 _____ C:\Users\Admin\Downloads\RSIT (1).exe
2016-10-07 15:46 - 2016-10-07 15:46 - 00688992 ____R (Swearware) C:\Users\Admin\Desktop\dds.exe
2016-10-07 15:45 - 2016-10-07 15:45 - 01107968 _____ C:\Users\Admin\Downloads\RSIT.exe
2016-10-07 15:34 - 2016-10-07 15:34 - 01755136 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2016-10-06 20:45 - 2016-10-06 22:22 - 1552763820 _____ C:\Users\Admin\Downloads\zápas.zip
2016-10-06 10:17 - 2016-10-06 10:17 - 00154624 _____ C:\Users\Admin\Downloads\žádost o dotaci (1).xls
2016-10-06 10:16 - 2016-10-06 10:16 - 00173056 _____ C:\Users\Admin\Downloads\zadost_sa-22.xls
2016-10-06 10:15 - 2016-10-06 10:15 - 00208384 _____ C:\Users\Admin\Downloads\vyuct_vs-1.xls
2016-10-06 10:14 - 2016-10-06 10:14 - 00203776 _____ C:\Users\Admin\Downloads\zadost_scn.xls
2016-10-06 10:11 - 2016-10-06 10:11 - 00060416 _____ C:\Users\Admin\Downloads\prehled_prispevku_REG_2010_2016.xls
2016-10-06 10:07 - 2016-10-06 10:07 - 00181760 _____ C:\Users\Admin\Downloads\SA dotace 2016-1 (2).xls
2016-10-06 10:05 - 2016-10-06 10:05 - 00181760 _____ C:\Users\Admin\Downloads\SA dotace 2016-1.xls
2016-10-06 10:05 - 2016-10-06 10:05 - 00181760 _____ C:\Users\Admin\Downloads\SA dotace 2016-1 (1).xls
2016-10-06 09:58 - 2016-10-06 09:58 - 00154624 _____ C:\Users\Admin\Downloads\žádost o dotaci.xls
2016-10-06 08:51 - 2016-10-06 08:51 - 00134890 _____ C:\Users\Admin\Downloads\Rozpis-MČR-seniorů-a-seniorek-Vítkovice-08102016 (2).xlsx
2016-10-05 18:50 - 2016-10-05 18:50 - 00135464 _____ C:\Users\Admin\Downloads\Rozpis-MČR-ml.žáků-a-seniorů-Kladno-05112016.xlsx
2016-10-05 18:48 - 2016-10-05 18:48 - 00134890 _____ C:\Users\Admin\Downloads\Rozpis-MČR-seniorů-a-seniorek-Vítkovice-08102016 (1).xlsx
2016-09-25 12:32 - 2016-09-28 08:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-23 07:57 - 2016-09-23 07:57 - 00048128 _____ C:\Users\Admin\Downloads\tabulka (2).xls
2016-09-23 07:56 - 2016-09-23 07:56 - 00352311 _____ C:\Users\Admin\Downloads\dokl_pro_riz_soutezi (1).zip
2016-09-23 07:54 - 2016-09-23 07:54 - 00516096 _____ C:\Users\Admin\Downloads\tvorba_rozpisu_soutezi.xls
2016-09-23 07:54 - 2016-09-23 07:54 - 00020992 _____ C:\Users\Admin\Downloads\predsestava_druzstva (2).xls
2016-09-22 03:00 - 2016-08-06 16:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-18 18:07 - 2016-09-18 18:07 - 00000346 _____ C:\Users\Admin\Downloads\ZL3CNbWYBbMyhDCivd4i21N8UneF2a9Zh2W3gCFrvlf9RyAXfcfX-DalfYFCMYVhf72Qx34
2016-09-17 03:04 - 2016-08-10 17:44 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-17 03:04 - 2016-08-10 17:43 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-17 03:04 - 2016-08-10 15:13 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-09-17 03:03 - 2016-08-12 20:56 - 00573952 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-17 03:03 - 2016-08-03 17:45 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-09-17 03:03 - 2016-08-03 16:21 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-17 03:03 - 2016-08-03 16:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-17 03:03 - 2016-08-03 16:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-17 03:02 - 2016-08-14 17:48 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-17 03:02 - 2016-08-14 16:21 - 02072064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-17 03:01 - 2016-08-12 21:03 - 03610344 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-09-17 03:01 - 2016-08-12 21:03 - 03558120 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-17 03:01 - 2016-08-12 20:55 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-16 13:47 - 2016-09-07 18:54 - 12859392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-16 13:47 - 2016-09-07 18:53 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-16 13:47 - 2016-09-07 18:52 - 09731584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-16 13:47 - 2016-09-07 18:51 - 01831424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-16 13:47 - 2016-09-07 18:51 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-16 13:47 - 2016-09-07 18:51 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-16 13:47 - 2016-09-07 18:51 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-16 13:47 - 2016-09-07 18:51 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-16 13:47 - 2016-09-07 18:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-16 13:47 - 2016-09-07 18:50 - 01789952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00711168 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00420352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-09-16 13:47 - 2016-09-07 18:50 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-09-16 13:47 - 2016-09-07 18:50 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-09-12 16:54 - 2016-09-12 16:25 - 62321873 _____ C:\Users\Admin\Desktop\Nábřeží_sportu_2016_zápas.mp4
2016-09-12 16:23 - 2016-09-12 16:25 - 62321873 _____ C:\Users\Admin\Downloads\Nábřeží_sportu_2016_zápas.mp4
2016-09-12 14:40 - 2016-09-12 14:40 - 00134890 _____ C:\Users\Admin\Downloads\Rozpis-MČR-seniorů-a-seniorek-Vítkovice-08102016.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-07 20:31 - 2015-10-26 09:31 - 00015665 _____ C:\Users\Admin\Desktop\FRST.txt
2016-10-07 20:31 - 2015-10-26 09:30 - 00000000 ____D C:\FRST
2016-10-07 20:28 - 2016-07-16 08:24 - 00000000 ____D C:\Users\Admin\Desktop\Plocha
2016-10-07 19:53 - 2015-03-10 11:15 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2016-10-07 19:48 - 2015-05-28 08:10 - 00000000 ____D C:\Windows\Minidump
2016-10-07 19:46 - 2016-09-03 16:41 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-07 19:41 - 2014-11-03 18:06 - 01245455 ____N C:\Windows\WindowsUpdate.log
2016-10-07 19:40 - 2016-07-16 18:50 - 00024493 _____ C:\Windows\system32\debug.log
2016-10-07 19:36 - 2016-09-03 16:41 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-07 19:34 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-07 19:34 - 2006-11-02 14:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-07 19:34 - 2006-11-02 14:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-07 19:33 - 2006-11-02 15:01 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-07 19:31 - 2015-10-24 11:08 - 00000000 ____D C:\AdwCleaner
2016-10-07 15:46 - 2015-10-23 22:19 - 00000000 ____D C:\Program Files\trend micro
2016-10-06 20:40 - 2016-05-09 15:43 - 00000000 ____D C:\ProgramData\Spyware Terminator
2016-10-05 18:41 - 2014-11-11 11:35 - 00000000 ____D C:\Program Files\TeamViewer
2016-09-28 20:04 - 2009-04-13 11:21 - 01531394 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-28 08:28 - 2014-11-06 13:24 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-28 08:28 - 2014-11-06 13:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-25 08:30 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2016-09-25 08:27 - 2014-11-06 13:31 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2016-09-25 08:27 - 2014-11-06 13:24 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-09-25 08:27 - 2014-11-06 13:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-09-25 08:27 - 2014-11-06 13:24 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-22 20:53 - 2015-09-16 11:10 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-09-19 15:31 - 2014-11-06 13:21 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2016-09-17 03:35 - 2006-11-02 14:47 - 00440800 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-17 03:16 - 2014-11-20 19:22 - 00000000 ____D C:\Windows\system32\MRT
2016-09-17 03:05 - 2006-11-02 12:24 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-09-17 03:01 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-09-13 18:33 - 2015-09-16 11:10 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

==================== Files in the root of some directories =======

2009-01-01 01:26 - 2014-11-03 18:43 - 0000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2014-12-14 23:55 - 2016-06-27 09:45 - 0030720 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-13 14:28 - 2016-06-13 14:28 - 0002128 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel
2015-10-18 20:43 - 2015-10-18 20:43 - 0000107 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\libeay32.dll
C:\Users\Admin\AppData\Local\Temp\msvcr120.dll
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Admin\Desktop" je 20864 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Admin\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar
C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter
Re�im ECHO je vypnut.

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#6 Příspěvek od **Rudy** » 07 říj 2016 19:44

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\MountPoints2: {10739d94-d791-11dd-8ef9-806e6f6e6963} - D:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\MountPoints2: {4d20bea3-2303-11e6-aed8-0021861c7da4} - "E:\WD Drive Unlock.exe" autoplay=true
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Admin\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\Admin\Desktop" je 20864 MB.

To je příliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\Admin novou složku, do které přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak pro snazší přístup dejte zástupce té složky.

Ram · #7 Příspěvek od **Ram** » 07 říj 2016 20:11

Díky moc.

Fix result of Farbar Recovery Scan Tool (x86) Version:25-10-2015 02
Ran by Admin (2016-10-07 21:04:52) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\MountPoints2: {10739d94-d791-11dd-8ef9-806e6f6e6963} - D:\hbcd\wintools\autorun.exe
HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\...\MountPoints2: {4d20bea3-2303-11e6-aed8-0021861c7da4} - "E:\WD Drive Unlock.exe" autoplay=true
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [239880 2016-03-11] (McAfee, Inc.)
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Admin\AppData\Local\Temp
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
"HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10739d94-d791-11dd-8ef9-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{10739d94-d791-11dd-8ef9-806e6f6e6963} => key not found.
"HKU\S-1-5-21-2812501099-2658016741-2431437663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d20bea3-2303-11e6-aed8-0021861c7da4}" => key removed successfully.
HKCR\CLSID\{4d20bea3-2303-11e6-aed8-0021861c7da4} => key not found.
McComponentHostService => service removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\Admin\AppData\Local\Temp" folder move:

Could not move "C:\Users\Admin\AppData\Local\Temp" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-10-07 21:07:47)

C:\Users\Admin\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:08:13 ====

#8 Příspěvek od **Rudy** » 07 říj 2016 20:21

Smazáno. Nastala nějaká změna?

Ram · #9 Příspěvek od **Ram** » 07 říj 2016 20:39

FB zatím nic nerozesílá, plochu jsem snížil na 67MB. Ale rychlost nadále špatná. Koukal jsem na váš WEB zrychlenipc.cz a chci vyměnit disk za SSD. I když je toto web o bezpečnosti, neřešilo se jak pod vyměnit disk, ale aktuální windows zachovat a jen je přehdit na nový SSD?

Díky moc.

#10 Příspěvek od **Rudy** » 07 říj 2016 21:22

Musel byste použít soft, který vám udělá přesnou kopii disku (např. Acronis True Image) a přímo přenese na nový disk. Na něm pak bude totéž, co na původním, vč. aplikací.

VIRY.CZ

Rozesílání spamu - Facebook

Rozesílání spamu - Facebook

Re: Rozesílání spamu - Facebook

Re: Rozesílání spamu - Facebook

Re: Rozesílání spamu - Facebook

Re: Rozesílání spamu - Facebook

Re: Rozesílání spamu - Facebook

Re: Rozesílání spamu - Facebook

Re: Rozesílání spamu - Facebook

Re: Rozesílání spamu - Facebook

Re: Rozesílání spamu - Facebook