Vyskakovací okna v prohlížeči

Zpráva

jislave · #1 Příspěvek od **jislave** » 05 lis 2016 16:57

Prosím o kontrolu logu. Ve všech prohlížečích mi vyskakujou nechtěná okna. Díky.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:54:54, on 5.11.2016
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)

FIREFOX: 32.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\iveta\Desktop\Downloads\HijackThis.exe
C:\totalcmd\TOTALCMD.EXE
C:\Stahnuti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://noneblock.info/wpad.dat?b44fb307 ... 2f18462568
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Launcher3010] "C:\Program Files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox Phaser 3010
O4 - HKLM\..\Run: [3010 RUN] "C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun3010] "C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox Phaser 3010,hide,\S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: XRcnStatutsDatabase (XRNADB) - Unknown owner - C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe

--
End of file - 8147 bytes

#2 Příspěvek od **Rudy** » 05 lis 2016 17:38

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . HijackThis je už za zenitem.

jislave · #3 Příspěvek od **jislave** » 05 lis 2016 20:29

FRST launcher mi nejde stahnout ani kdyz vypnu antivir, je treba jej take stahovat?

#4 Příspěvek od **Rudy** » 05 lis 2016 21:01

OK. Dejte samotný FRST.

jislave · #5 Příspěvek od **jislave** » 05 lis 2016 21:34

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-11-2016
Ran by iveta (administrator) on IVETA-PC (05-11-2016 21:07:34)
Running from C:\Stahnuti
Loaded Profiles: iveta (Available Profiles: iveta)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Greatis Software) C:\Program Files\UnHackMe\hackmon.exe
() C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\System32\SysMonitor.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe
() C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Trend Micro Inc.) C:\Users\iveta\Desktop\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80_1\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80_1\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80_1\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80_1\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80_1\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80_1\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80_1\opera.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80_1\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4390912 2007-02-15] (Realtek Semiconductor)
HKLM\...\Run: [Acer Tour] => [X]
HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Windows\system32\SysMonitor.exe [319488 2006-11-23] ()
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [Launcher3010] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2570752 2011-04-19] (Xerox)
HKLM\...\Run: [3010 RUN] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [357376 2012-07-16] ()
HKLM\...\Run: [StatusAutoRun3010] => C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [3166720 2012-07-16] ()
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13535776 2008-06-19] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-06-19] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9099440 2016-10-30] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\...\Run: [**<*>] => [X] <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\...\Run: [捁牥吠畯⁲敒業摮牥] => 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6889176 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ACER(N~1.SCR [187392 2006-10-19] ()
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ACER(N~1.SCR [187392 2006-10-19] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2006-01-04]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2006-01-04]
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
BootExecute: autocheck autochk * sdnclean.exePartizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-18] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 77.48.254.254 77.48.100.254
Tcpip\..\Interfaces\{16263BE6-15D2-4D99-B608-8BA5256FC1C0}: [DhcpNameServer] 77.48.254.254 77.48.100.254
ManualProxies: 0hxxp://noneblock.info/wpad.dat?b44fb3070a882ecf42b5657846ad912f18462568

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://cs.intl.acer.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://cs.intl.acer.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://uk.yahoo.com
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-1039613538-574043473-2394492115-1000 -> DefaultScope {F0D5AF38-A64C-4A73-9265-BCB6503845C8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-1039613538-574043473-2394492115-1000 -> {F0D5AF38-A64C-4A73-9265-BCB6503845C8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: No Name -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-30] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\iveta\AppData\Roaming\Mozilla\Firefox\Profiles\7z88zxbv.default [2016-11-05]
FF Homepage: Mozilla\Firefox\Profiles\7z88zxbv.default -> www.seznam.cz
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-10-30] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-1039613538-574043473-2394492115-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\iveta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default [2016-11-05]
CHR Extension: (Dokumenty Google) - C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-31]
CHR Extension: (Disk Google) - C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-31]
CHR Extension: (YouTube) - C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-31]
CHR Extension: (Avast Online Security) - C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-31]
CHR Extension: (Gmail) - C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-31]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

Opera:
=======
OPR Extension: (Bookmarks Import & Export) - C:\Users\iveta\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2016-10-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-12-29] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [45056 2006-12-08] (Acer Inc.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [143360 2005-01-21] () [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 XRNADB; C:\Program Files\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [80896 2012-07-16] () [File not signed]
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-22] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-09-09] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-09-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-18] (Společnost Microsoft)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1081912 2008-01-18] (Společnost Microsoft)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2006-01-04] (NewTech Infosystems, Inc.) [File not signed]
U0 Partizan; C:\Windows\System32\drivers\Partizan.sys [40304 2016-11-05] (Greatis Software) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-05 21:07 - 2016-11-05 21:07 - 00000000 ____D C:\FRST
2016-11-05 16:52 - 2016-11-05 21:07 - 00000000 ____D C:\Stahnuti
2016-11-05 16:50 - 2016-11-05 16:51 - 00000000 ____D C:\totalcmd
2016-11-05 16:50 - 2016-11-05 16:50 - 00000588 _____ C:\Users\Public\Desktop\Total Commander.lnk
2016-11-05 16:50 - 2016-11-05 16:50 - 00000000 ____D C:\Users\iveta\AppData\Roaming\GHISLER
2016-11-05 16:50 - 2016-11-05 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-11-05 16:50 - 2015-09-17 08:52 - 00000545 _____ C:\Windows\UC.PIF
2016-11-05 16:50 - 2015-09-17 08:52 - 00000545 _____ C:\Windows\RAR.PIF
2016-11-05 16:50 - 2015-09-17 08:52 - 00000545 _____ C:\Windows\PKZIP.PIF
2016-11-05 16:50 - 2015-09-17 08:52 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2016-11-05 16:50 - 2015-09-17 08:52 - 00000545 _____ C:\Windows\LHA.PIF
2016-11-05 16:50 - 2015-09-17 08:52 - 00000545 _____ C:\Windows\ARJ.PIF
2016-11-05 16:25 - 2016-11-05 16:47 - 00000000 ____D C:\AdwCleaner
2016-11-05 16:04 - 2016-11-05 16:36 - 00000262 _____ C:\Windows\system32\PARTIZAN.TXT
2016-11-05 16:02 - 2016-11-05 16:02 - 00000000 ____D C:\@RestoreQuarantine
2016-11-05 15:30 - 2016-11-05 15:38 - 00000000 ____D C:\Users\iveta\AppData\Local\FreeFixer
2016-11-05 15:30 - 2016-11-05 15:30 - 00000000 ____D C:\Users\iveta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2016-11-05 15:30 - 2016-11-05 15:30 - 00000000 ____D C:\Users\iveta\AppData\Roaming\FreeFixer
2016-11-05 15:30 - 2016-11-05 15:30 - 00000000 ____D C:\Program Files\FreeFixer
2016-11-05 15:18 - 2016-11-05 16:17 - 00000000 ____D C:\ProgramData\RegRun
2016-11-05 15:17 - 2016-11-05 15:17 - 00040304 _____ (Greatis Software) C:\Windows\system32\Drivers\Partizan.sys
2016-11-05 15:14 - 2016-11-05 20:26 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-11-05 15:14 - 2016-11-05 20:26 - 00000000 ____D C:\Users\iveta\Documents\RegRun2
2016-11-05 15:14 - 2016-11-05 15:15 - 00000000 ____D C:\Program Files\UnHackMe
2016-11-05 15:14 - 2016-11-05 15:14 - 00000808 _____ C:\Users\iveta\Desktop\UnHackMe.lnk
2016-11-05 15:14 - 2016-11-05 15:14 - 00000002 RSHOT C:\Windows\winstart.bat
2016-11-05 15:14 - 2016-11-05 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-11-05 15:14 - 2016-11-01 13:08 - 00015016 _____ (Greatis Software, LLC.) C:\Windows\system32\Drivers\UnHackMeDrv.sys
2016-11-05 15:14 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2016-11-05 14:56 - 2016-11-05 14:56 - 00000807 _____ C:\Users\Public\Desktop\Opera 36.lnk
2016-11-05 14:56 - 2016-11-05 14:56 - 00000807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 36.lnk
2016-11-05 14:34 - 2016-11-05 14:34 - 00000808 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-05 14:34 - 2016-11-05 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-05 14:34 - 2016-11-05 14:34 - 00000000 ____D C:\Program Files\CCleaner
2016-10-31 21:26 - 2016-10-31 21:26 - 00000161 _____ C:\Windows\AutoKMS.ini
2016-10-31 21:11 - 2016-10-31 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-10-31 21:11 - 2016-10-31 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-10-31 21:08 - 2016-10-31 21:08 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2016-10-31 21:08 - 2016-10-31 21:08 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-10-31 21:07 - 2016-10-31 21:07 - 00000000 ____D C:\Windows\PCHEALTH
2016-10-31 21:02 - 2016-10-31 21:02 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-10-31 21:00 - 2016-10-31 21:00 - 00000000 __RHD C:\MSOCache
2016-10-31 20:31 - 2016-10-31 20:31 - 00000000 ____D C:\Users\iveta\Desktop\Ms-Office-2010-Pro+
2016-10-31 15:15 - 2016-10-31 15:15 - 00001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-31 15:15 - 2016-10-31 15:15 - 00001975 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-31 15:13 - 2016-11-05 20:24 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-31 15:13 - 2016-11-05 16:36 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-31 15:13 - 2016-10-31 15:14 - 00000000 ____D C:\Program Files\Google
2016-10-31 15:01 - 2016-11-05 20:25 - 00000000 ___SD C:\Users\iveta\AppData\LocalLow\Temp
2016-10-31 09:47 - 2009-05-06 20:35 - 00000000 ____D C:\Users\iveta\Desktop\testdisk-6.11.3
2016-10-30 17:44 - 2016-10-31 10:17 - 00000000 ____D C:\Program Files\Recuva
2016-10-30 17:44 - 2016-10-30 17:44 - 00001638 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-10-30 17:44 - 2016-10-30 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-10-30 16:58 - 2008-05-27 06:21 - 01582592 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2016-10-30 16:58 - 2008-05-27 06:21 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2016-10-30 16:58 - 2008-05-27 06:18 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2016-10-30 16:58 - 2008-05-27 06:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll
2016-10-30 16:58 - 2008-05-27 06:18 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 06103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2016-10-30 16:58 - 2008-05-27 06:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2016-10-30 16:58 - 2008-05-27 06:17 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2016-10-30 16:58 - 2008-05-27 05:59 - 00106605 _____ C:\Windows\system32\StructuredQuerySchema.bin
2016-10-30 16:58 - 2008-05-27 05:59 - 00018904 _____ C:\Windows\system32\StructuredQuerySchemaTrivial.bin
2016-10-30 16:58 - 2007-11-08 10:04 - 11967524 _____ C:\Windows\system32\korwbrkr.lex
2016-10-30 16:55 - 2010-04-14 18:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2016-10-30 16:55 - 2010-04-14 18:47 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2016-10-30 16:55 - 2010-04-14 18:46 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2016-10-30 16:17 - 2010-10-28 13:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-30 15:59 - 2009-10-09 22:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2016-10-30 15:58 - 2009-10-09 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-30 15:58 - 2009-10-09 22:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2016-10-30 15:58 - 2009-10-09 22:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2016-10-30 15:58 - 2009-10-09 22:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2016-10-30 15:58 - 2009-10-09 22:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-30 15:58 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-30 15:58 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2016-10-30 15:58 - 2009-10-09 22:55 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2016-10-30 15:58 - 2009-10-09 22:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2016-10-30 15:58 - 2009-10-09 22:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2016-10-30 15:58 - 2009-10-09 22:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2016-10-30 15:58 - 2009-10-09 22:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-30 15:58 - 2009-08-01 07:27 - 00201184 _____ C:\Windows\system32\winrm.vbs
2016-10-30 15:58 - 2009-07-16 18:30 - 00004675 _____ C:\Windows\system32\wsmanconfig_schema.xml
2016-10-30 15:58 - 2009-07-16 18:30 - 00002426 _____ C:\Windows\system32\WsmTxt.xsl
2016-10-30 15:57 - 2009-10-09 22:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-30 15:57 - 2009-10-09 22:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-30 15:57 - 2009-10-09 22:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2016-10-30 15:57 - 2009-10-09 22:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-30 15:57 - 2009-10-09 22:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-30 14:52 - 2016-10-13 12:28 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\asw82FD.tmp
2016-10-30 14:52 - 2016-09-22 18:16 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\asw82AE.tmp
2016-10-30 14:52 - 2016-09-13 12:54 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7E84.tmp
2016-10-30 14:52 - 2016-09-09 16:24 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-10-30 14:52 - 2016-09-09 16:24 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8493.tmp
2016-10-30 14:52 - 2016-09-09 16:24 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\asw81E1.tmp
2016-10-30 14:52 - 2016-09-09 16:24 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\asw857E.tmp
2016-10-30 14:52 - 2016-09-09 16:24 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8049.tmp
2016-10-30 14:52 - 2016-09-09 16:24 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8230.tmp
2016-10-30 14:52 - 2016-09-09 16:24 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7E35.tmp
2016-10-30 14:52 - 2016-09-09 16:24 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8192.tmp
2016-10-29 13:19 - 2016-10-29 13:19 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2016-10-29 13:19 - 2016-10-29 13:19 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-10-29 13:15 - 2016-10-31 21:04 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2016-10-29 13:14 - 2016-10-29 13:14 - 00000000 ____D C:\Program Files\Microsoft Analysis Services(601)
2016-10-29 13:06 - 2015-05-09 16:24 - 00000000 ____D C:\Users\iveta\Desktop\Ms Office 2010 Pro+
2016-10-29 12:34 - 2016-10-31 20:52 - 00000006 _____ C:\ScrubRetValFile.txt
2016-10-27 13:29 - 2016-10-27 13:29 - 00059670 _____ C:\Users\iveta\Desktop\Potvrzení o účasti na DN.pdf
2016-10-23 20:24 - 2016-10-07 11:56 - 435269354 _____ C:\Users\iveta\Desktop\Sparta - Slavia 18.9.2000.mpg
2016-10-22 15:01 - 2010-09-10 19:18 - 10626560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-22 15:01 - 2010-09-10 17:37 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-22 15:00 - 2011-06-02 13:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-22 15:00 - 2011-04-14 15:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-22 15:00 - 2011-03-02 15:49 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-10-22 15:00 - 2011-03-02 15:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-10-22 15:00 - 2011-02-16 16:29 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-10-22 15:00 - 2011-02-16 14:24 - 00292864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-10-22 15:00 - 2010-12-29 18:41 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-10-22 15:00 - 2010-12-29 18:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2016-10-22 15:00 - 2010-12-29 18:41 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2016-10-22 15:00 - 2010-12-29 18:39 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2016-10-22 15:00 - 2010-12-28 15:57 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2016-10-22 15:00 - 2010-12-14 16:49 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2016-10-22 15:00 - 2010-06-28 17:15 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-10-22 15:00 - 2010-06-16 16:12 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-10-22 15:00 - 2010-05-27 20:16 - 00081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll
2016-10-22 15:00 - 2010-04-16 17:10 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-22 15:00 - 2010-04-16 17:10 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-10-22 15:00 - 2009-05-04 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2016-10-22 14:59 - 2011-04-29 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-10-22 14:59 - 2011-04-29 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-10-22 14:59 - 2011-01-21 16:46 - 11582464 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-22 14:59 - 2011-01-21 16:46 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2016-10-22 14:59 - 2010-12-20 16:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-10-22 14:59 - 2010-06-18 17:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2016-10-22 14:59 - 2010-06-11 16:30 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-10-22 14:59 - 2008-08-02 04:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-10-22 14:59 - 2008-08-02 02:01 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-10-22 14:59 - 2008-06-26 04:29 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2016-10-22 14:59 - 2008-06-26 04:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2016-10-22 14:59 - 2008-05-20 03:07 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2016-10-22 14:58 - 2008-05-08 22:59 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2016-10-22 14:58 - 2008-05-08 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2016-10-22 14:58 - 2008-05-08 22:59 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2016-10-22 14:58 - 2008-05-08 22:59 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll
2016-10-22 14:58 - 2008-05-08 22:58 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2016-10-22 14:58 - 2008-05-08 22:58 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2016-10-22 14:51 - 2011-04-20 15:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-22 14:51 - 2011-04-20 15:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-22 14:45 - 2010-06-16 16:59 - 00898952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-10-22 14:43 - 2011-04-29 15:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-18 18:57 - 2016-10-30 15:45 - 00000000 ____D C:\Program Files\Microsoft Toolkit Final
2016-10-18 18:57 - 2009-11-08 18:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2016-10-18 18:57 - 2009-11-08 18:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2016-10-18 18:57 - 2009-11-08 18:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2016-10-18 18:57 - 2009-11-08 18:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2016-10-18 18:57 - 2009-11-08 18:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2016-10-18 18:47 - 2016-10-18 18:47 - 00008829 _____ C:\Users\iveta\Desktop\Nový List aplikace Microsoft Excel.xlsx
2016-10-18 18:44 - 2016-10-18 18:44 - 00000000 ____D C:\Users\iveta\AppData\Roaming\OpenOffice
2016-10-18 18:27 - 2016-10-30 14:48 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-10-18 18:27 - 2016-10-18 18:27 - 00000965 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-10-18 18:25 - 2016-10-18 18:26 - 00000000 ____D C:\Program Files\OpenOffice 4
2016-10-18 18:20 - 2016-10-30 15:45 - 00000000 ____D C:\Program Files\KMSPico 10.0.6
2016-10-18 17:48 - 2016-10-18 17:48 - 00000000 ____D C:\Program Files\Microsoft Analysis Services(97)
2016-10-18 10:54 - 2016-10-30 17:20 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-10-13 17:08 - 2016-10-13 17:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_00_00.Wdf
2016-10-11 14:31 - 2016-10-11 19:02 - 00000000 ____D C:\ProgramData\tmp
2016-10-11 14:31 - 2016-10-11 14:44 - 00000000 ____D C:\ProgramData\hps
2016-10-11 14:30 - 2016-10-11 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotolab Fotosvet
2016-10-11 14:25 - 2016-10-30 18:21 - 00000000 ____D C:\Users\iveta\Desktop\Fotka
2016-10-11 14:23 - 2016-10-11 14:23 - 00000000 ____D C:\Program Files\Fotolab

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-05 21:04 - 2013-04-22 16:34 - 00000000 ____D C:\Users\iveta\AppData\Roaming\Skype
2016-11-05 20:36 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-05 20:36 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-05 16:50 - 2013-04-12 19:42 - 00000000 ____D C:\Users\iveta\AppData\Local\VirtualStore
2016-11-05 16:43 - 2007-01-08 22:09 - 00607232 _____ C:\Windows\system32\perfh005.dat
2016-11-05 16:43 - 2007-01-08 22:09 - 00117912 _____ C:\Windows\system32\perfc005.dat
2016-11-05 16:43 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-11-05 16:43 - 2006-11-02 11:33 - 01418258 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-05 16:36 - 2015-06-22 10:28 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-11-05 16:36 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-05 16:34 - 2006-11-02 14:01 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-05 16:33 - 2013-04-12 19:40 - 00000000 ____D C:\Program Files\Yahoo!
2016-11-05 15:53 - 2016-07-14 07:16 - 00000996 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-11-05 15:53 - 2016-07-14 07:16 - 00000984 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-11-05 15:14 - 2006-11-02 11:23 - 00002577 _____ C:\Windows\system32\config.nt
2016-11-05 15:14 - 2006-11-02 11:23 - 00001688 _____ C:\Windows\system32\autoexec.nt
2016-11-05 14:56 - 2015-04-30 08:35 - 00000000 ____D C:\Program Files\Opera
2016-11-05 14:38 - 2013-06-20 20:10 - 00000000 ____D C:\Windows\Minidump
2016-11-05 14:38 - 2006-01-04 11:41 - 00000000 ____D C:\Windows\Panther
2016-10-31 21:24 - 2013-04-12 19:43 - 00106832 _____ C:\Users\iveta\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-31 21:24 - 2006-11-02 13:47 - 00397440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-31 21:10 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\ShellNew
2016-10-31 21:10 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-10-31 21:09 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\MSBuild
2016-10-31 21:07 - 2013-10-30 14:31 - 00000000 ____D C:\Program Files\Microsoft Office
2016-10-31 21:03 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-10-31 21:03 - 2006-11-02 11:23 - 00000219 _____ C:\Windows\win.ini
2016-10-31 15:15 - 2013-04-12 20:00 - 00000000 ____D C:\Users\iveta\AppData\Local\Google
2016-10-31 15:00 - 2014-12-20 20:52 - 00000000 ____D C:\Users\iveta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online
2016-10-31 14:51 - 2016-07-29 19:21 - 00002575 _____ C:\Users\iveta\Desktop\Microsoft Excel 2010.lnk
2016-10-31 14:45 - 2013-04-12 19:42 - 00000953 _____ C:\Users\iveta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-31 09:44 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2016-10-30 18:21 - 2013-04-12 19:37 - 00000000 ____D C:\Users\iveta
2016-10-30 17:20 - 2016-07-14 07:45 - 00000000 ___RD C:\Program Files\Skype
2016-10-30 17:20 - 2016-07-07 19:26 - 00000000 ____D C:\Users\iveta\AppData\Local\Microsoft Help
2016-10-30 17:20 - 2015-06-22 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-10-30 17:20 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Movie Maker
2016-10-30 17:20 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2016-10-30 17:20 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2016-10-30 17:20 - 2006-01-04 04:07 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-10-30 17:10 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-10-30 16:46 - 2016-06-10 12:38 - 00000000 ____D C:\Windows\system32\MRT
2016-10-30 16:24 - 2006-11-02 11:24 - 141042968 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-10-30 15:59 - 2015-04-30 08:36 - 00000000 ____D C:\Users\iveta\AppData\Local\Opera Software
2016-10-30 15:46 - 2006-11-02 11:22 - 36700160 _____ C:\Windows\system32\config\software_previous
2016-10-30 15:46 - 2006-11-02 11:22 - 29097984 _____ C:\Windows\system32\config\components_previous
2016-10-30 15:46 - 2006-11-02 11:22 - 27787264 _____ C:\Windows\system32\config\system_previous
2016-10-30 15:46 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2016-10-30 15:46 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2016-10-30 15:46 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2016-10-30 15:45 - 2015-04-30 08:36 - 00000000 ____D C:\Users\iveta\AppData\Roaming\Opera Software
2016-10-30 15:45 - 2014-05-02 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macmillan
2016-10-30 15:45 - 2014-05-02 13:51 - 00000000 ____D C:\Program Files\Macmillan
2016-10-30 15:45 - 2013-06-15 18:48 - 00000000 ____D C:\Users\iveta\AppData\LocalLow\Unity
2016-10-30 15:45 - 2013-06-15 18:48 - 00000000 ____D C:\Users\iveta\AppData\Local\Unity
2016-10-30 14:53 - 2015-06-22 10:21 - 00001833 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-10-30 14:48 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2016-10-22 15:45 - 2013-04-22 16:33 - 00000000 ____D C:\ProgramData\Skype
2016-10-18 18:53 - 2014-09-12 20:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-13 12:28 - 2015-06-22 10:20 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys

==================== Files in the root of some directories =======

2014-12-20 20:51 - 2001-01-01 00:00 - 0168128 _____ () C:\Program Files\DSJ.EXE
2013-05-07 18:03 - 2016-07-06 16:47 - 0035328 _____ () C:\Users\iveta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-07 18:50 - 2014-02-07 18:50 - 0000844 _____ () C:\Users\iveta\AppData\Local\recently-used.xbel
2015-11-23 10:13 - 2015-11-23 10:13 - 0000000 _____ () C:\Users\iveta\AppData\Local\{C4A69194-D4E0-41C7-A6F5-CED8EC79C7D6}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-05 16:42

==================== End of FRST.txt ============================

#6 Příspěvek od **Rudy** » 05 lis 2016 22:04

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [Acer Tour] => [X]
HKLM\...\Run: [eRecoveryService] => [X]
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\...\Run: [**<*>] => [X] <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\...\Run: [捁牥吠畯⁲敒業摮牥] => 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e
BHO: No Name -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> No File
C:\Windows\system32\winrm.vbs
C:\Windows\system32\Drivers\asw82FD.tmp
C:\Windows\system32\Drivers\asw82AE.tmp
C:\Windows\system32\Drivers\asw7E84.tmp
C:\Windows\system32\Drivers\asw8493.tmp
C:\Windows\system32\Drivers\asw81E1.tmp
C:\Windows\system32\Drivers\asw857E.tmp
C:\Windows\system32\Drivers\asw8049.tmp
C:\Windows\system32\Drivers\asw8230.tmp
C:\Windows\system32\Drivers\asw7E35.tmp
C:\Windows\system32\Drivers\asw8192.tmp
C:\Program Files\KMSPico 10.0.6
End

Uložte do C:\Stahnuti jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

jislave · #7 Příspěvek od **jislave** » 06 lis 2016 09:42

Fix result of Farbar Recovery Scan Tool (x86) Version: 03-11-2016
Ran by iveta (06-11-2016 09:41:44) Run:1
Running from C:\Stahnuti
Loaded Profiles: iveta (Available Profiles: iveta)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [Acer Tour] => [X]
HKLM\...\Run: [eRecoveryService] => [X]
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\...\Run: [**<*>] => [X] <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\...\Run: [捁牥吠畯⁲敒業摮牥] => 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e
BHO: No Name -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> No File
C:\Windows\system32\winrm.vbs
C:\Windows\system32\Drivers\asw82FD.tmp
C:\Windows\system32\Drivers\asw82AE.tmp
C:\Windows\system32\Drivers\asw7E84.tmp
C:\Windows\system32\Drivers\asw8493.tmp
C:\Windows\system32\Drivers\asw81E1.tmp
C:\Windows\system32\Drivers\asw857E.tmp
C:\Windows\system32\Drivers\asw8049.tmp
C:\Windows\system32\Drivers\asw8230.tmp
C:\Windows\system32\Drivers\asw7E35.tmp
C:\Windows\system32\Drivers\asw8192.tmp
C:\Program Files\KMSPico 10.0.6
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService => value removed successfully.
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**<*> => value removed successfully.
HKU\S-1-5-21-1039613538-574043473-2394492115-1000\Software\Microsoft\Windows\CurrentVersion\Run\\捁牥吠畯⁲敒業摮牥 => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}" => key removed successfully.
HKCR\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} => key not found.
C:\Windows\system32\winrm.vbs => moved successfully
C:\Windows\system32\Drivers\asw82FD.tmp => moved successfully
C:\Windows\system32\Drivers\asw82AE.tmp => moved successfully
C:\Windows\system32\Drivers\asw7E84.tmp => moved successfully
C:\Windows\system32\Drivers\asw8493.tmp => moved successfully
C:\Windows\system32\Drivers\asw81E1.tmp => moved successfully
C:\Windows\system32\Drivers\asw857E.tmp => moved successfully
C:\Windows\system32\Drivers\asw8049.tmp => moved successfully
C:\Windows\system32\Drivers\asw8230.tmp => moved successfully
C:\Windows\system32\Drivers\asw7E35.tmp => moved successfully
C:\Windows\system32\Drivers\asw8192.tmp => moved successfully
C:\Program Files\KMSPico 10.0.6 => moved successfully

==== End of Fixlog 09:41:45 ====

#8 Příspěvek od **Rudy** » 06 lis 2016 11:12

Smazáno. Nastala nějaká změna?

jislave · #9 Příspěvek od **jislave** » 06 lis 2016 15:08

Stále vyskakují různé reklamy v prohlížeči.

#10 Příspěvek od **Rudy** » 06 lis 2016 17:59

Udělejte ještě tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

jislave · #11 Příspěvek od **jislave** » 06 lis 2016 19:39

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by iveta on ne 06.11.2016 at 18:56:12,53.
Microsoft® Windows Vista™ Home Premium 6.0.6001 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\iveta\Desktop\zoek (1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-11-06-173211.log 10958 bytes
C:\zoek-results2016-11-06-173637.log 1236 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\iveta\AppData\Roaming\Mozilla\Firefox\Profiles\7z88zxbv.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\iveta\AppData\Roaming\Mozilla\Firefox\Profiles\7z88zxbv.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\iveta\AppData\Roaming\Mozilla\Firefox\Profiles\7z88zxbv.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [30.10.2016 17:20]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\iveta\AppData\Roaming\Mozilla\Firefox\Profiles\7z88zxbv.default
BE501CBC29B2025A263D80D399F1797A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
865250E2742E49C02B0C4307AB042478 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat
B27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... rer:source?}
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\iveta\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\iveta\AppData\Roaming\Opera Software\Opera Stable\Web Data will be reset at reboot
C:\Users\iveta\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal will be reset at reboot

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\iveta\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot
C:\Users\iveta\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=169 folders=79 12509337 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\iveta\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\iveta\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\iveta\AppData\Roaming\Opera Software\Opera Stable\Web Data" not found
"C:\Users\iveta\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal" not found
"C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\iveta\AppData\Local\Opera Software\Opera Stable\Cache\data_0" deleted
"C:\Users\iveta\AppData\Local\Opera Software\Opera Stable\Cache\data_1" deleted
"C:\Users\iveta\AppData\Local\Opera Software\Opera Stable\Cache\data_2" deleted
"C:\Users\iveta\AppData\Local\Opera Software\Opera Stable\Cache\data_3" deleted
"C:\Users\iveta\AppData\Local\Opera Software\Opera Stable\Cache\index" deleted

==== EOF on ne 06.11.2016 at 19:25:10,63 ======================

jislave · #12 Příspěvek od **jislave** » 06 lis 2016 19:39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows Vista (TM) Home Premium x86
Ran by iveta (Administrator) on ne 06.11.2016 at 19:33:34,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 20

Successfully deleted: C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10V2Z13W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5IO9SXLN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5YVAM40P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIGKK2Z0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFEUZIGY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5U5Z008 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3P2H8VP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBV9B1Y9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCZGXNXP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\iveta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUFUDN19 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10V2Z13W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5IO9SXLN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5YVAM40P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIGKK2Z0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFEUZIGY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N5U5Z008 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3P2H8VP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBV9B1Y9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCZGXNXP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUFUDN19 (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 06.11.2016 at 19:37:54,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#13 Příspěvek od **Rudy** » 06 lis 2016 19:51

Změnilo se něco nyní?

jislave · #14 Příspěvek od **jislave** » 08 lis 2016 11:23

Stále potíže přetrvávají.

#15 Příspěvek od **Rudy** » 08 lis 2016 19:07

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

VIRY.CZ

Vyskakovací okna v prohlížeči

Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči

Re: Vyskakovací okna v prohlížeči