Odpojující se internet

[jirrikk6]

Ahojte, stahoval jsem iTunes asi ze nějakého špatného zdroje a stáhl jsem nějakého vira co mi odřízl antivir a odpojil internet. PRosím o pomoc

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Pocitac (administrator) on DESKTOP-CQA111E (03-01-2017 21:47:12)
Running from C:\Users\Pocitac\Desktop
Loaded Profiles: Pocitac (Available Profiles: Pocitac)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ovislink\Common\RaRegistry64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ovislink\Common\RaRegistry.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Ovislink Corp.) C:\Program Files (x86)\Ovislink\Common\AirLiveUI.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\4af71341a468d7900fa105e9b3da1cd3\WindowsUpdateBox.exe
(Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1812032 2016-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-03] (AVAST Software)
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\Run: [Steam] => "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\RunOnce: [Uninstall C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\RunOnce: [Uninstall C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\RunOnce: [Uninstall C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\MountPoints2: {d9f0b98d-a76c-11e6-87ab-001a4dfdaba5} - "D:\Lenovo_Suite.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AirLive 802.11G Wireless Utility.lnk [2016-04-22]
ShortcutTarget: AirLive 802.11G Wireless Utility.lnk -> C:\Program Files (x86)\Ovislink\Common\AirLiveUI.exe (Ovislink Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2017-01-03]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2017-01-03]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{a637e1fd-425e-46da-a451-78feee15b4c0}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{e6d95eaf-1b38-47eb-aa38-68462d1ba55b}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-10] (Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-1631513242-2183266490-1529091632-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default [2017-01-03]
CHR Extension: (Prezentace Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Dokumenty Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Disk Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Avast SafePrice) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-03]
CHR Extension: (Tabulky Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-25]
CHR Extension: (Avast Online Security) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-25]
CHR Extension: (Gmail) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-03] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [377664 2015-06-25] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [412480 2015-06-25] ()
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ovislink\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ovislink\Common\RaRegistry64.exe [212256 2009-12-15] (Ralink Technology, Corp.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-03] (AVAST Software)
R3 AVerA706_x64; C:\Windows\system32\DRIVERS\AVerA706_x64.sys [1422080 2009-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 21:47 - 2017-01-03 21:48 - 00014511 _____ C:\Users\Pocitac\Desktop\FRST.txt
2017-01-03 21:47 - 2017-01-03 21:47 - 00000000 ____D C:\FRST
2017-01-03 21:43 - 2017-01-03 21:46 - 02418176 _____ (Farbar) C:\Users\Pocitac\Desktop\FRST64.exe
2017-01-03 21:37 - 2017-01-03 21:37 - 01663040 _____ (Malwarebytes) C:\Users\Pocitac\Downloads\JRT.exe
2017-01-03 20:12 - 2017-01-03 20:32 - 00000000 ____D C:\Users\Pocitac\Documents\AVerTV
2017-01-03 20:12 - 2017-01-03 20:22 - 00000000 ____D C:\ProgramData\AVerTV 3D
2017-01-03 20:11 - 2017-01-03 20:11 - 00002113 _____ C:\Users\Public\Desktop\AVerTV 3D.lnk
2017-01-03 20:11 - 2017-01-03 20:11 - 00000000 ____D C:\Windows\Driver Cache
2017-01-03 20:11 - 2017-01-03 20:11 - 00000000 ____D C:\Users\Pocitac\AppData\Local\AVerMedia
2017-01-03 20:11 - 2017-01-03 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVerMedia
2017-01-03 20:09 - 2017-01-03 20:11 - 00000000 ____D C:\Program Files (x86)\AVerMedia
2017-01-03 20:09 - 2015-12-14 16:39 - 00194560 _____ (AVerMedia Technologies, Inc.) C:\Windows\SysWOW64\CardID.dll
2017-01-03 20:09 - 2015-11-03 17:08 - 00205824 _____ (AVerMedia Technologies Inc.) C:\Windows\SysWOW64\VideoEncoderPL.dll
2017-01-03 20:09 - 2015-10-26 15:29 - 00151552 _____ C:\Windows\SysWOW64\sptlib26.dll
2017-01-03 20:09 - 2015-07-13 15:17 - 00651264 _____ C:\Windows\SysWOW64\sptlib21.dll
2017-01-03 20:09 - 2015-06-03 22:28 - 00294912 _____ C:\Windows\SysWOW64\sptlib11.dll
2017-01-03 20:09 - 2015-04-29 16:08 - 00364032 _____ () C:\Windows\SysWOW64\amalib25.dll
2017-01-03 20:09 - 2015-03-05 13:35 - 01622787 _____ (x264 project) C:\Windows\SysWOW64\core.dll
2017-01-03 20:09 - 2015-02-06 09:29 - 00327680 _____ C:\Windows\SysWOW64\libde265.dll
2017-01-03 20:09 - 2013-10-30 13:58 - 00307200 _____ C:\Windows\SysWOW64\sptlib03.dll
2017-01-03 20:09 - 2013-10-30 13:57 - 00311296 _____ C:\Windows\SysWOW64\sptlib01.dll
2017-01-03 20:09 - 2013-05-29 18:15 - 00462848 _____ C:\Windows\SysWOW64\sptlib12.dll
2017-01-03 20:09 - 2011-07-28 15:42 - 00307200 _____ C:\Windows\SysWOW64\sptlib22.dll
2017-01-03 20:09 - 2011-06-01 11:56 - 00421888 _____ C:\Windows\SysWOW64\sptlib02.dll
2017-01-03 20:09 - 2007-12-26 13:37 - 00045056 _____ (Open Source Software community project) C:\Windows\SysWOW64\pthreadVC.dll
2017-01-03 20:05 - 2017-01-03 20:06 - 00000000 ____D C:\Users\Pocitac\Downloads\M798B_AP6.9.1.9.15121701_Drv_2.2.x.96
2017-01-03 20:04 - 2017-01-03 20:04 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-01-03 20:04 - 2017-01-03 20:04 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-03 20:02 - 2017-01-03 20:05 - 135860758 _____ C:\Users\Pocitac\Downloads\M798B_AP6.9.1.9.15121701_Drv_2.2.x.96_151218.exe
2017-01-03 20:02 - 2017-01-03 20:02 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-03 20:01 - 2017-01-03 20:01 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 21:46 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-03 21:46 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2017-01-03 21:41 - 2016-07-17 00:00 - 00000000 ___HD C:\$WINDOWS.~BT
2017-01-03 21:36 - 2016-02-24 09:36 - 00000000 ____D C:\Users\Pocitac\AppData\Local\Packages
2017-01-03 21:36 - 2016-02-24 09:23 - 00000000 ____D C:\Windows\Panther
2017-01-03 20:41 - 2016-02-24 20:46 - 01771468 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-03 20:41 - 2015-10-30 19:31 - 00750030 _____ C:\Windows\system32\perfh005.dat
2017-01-03 20:41 - 2015-10-30 19:31 - 00150654 _____ C:\Windows\system32\perfc005.dat
2017-01-03 20:41 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2017-01-03 20:36 - 2016-11-10 22:48 - 00004020 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1478814484
2017-01-03 20:36 - 2016-11-10 22:48 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-03 20:34 - 2016-02-24 20:49 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-03 20:34 - 2016-02-24 09:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-03 20:34 - 2016-02-24 09:24 - 00345176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-03 20:33 - 2015-10-30 07:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-01-03 20:22 - 2016-02-24 20:48 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-03 20:22 - 2016-02-24 20:48 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-03 20:12 - 2016-04-22 16:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-03 20:08 - 2016-02-24 20:47 - 00000000 ____D C:\Users\Pocitac\AppData\Local\Google
2017-01-03 20:03 - 2016-11-10 22:47 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys
2017-01-03 20:03 - 2016-11-10 22:43 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-01-03 20:03 - 2016-11-10 22:43 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-01-03 20:03 - 2016-11-10 22:43 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-01-03 20:02 - 2016-11-10 22:45 - 00004004 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-03 20:02 - 2016-11-10 22:43 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148347019970310
2017-01-03 20:02 - 2016-11-10 22:43 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148347020164012
2017-01-03 20:02 - 2016-11-10 22:43 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-01-03 20:02 - 2016-11-10 22:43 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-01-03 20:02 - 2016-11-10 22:43 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-01-03 20:02 - 2016-11-10 22:43 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-01-03 20:02 - 2016-11-10 22:43 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-01-03 20:01 - 2016-11-10 22:43 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148347019740607
2017-01-03 20:01 - 2016-11-10 22:43 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-01-03 19:59 - 2016-09-22 13:39 - 00004216 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0997FE88-04CA-4D98-B176-78795BB465F9}
2016-12-20 17:26 - 2016-02-24 20:47 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-20 17:26 - 2016-02-24 20:47 - 00003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-20 17:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\Tasks
2016-12-20 17:10 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\config
2016-12-06 22:51 - 2016-02-24 09:36 - 00000000 ___RD C:\Users\Pocitac\Pictures

==================== Files in the root of some directories =======

2016-05-10 19:59 - 2016-05-10 19:59 - 0000000 _____ () C:\Users\Pocitac\AppData\Local\{FC0F073E-BCDA-4982-8C44-F0F978B5010D}

Some files in TEMP:
====================
C:\Users\Pocitac\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Pocitac\AppData\Local\Temp\sfextra.dll
C:\Users\Pocitac\AppData\Local\Temp\{5C7475BD-08A8-4805-9B34-4BFD4D836D37}-GoogleToolbarInstaller_updater_signed.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-01 03:43

==================== End of FRST.txt ============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[jirrikk6]

# AdwCleaner v6.041 - Log vytvořen 03/01/2017 v 22:38:43
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2017-01-03.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : Pocitac - DESKTOP-CQA111E
# Spuštěno z : C:\Users\Pocitac\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč smazán: HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\Software\Conduit
[#] Klíč smazán po restartu: HKCU\Software\Conduit
[-] Klíč smazán: HKLM\SOFTWARE\Conduit
[#] Klíč smazán po restartu: [x64] HKCU\Software\Conduit


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1658 Bajty] - [03/01/2017 22:38:43]
C:\AdwCleaner\AdwCleaner[S0].txt - [2073 Bajty] - [03/01/2017 22:37:55]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1804 Bajty] ##########

[Rudy]

Dejte nový log FRST.

[jirrikk6]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Pocitac (administrator) on DESKTOP-CQA111E (11-01-2017 17:54:51)
Running from C:\Users\Pocitac\Desktop
Loaded Profiles: Pocitac (Available Profiles: Pocitac)
Platform: Windows 10 Pro Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ovislink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ovislink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Ovislink Corp.) C:\Program Files (x86)\Ovislink\Common\AirLiveUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1812032 2016-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-03] (AVAST Software)
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\Run: [Steam] => "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\RunOnce: [Uninstall C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\RunOnce: [Uninstall C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\RunOnce: [Uninstall C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pocitac\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\MountPoints2: {d9f0b98d-a76c-11e6-87ab-001a4dfdaba5} - "D:\Lenovo_Suite.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AirLive 802.11G Wireless Utility.lnk [2016-04-22]
ShortcutTarget: AirLive 802.11G Wireless Utility.lnk -> C:\Program Files (x86)\Ovislink\Common\AirLiveUI.exe (Ovislink Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2017-01-03]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2017-01-03]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{a637e1fd-425e-46da-a451-78feee15b4c0}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{e6d95eaf-1b38-47eb-aa38-68462d1ba55b}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-10] (Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-1631513242-2183266490-1529091632-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default [2017-01-03]
CHR Extension: (Prezentace Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Dokumenty Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Disk Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Avast SafePrice) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-01-03]
CHR Extension: (Tabulky Google) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-25]
CHR Extension: (Avast Online Security) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-25]
CHR Extension: (Gmail) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\Pocitac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-03] (AVAST Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [377664 2015-06-25] (AVerMedia)
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [412480 2015-06-25] ()
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ovislink\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ovislink\Common\RaRegistry64.exe [212256 2009-12-15] (Ralink Technology, Corp.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-01-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-01-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-03] (AVAST Software)
R3 AVerA706_x64; C:\Windows\system32\DRIVERS\AVerA706_x64.sys [1422080 2009-06-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 22:35 - 2017-01-03 22:38 - 00000000 ____D C:\AdwCleaner
2017-01-03 22:35 - 2017-01-03 22:35 - 03977168 _____ C:\Users\Pocitac\Desktop\adwcleaner_6.041.exe
2017-01-03 21:49 - 2017-01-03 21:53 - 00030242 _____ C:\Users\Pocitac\Desktop\Addition.txt
2017-01-03 21:47 - 2017-01-11 17:55 - 00013839 _____ C:\Users\Pocitac\Desktop\FRST.txt
2017-01-03 21:47 - 2017-01-11 17:54 - 00000000 ____D C:\FRST
2017-01-03 21:43 - 2017-01-03 21:46 - 02418176 _____ (Farbar) C:\Users\Pocitac\Desktop\FRST64.exe
2017-01-03 21:37 - 2017-01-03 21:37 - 01663040 _____ (Malwarebytes) C:\Users\Pocitac\Downloads\JRT.exe
2017-01-03 20:12 - 2017-01-03 20:32 - 00000000 ____D C:\Users\Pocitac\Documents\AVerTV
2017-01-03 20:12 - 2017-01-03 20:22 - 00000000 ____D C:\ProgramData\AVerTV 3D
2017-01-03 20:11 - 2017-01-03 20:11 - 00002113 _____ C:\Users\Public\Desktop\AVerTV 3D.lnk
2017-01-03 20:11 - 2017-01-03 20:11 - 00000000 ____D C:\Windows\Driver Cache
2017-01-03 20:11 - 2017-01-03 20:11 - 00000000 ____D C:\Users\Pocitac\AppData\Local\AVerMedia
2017-01-03 20:11 - 2017-01-03 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVerMedia
2017-01-03 20:09 - 2017-01-03 20:11 - 00000000 ____D C:\Program Files (x86)\AVerMedia
2017-01-03 20:09 - 2015-12-14 16:39 - 00194560 _____ (AVerMedia Technologies, Inc.) C:\Windows\SysWOW64\CardID.dll
2017-01-03 20:09 - 2015-11-03 17:08 - 00205824 _____ (AVerMedia Technologies Inc.) C:\Windows\SysWOW64\VideoEncoderPL.dll
2017-01-03 20:09 - 2015-10-26 15:29 - 00151552 _____ C:\Windows\SysWOW64\sptlib26.dll
2017-01-03 20:09 - 2015-07-13 15:17 - 00651264 _____ C:\Windows\SysWOW64\sptlib21.dll
2017-01-03 20:09 - 2015-06-03 22:28 - 00294912 _____ C:\Windows\SysWOW64\sptlib11.dll
2017-01-03 20:09 - 2015-04-29 16:08 - 00364032 _____ () C:\Windows\SysWOW64\amalib25.dll
2017-01-03 20:09 - 2015-03-05 13:35 - 01622787 _____ (x264 project) C:\Windows\SysWOW64\core.dll
2017-01-03 20:09 - 2015-02-06 09:29 - 00327680 _____ C:\Windows\SysWOW64\libde265.dll
2017-01-03 20:09 - 2013-10-30 13:58 - 00307200 _____ C:\Windows\SysWOW64\sptlib03.dll
2017-01-03 20:09 - 2013-10-30 13:57 - 00311296 _____ C:\Windows\SysWOW64\sptlib01.dll
2017-01-03 20:09 - 2013-05-29 18:15 - 00462848 _____ C:\Windows\SysWOW64\sptlib12.dll
2017-01-03 20:09 - 2011-07-28 15:42 - 00307200 _____ C:\Windows\SysWOW64\sptlib22.dll
2017-01-03 20:09 - 2011-06-01 11:56 - 00421888 _____ C:\Windows\SysWOW64\sptlib02.dll
2017-01-03 20:09 - 2007-12-26 13:37 - 00045056 _____ (Open Source Software community project) C:\Windows\SysWOW64\pthreadVC.dll
2017-01-03 20:05 - 2017-01-03 20:06 - 00000000 ____D C:\Users\Pocitac\Downloads\M798B_AP6.9.1.9.15121701_Drv_2.2.x.96
2017-01-03 20:04 - 2017-01-03 20:04 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-01-03 20:04 - 2017-01-03 20:04 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-03 20:02 - 2017-01-03 20:05 - 135860758 _____ C:\Users\Pocitac\Downloads\M798B_AP6.9.1.9.15121701_Drv_2.2.x.96_151218.exe
2017-01-03 20:02 - 2017-01-03 20:02 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-03 20:01 - 2017-01-03 20:01 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 17:53 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\AppReadiness
2017-01-03 22:59 - 2016-04-23 07:51 - 00000000 ____D C:\Users\Pocitac\AppData\Roaming\BitComet
2017-01-03 22:45 - 2016-11-10 22:48 - 00004020 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1478814484
2017-01-03 22:45 - 2016-11-10 22:48 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-01-03 22:39 - 2016-02-24 20:49 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-03 22:39 - 2016-02-24 09:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-03 22:39 - 2015-10-30 07:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-01-03 22:16 - 2016-02-24 09:23 - 00000000 ____D C:\Windows\Panther
2017-01-03 22:11 - 2016-07-17 00:00 - 00000000 ___HD C:\$WINDOWS.~BT
2017-01-03 21:51 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-03 21:36 - 2016-02-24 09:36 - 00000000 ____D C:\Users\Pocitac\AppData\Local\Packages
2017-01-03 20:41 - 2016-02-24 20:46 - 01771468 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-03 20:41 - 2015-10-30 19:31 - 00750030 _____ C:\Windows\system32\perfh005.dat
2017-01-03 20:41 - 2015-10-30 19:31 - 00150654 _____ C:\Windows\system32\perfc005.dat
2017-01-03 20:41 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2017-01-03 20:34 - 2016-02-24 09:24 - 00345176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-03 20:22 - 2016-02-24 20:48 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-03 20:22 - 2016-02-24 20:48 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-03 20:12 - 2016-04-22 16:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-03 20:08 - 2016-02-24 20:47 - 00000000 ____D C:\Users\Pocitac\AppData\Local\Google
2017-01-03 20:03 - 2016-11-10 22:47 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys
2017-01-03 20:03 - 2016-11-10 22:43 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-01-03 20:03 - 2016-11-10 22:43 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-01-03 20:03 - 2016-11-10 22:43 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-01-03 20:02 - 2016-11-10 22:45 - 00004004 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-01-03 20:02 - 2016-11-10 22:43 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148347019970310
2017-01-03 20:02 - 2016-11-10 22:43 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148347020164012
2017-01-03 20:02 - 2016-11-10 22:43 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-01-03 20:02 - 2016-11-10 22:43 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-01-03 20:02 - 2016-11-10 22:43 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-01-03 20:02 - 2016-11-10 22:43 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-01-03 20:02 - 2016-11-10 22:43 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-01-03 20:01 - 2016-11-10 22:43 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148347019740607
2017-01-03 20:01 - 2016-11-10 22:43 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-01-03 19:59 - 2016-09-22 13:39 - 00004216 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0997FE88-04CA-4D98-B176-78795BB465F9}
2016-12-20 17:26 - 2016-02-24 20:47 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-20 17:26 - 2016-02-24 20:47 - 00003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-20 17:26 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\Tasks
2016-12-20 17:10 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\config

==================== Files in the root of some directories =======

2016-05-10 19:59 - 2016-05-10 19:59 - 0000000 _____ () C:\Users\Pocitac\AppData\Local\{FC0F073E-BCDA-4982-8C44-F0F978B5010D}

Some files in TEMP:
====================
C:\Users\Pocitac\AppData\Local\Temp\libeay32.dll
C:\Users\Pocitac\AppData\Local\Temp\msvcr120.dll
C:\Users\Pocitac\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Pocitac\AppData\Local\Temp\sfextra.dll
C:\Users\Pocitac\AppData\Local\Temp\sqlite3.dll
C:\Users\Pocitac\AppData\Local\Temp\{5C7475BD-08A8-4805-9B34-4BFD4D836D37}-GoogleToolbarInstaller_updater_signed.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-03 22:22

==================== End of FRST.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\MountPoints2: {d9f0b98d-a76c-11e6-87ab-001a4dfdaba5} - "D:\Lenovo_Suite.exe"
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-10] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-1631513242-2183266490-1529091632-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Pocitac\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[jirrikk6]

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-01-2017
Ran by Pocitac (12-01-2017 09:49:47) Run:1
Running from C:\Users\Pocitac\Desktop
Loaded Profiles: Pocitac (Available Profiles: Pocitac)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\...\MountPoints2: {d9f0b98d-a76c-11e6-87ab-001a4dfdaba5} - "D:\Lenovo_Suite.exe"
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-10] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-10] (Google Inc.)
Toolbar: HKU\S-1-5-21-1631513242-2183266490-1529091632-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-10] (Google Inc.)
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Pocitac\AppData\Local\Temp

EmptyTemp:
End
*****************

HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f0b98d-a76c-11e6-87ab-001a4dfdaba5} => key removed successfully
HKCR\CLSID\{d9f0b98d-a76c-11e6-87ab-001a4dfdaba5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
C:\Program Files (x86)\Google\Google Toolbar => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully
HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1631513242-2183266490-1529091632-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\Pocitac\AppData\Local\Temp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6364864 B
Java, Flash, Steam htmlcache => 15847560 B
Windows/system/drivers => -552353 B
Edge => 171163738 B
Chrome => 411058936 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 41766 B
NetworkService => 12002 B
Pocitac => 1171257 B

RecycleBin => 48910869 B
EmptyTemp: => 623.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:51:12 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[jirrikk6]

vypadá že šlape. Díky moc, co jsem dlužen?

[Rudy]

Nic, jen řekněte o nás dalším. Nemáte zač!