Chrome otevírá náhodné stránky, vyhledávače

Zpráva

Tlapa · #1 Příspěvek od **Tlapa** » 10 bře 2017 23:30

Dobrý den, asi dva dny bojuju s nákazou. Avast nenašel nic, byl mi doporučený SUPERAntiSpyware, ten v režimu nouze nalezl asi 1500 položek. Po odstranění to vypadalo dobře, ale za půl dne to samé. Chci se zeptat, zda formát disku odstraní vše, anebo tam nějaká ta havěť zůstane? A když udělám čistou instalaci systému na disku C: a na D: mi zůstanou dokumenty (jiný fyzický disk), nezůstane tam i nějaký ten neřád? Ptám se proto, že od čisté instalace už proběhla nějaká ta doba a teď se ta přeinstalace systému nabízí sama... Ještě mi přijde zvláštní, že problém mám zatím jen já, další uživatelé tohoto PC pod svými účty problém zatím neregistrovali.
Anebo to půjde dát dopořádku ještě pomocí těch Vašich udělátek?

A jak je na tom takové cloudové úložiště a jeho propojení na další PC? Dostanou se ti neřádi i přes ten cloud na druhý PC?
Přikládám logy RSIT a FRST. Byly moc velké, tak posílám zip.

#2 Příspěvek od **Rudy** » 11 bře 2017 11:04

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Tlapa · #3 Příspěvek od **Tlapa** » 11 bře 2017 11:25

Díky za ochotu pomoci, zde je log z utility:

# AdwCleaner v6.044 - Log vytvořen 11/03/2017 v 11:20:49
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-11.1 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : jrejl - DESKTOP-EK307V2
# Spuštěno z : C:\Users\jrejl\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

[-] Složka smazána: C:\Users\jrejl\AppData\Local\FileViewPro

***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\marke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] Soubor smazán: C:\Users\marke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] Soubor smazán: C:\Users\marke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.izito.com_0.localstorage
[-] Soubor smazán: C:\Users\marke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.izito.com_0.localstorage-journal
[-] Soubor smazán: C:\Users\marke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
[-] Soubor smazán: C:\Users\marke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] Soubor smazán: C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage
[-] Soubor smazán: C:\Users\vitek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal
[-] Soubor smazán: C:\Users\prejl\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_www.ucebnice.com_0.localstorage
[-] Soubor smazán: C:\Users\prejl\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\hxxp_www.ucebnice.com_0.localstorage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

***** [ Prohlížeče ] *****

[-] [C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: slunecnice.cz
[-] [C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: facemoods.com
[-] [C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: search.securefindersearch.com
[-] [C:\Users\marke\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: sokollomnice.cz
[-] [C:\Users\prejl\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: slunecnice.cz
[-] [C:\Users\prejl\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: facemoods.com
[-] [C:\Users\prejl\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Smazáno: slunecnice.cz
[-] [C:\Users\prejl\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Smazáno: facemoods.com

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3230 Bajty] - [11/03/2017 11:20:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [3595 Bajty] - [11/03/2017 11:12:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3376 Bajty] ##########

Tlapa · #4 Příspěvek od **Tlapa** » 11 bře 2017 12:00

Ještě tam ale něco bude, hned po nahrání logu sem, sem mi otevřela stránka se vřelým prodavačem čehosi

#5 Příspěvek od **Rudy** » 11 bře 2017 12:30

Ještě jsme neskončili. Dejte nový log FRST.

Tlapa · #6 Příspěvek od **Tlapa** » 11 bře 2017 12:43

tady je:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-03-2017
Ran by jrejl (administrator) on DESKTOP-EK307V2 (11-03-2017 12:39:56)
Running from C:\Users\jrejl\Desktop
Loaded Profiles: jrejl (Available Profiles: jrejl & marke & vitek & prejl)
Platform: Windows 10 Pro Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Spotify Ltd) C:\Users\jrejl\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8004.42017.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Služba Plánovač2] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377600 2009-12-14] (Acronis)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123800 2016-11-18] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-08] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4377960 2009-12-14] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [962272 2009-12-14] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2044700190-3483193868-2252024492-1001\...\Run: [Spotify Web Helper] => C:\Users\jrejl\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-23] (Spotify Ltd)
HKU\S-1-5-21-2044700190-3483193868-2252024492-1001\...\Run: [Spotify] => C:\Users\jrejl\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-23] (Spotify Ltd)
HKU\S-1-5-21-2044700190-3483193868-2252024492-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2044700190-3483193868-2252024492-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2044700190-3483193868-2252024492-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-2044700190-3483193868-2252024492-1001\...\RunOnce: [Uninstall C:\Users\jrejl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jrejl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-03-08] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aktualizace oznámení.lnk [2017-03-08]
ShortcutTarget: Aktualizace oznámení.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-03-08]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-03-08]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2044700190-3483193868-2252024492-1003\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2044700190-3483193868-2252024492-1001] => hxxp://no-blok.net/wpad.dat?38f15072d8b43eac8fb2d69822c732f826093265
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c1349f3b-66e2-403d-b48d-27713924903b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c4222cc2-842f-4572-b024-ea7560c9f03e}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://no-blok.net/wpad.dat?38f15072d8b43eac8fb2d69822c732f826093265

Internet Explorer:
==================
HKU\S-1-5-21-2044700190-3483193868-2252024492-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.idnes.cz/
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1461358164231

FireFox:
========
FF DefaultProfile: hvg4la73.default
FF ProfilePath: C:\Users\jrejl\AppData\Roaming\Mozilla\Firefox\Profiles\hvg4la73.default [2017-03-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-08]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.idnes.cz/","hxxp://www.rcmania.cz/i ... 8wfrw6LgDQ"
CHR Profile: C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Překladač Google) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-03-08]
CHR Extension: (Prezentace Google) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-08]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2017-03-08]
CHR Extension: (Dokumenty Google) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-08]
CHR Extension: (Disk Google) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (YouTube) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Kalendář Google) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-03-08]
CHR Extension: (Avast SafePrice) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-08]
CHR Extension: (Tabulky Google) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (Avast Online Security) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-08]
CHR Extension: (feedly) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2017-03-08]
CHR Extension: (Mapy Google) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-03-08]
CHR Extension: (Pocket) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2017-03-08]
CHR Extension: (Save to Pocket) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-03-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\jrejl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-08]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-03-08] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-08] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-30] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-03-08] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-03-08] (Electronic Arts)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [29080 2016-11-18] (Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [33240 2015-12-09] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309272 2017-03-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-03-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-03-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-03-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-03-08] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-03-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126600 2017-03-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-03-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-03-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [993608 2017-03-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [548928 2017-03-10] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-03-08] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337592 2017-03-08] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2015-08-13] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2015-08-13] (Windows (R) Win 7 DDK provider)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2015-10-01] (Sony Mobile Communications)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2015-08-13] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [272792 2016-11-18] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [111512 2016-11-18] (Samsung Electronics Co., Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tdrpman251; C:\WINDOWS\System32\DRIVERS\tdrpm251.sys [1455648 2015-08-22] (Acronis)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [92848 2016-08-19] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [26800 2016-08-19] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [484528 2016-08-19] ()
R3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [56560 2015-08-15] (Shaul Eizikovich)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 12:39 - 2017-03-11 12:39 - 00000000 ____D C:\Users\jrejl\Desktop\FRST-OlderVersion
2017-03-11 11:24 - 2017-03-11 11:24 - 00003458 _____ C:\Users\jrejl\Desktop\AdwCleaner[C0].txt
2017-03-11 11:22 - 2017-03-11 11:22 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-11 11:07 - 2017-03-11 11:20 - 00000000 ____D C:\AdwCleaner
2017-03-11 11:07 - 2017-03-11 11:07 - 04031440 _____ C:\Users\jrejl\Desktop\adwcleaner_6.044.exe
2017-03-10 18:45 - 2017-03-10 19:37 - 00000000 ____D C:\ESD
2017-03-10 18:44 - 2017-03-10 18:44 - 00000000 ___HD C:\$Windows.~WS
2017-03-10 18:44 - 2017-03-10 18:44 - 00000000 ____D C:\$WINDOWS.~BT
2017-03-10 18:40 - 2017-03-10 18:40 - 00017750 _____ C:\Users\jrejl\Desktop\Addition.txt
2017-03-10 18:39 - 2017-03-11 12:40 - 00024168 _____ C:\Users\jrejl\Desktop\FRST.txt
2017-03-10 18:38 - 2017-03-10 18:39 - 00000000 ____D C:\FRST
2017-03-10 18:36 - 2017-03-11 12:39 - 02424832 _____ (Farbar) C:\Users\jrejl\Desktop\FRST64.exe
2017-03-10 18:23 - 2017-03-10 18:41 - 00000000 ____D C:\rsit
2017-03-10 18:23 - 2017-03-10 18:23 - 00000000 ____D C:\Program Files\trend micro
2017-03-09 20:25 - 2017-03-09 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-08 22:15 - 2017-03-08 22:15 - 00000000 ____D C:\Users\jrejl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2017-03-08 22:12 - 2017-03-08 22:12 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-08 22:12 - 2017-03-08 22:12 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-08 21:38 - 2017-03-08 21:58 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-08 20:27 - 2017-03-08 20:27 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-08 20:27 - 2017-03-08 20:27 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-08 20:11 - 2017-03-08 21:11 - 00000000 ____D C:\Users\jrejl\AppData\LocalLow\Mozilla
2017-03-08 20:10 - 2017-03-08 20:17 - 00000000 ____D C:\Users\jrejl\AppData\Local\Mozilla
2017-03-08 20:10 - 2017-03-08 20:11 - 00000000 ____D C:\Users\jrejl\AppData\Roaming\Mozilla
2017-03-08 15:44 - 2017-03-08 15:44 - 00001257 _____ C:\Users\Public\Desktop\Syberia II.lnk
2017-03-08 15:44 - 2017-03-08 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syberia II
2017-03-08 15:44 - 2017-03-08 15:44 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-03-08 13:59 - 2017-03-08 14:00 - 00000000 ____D C:\Program Files (x86)\Origin Games
2017-03-08 13:58 - 2017-03-08 20:21 - 00000000 ____D C:\Users\jrejl\AppData\Roaming\Origin
2017-03-08 13:58 - 2017-03-08 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-03-08 13:58 - 2017-03-08 13:58 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-08 13:55 - 2017-03-08 20:22 - 00000000 ____D C:\ProgramData\Origin
2017-03-08 13:55 - 2017-03-08 15:44 - 00000000 ____D C:\Users\jrejl\AppData\Local\Origin
2017-03-08 13:55 - 2017-03-08 13:55 - 00000000 ____D C:\Users\jrejl\.Origin
2017-03-08 13:19 - 2017-03-08 20:22 - 00000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 7348d014-1229-4dfc-97ab-a110b69b6a62.job
2017-03-08 13:19 - 2017-03-08 20:22 - 00000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 11a0b603-7bf5-4122-a58b-e8f8ff6fa582.job
2017-03-08 13:19 - 2017-03-08 13:19 - 00003782 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 7348d014-1229-4dfc-97ab-a110b69b6a62
2017-03-08 13:19 - 2017-03-08 13:19 - 00003700 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 11a0b603-7bf5-4122-a58b-e8f8ff6fa582
2017-03-08 13:19 - 2017-03-08 13:19 - 00001849 _____ C:\Users\jrejl\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-03-08 13:19 - 2017-03-08 13:19 - 00000000 ____D C:\Users\jrejl\AppData\Roaming\SUPERAntiSpyware.com
2017-03-08 13:19 - 2017-03-08 13:19 - 00000000 ____D C:\Users\jrejl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-03-08 13:19 - 2017-03-08 13:19 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-03-08 13:19 - 2017-03-08 13:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-03-08 13:02 - 2017-03-08 22:12 - 00000000 ____D C:\Users\jrejl\AppData\Local\Deployment
2017-03-08 13:02 - 2017-03-08 13:02 - 00000000 ____D C:\Users\jrejl\AppData\Local\Apps\2.0
2017-03-08 12:32 - 2017-03-08 12:32 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-08 09:25 - 2017-03-08 09:27 - 00000000 ____D C:\Users\jrejl\AppData\Local\WinZip
2017-03-08 09:25 - 2017-03-08 09:25 - 00003618 _____ C:\WINDOWS\System32\Tasks\WinZipBackGroundToolsTask
2017-03-08 09:25 - 2017-03-08 09:25 - 00003530 _____ C:\WINDOWS\System32\Tasks\WinZip Update Notifier
2017-03-08 09:25 - 2017-03-08 09:25 - 00002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Aktualizace oznámení.lnk
2017-03-08 09:25 - 2017-03-08 09:25 - 00002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip nástroje pozadia.lnk
2017-03-08 09:25 - 2017-03-08 09:25 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2017-03-08 09:25 - 2017-03-08 09:25 - 00002197 _____ C:\Users\Public\Desktop\WinZip.lnk
2017-03-08 09:25 - 2017-03-08 09:25 - 00000000 ____D C:\Users\jrejl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-03-08 09:25 - 2017-03-08 09:25 - 00000000 ____D C:\ProgramData\WinZip
2017-03-08 09:25 - 2017-03-08 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-03-08 09:25 - 2017-03-08 09:25 - 00000000 ____D C:\Program Files\WinZip
2017-03-08 09:24 - 2017-03-08 09:24 - 00000000 ____D C:\ProgramData\UniqueId
2017-03-08 09:12 - 2015-10-12 22:34 - 00070920 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleHFS.sys
2017-03-08 09:12 - 2015-10-12 22:34 - 00017160 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleMNT.sys
2017-03-08 08:27 - 2017-03-08 09:18 - 00000000 ____D C:\Program Files (x86)\Reincubate
2017-03-08 08:27 - 2017-03-08 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reincubate
2017-03-08 08:23 - 2017-03-08 09:51 - 00000000 ____D C:\Users\jrejl\AppData\Roaming\IsolatedStorage
2017-03-08 08:23 - 2017-03-08 08:23 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-03-08 08:22 - 2017-03-08 09:50 - 00000000 ____D C:\Spacekace
2017-03-06 21:50 - 2017-03-06 21:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-06 20:49 - 2017-03-06 20:49 - 00001884 _____ C:\Users\Public\Desktop\MULTIFlight.lnk
2017-03-06 20:48 - 2017-03-06 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MULTIFlight
2017-03-06 20:48 - 2017-03-06 20:48 - 00000000 ____D C:\ProgramData\MULTIFlight
2017-03-06 20:48 - 2017-03-06 20:48 - 00000000 ____D C:\Program Files (x86)\MULTIFlight
2017-03-02 18:50 - 2017-03-02 19:08 - 00000000 ____D C:\Users\jrejl\Desktop\Zoo
2017-03-02 18:01 - 2017-03-06 13:53 - 00000000 ____D C:\Users\vitek\AppData\Local\Ubisoft Game Launcher
2017-03-02 18:00 - 2017-03-02 18:01 - 00001121 _____ C:\Users\vitek\Desktop\TheCrew.lnk
2017-03-02 17:58 - 2017-03-02 18:00 - 00000970 _____ C:\Users\vitek\Desktop\Train simulator.lnk
2017-03-01 22:14 - 2017-03-01 22:15 - 00001437 _____ C:\Users\jrejl\Desktop\CCleaner.lnk
2017-03-01 19:32 - 2017-03-01 19:32 - 00052392 _____ C:\Users\prejl\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-01 16:36 - 2017-03-01 16:36 - 00000000 ____D C:\Users\prejl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2017-03-01 16:28 - 2017-03-01 16:28 - 00000000 ____D C:\Users\prejl\AppData\Local\MicrosoftEdge
2017-03-01 14:46 - 2017-03-01 14:46 - 00000899 _____ C:\Users\prejl\Desktop\Pavlína.lnk
2017-03-01 14:39 - 2017-03-01 14:39 - 00000000 ____D C:\Users\prejl\AppData\Roaming\AVAST Software
2017-03-01 14:39 - 2017-03-01 14:39 - 00000000 ____D C:\Users\prejl\AppData\Local\CEF
2017-03-01 14:37 - 2017-03-01 14:37 - 00001303 _____ C:\Users\prejl\Desktop\Dropbox.lnk
2017-03-01 14:34 - 2017-03-01 14:35 - 00690080 _____ (Dropbox, Inc.) C:\Users\prejl\Downloads\DropboxInstaller.exe
2017-03-01 14:32 - 2017-03-01 14:34 - 00001035 _____ C:\Users\prejl\Desktop\Altik.lnk
2017-03-01 14:29 - 2017-03-01 14:33 - 00002391 _____ C:\Users\prejl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-01 14:29 - 2017-03-01 14:32 - 00000000 ___RD C:\Users\prejl\OneDrive
2017-03-01 14:29 - 2017-03-01 14:29 - 00000000 ____D C:\Users\prejl\AppData\Roaming\Skype
2017-03-01 14:29 - 2017-03-01 14:29 - 00000000 ____D C:\Users\prejl\AppData\Local\Comms
2017-03-01 14:28 - 2017-03-08 09:17 - 00000000 ____D C:\Users\prejl
2017-03-01 14:28 - 2017-03-02 21:30 - 00000000 ____D C:\Users\prejl\AppData\Local\VirtualStore
2017-03-01 14:28 - 2017-03-01 22:36 - 00000000 ____D C:\Users\prejl\AppData\Local\Packages
2017-03-01 14:28 - 2017-03-01 16:19 - 00000000 ____D C:\Users\prejl\AppData\Local\ConnectedDevicesPlatform
2017-03-01 14:28 - 2017-03-01 14:37 - 00000000 ____D C:\Users\prejl\AppData\Local\Dropbox
2017-03-01 14:28 - 2017-03-01 14:36 - 00000000 ____D C:\Users\prejl\AppData\Local\Google
2017-03-01 14:28 - 2017-03-01 14:29 - 00000000 ____D C:\Users\prejl\AppData\Local\AMD
2017-03-01 14:28 - 2017-03-01 14:28 - 00000020 ___SH C:\Users\prejl\ntuser.ini
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 _SHDL C:\Users\prejl\Šablony
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 _SHDL C:\Users\prejl\Soubory cookie
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 _SHDL C:\Users\prejl\Poslední
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 _SHDL C:\Users\prejl\Okolní tiskárny
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 _SHDL C:\Users\prejl\Okolní síť
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 _SHDL C:\Users\prejl\Nabídka Start
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 _SHDL C:\Users\prejl\Dokumenty
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 _SHDL C:\Users\prejl\Data aplikací
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 _SHDL C:\Users\prejl\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 _SHDL C:\Users\prejl\AppData\Local\Data aplikací
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 ____D C:\Users\prejl\AppData\Roaming\Adobe
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 ____D C:\Users\prejl\AppData\Local\TileDataLayer
2017-03-01 14:28 - 2017-03-01 14:28 - 00000000 ____D C:\Users\prejl\AppData\Local\Publishers
2017-03-01 14:28 - 2016-08-04 22:32 - 00000000 ____D C:\Users\prejl\AppData\Roaming\ATI
2017-03-01 14:28 - 2016-08-04 22:32 - 00000000 ____D C:\Users\prejl\AppData\Local\Microsoft Help
2017-03-01 14:28 - 2016-08-04 22:32 - 00000000 ____D C:\Users\prejl\AppData\Local\ATI
2017-02-26 16:55 - 2017-03-09 20:00 - 00000000 _____ C:\Users\vitek\AppData\Roaming\FileOut.cns
2017-02-26 16:55 - 2017-03-09 20:00 - 00000000 _____ C:\Users\vitek\AppData\Roaming\FileIn.cns
2017-02-26 16:53 - 2017-02-26 16:53 - 00000000 ____D C:\Users\vitek\AppData\LocalLow\Adobe
2017-02-26 16:53 - 2017-02-26 16:53 - 00000000 ____D C:\Users\vitek\AppData\Local\Adobe
2017-02-26 12:22 - 2017-02-28 18:53 - 00000000 _____ C:\Users\jrejl\AppData\Roaming\FileOut.cns
2017-02-26 12:22 - 2017-02-28 18:53 - 00000000 _____ C:\Users\jrejl\AppData\Roaming\FileIn.cns
2017-02-26 12:21 - 2017-02-26 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2017-02-26 11:31 - 2017-02-26 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-02-26 11:30 - 2017-02-26 11:31 - 00000000 ____D C:\Program Files\PowerISO
2017-02-26 11:30 - 2017-02-26 11:30 - 00000000 ____D C:\Users\jrejl\AppData\Roaming\PowerISO
2017-02-26 11:29 - 2017-02-26 16:54 - 00000000 ____D C:\Program Files (x86)\PowerISO
2017-02-26 11:29 - 2017-02-02 14:27 - 00137792 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2017-02-18 18:16 - 2017-02-18 18:16 - 00000000 ____D C:\Users\jrejl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenTX Companion 2.2
2017-02-18 18:16 - 2017-02-18 18:16 - 00000000 ____D C:\Program Files (x86)\OpenTX
2017-02-16 14:22 - 2017-02-24 15:28 - 00000000 ____D C:\Users\vitek\AppData\Roaming\PlaysTV
2017-02-16 14:22 - 2017-02-16 14:22 - 00000000 ____D C:\Users\vitek\AppData\Roaming\Raptr
2017-02-16 14:22 - 2017-02-16 14:22 - 00000000 ____D C:\Users\vitek\.QtWebEngineProcess
2017-02-16 14:22 - 2017-02-16 14:22 - 00000000 ____D C:\Users\vitek\.Plays.tv
2017-02-16 12:18 - 2017-02-26 10:31 - 00000000 ____D C:\Users\marke\AppData\Roaming\PlaysTV
2017-02-16 12:18 - 2017-02-19 08:45 - 00000000 ____D C:\Users\marke\AppData\Roaming\Raptr
2017-02-16 12:18 - 2017-02-16 12:18 - 00000000 ____D C:\Users\marke\.QtWebEngineProcess
2017-02-16 12:18 - 2017-02-16 12:18 - 00000000 ____D C:\Users\marke\.Plays.tv
2017-02-15 09:00 - 2017-02-15 09:00 - 00000000 ____D C:\Users\jrejl\.QtWebEngineProcess
2017-02-15 09:00 - 2017-02-15 09:00 - 00000000 ____D C:\Users\jrejl\.Plays.tv
2017-02-15 08:58 - 2017-03-01 22:22 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2017-02-15 08:43 - 2017-03-08 12:32 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-15 08:42 - 2017-03-08 12:32 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-15 08:42 - 2017-03-08 12:32 - 00309272 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-15 08:42 - 2017-03-08 12:32 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-15 08:42 - 2017-03-08 12:32 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-12 17:24 - 2017-02-12 17:24 - 00000000 ____D C:\WINDOWS\system32\RAPID
2017-02-12 17:24 - 2016-11-18 19:04 - 00272792 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\SamsungRapidDiskFltr.sys
2017-02-12 16:54 - 2017-02-12 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2017-02-10 19:42 - 2017-02-10 19:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-10 19:42 - 2017-02-10 19:42 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-11 12:39 - 2016-08-04 22:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-11 11:27 - 2016-07-16 23:25 - 01454988 _____ C:\WINDOWS\system32\perfh005.dat
2017-03-11 11:27 - 2016-07-16 23:25 - 00394812 _____ C:\WINDOWS\system32\perfc005.dat
2017-03-11 11:27 - 2015-08-13 21:33 - 03435166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-11 11:21 - 2016-08-04 22:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-11 11:21 - 2016-07-16 07:04 - 01572864 _____ C:\WINDOWS\system32\config\BBI
2017-03-10 22:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-03-10 22:28 - 2015-08-19 21:24 - 00000000 ___RD C:\Users\marke\OneDrive
2017-03-10 19:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-10 19:13 - 2016-08-04 23:26 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-10 18:18 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-10 14:50 - 2016-01-30 18:33 - 00000000 ___RD C:\Users\marke\Dropbox
2017-03-10 13:28 - 2016-08-04 22:35 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1457782229
2017-03-10 13:28 - 2016-03-12 12:30 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-03-10 13:28 - 2015-08-13 21:55 - 00548928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2017-03-09 22:02 - 2015-08-21 15:53 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-08 22:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-08 22:12 - 2015-08-13 21:41 - 00000000 ____D C:\Users\jrejl\AppData\Local\Google
2017-03-08 22:12 - 2015-08-13 21:41 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-08 15:44 - 2016-07-16 12:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-03-08 15:44 - 2016-07-16 12:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-03-08 15:44 - 2016-07-16 12:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-03-08 15:44 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-03-08 15:44 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-03-08 15:44 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-08 13:59 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-08 13:55 - 2016-08-04 22:29 - 00000000 ____D C:\Users\jrejl
2017-03-08 12:32 - 2016-03-12 12:27 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-03-08 12:32 - 2015-08-13 21:55 - 00993608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-03-08 12:32 - 2015-08-13 21:55 - 00337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-03-08 12:32 - 2015-08-13 21:55 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-03-08 12:32 - 2015-08-13 21:55 - 00126600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-03-08 12:32 - 2015-08-13 21:55 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-03-08 12:32 - 2015-08-13 21:55 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-03-08 12:32 - 2015-08-13 21:55 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-03-08 10:22 - 2015-08-26 16:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-08 10:15 - 2015-08-26 16:59 - 00000000 ____D C:\Users\jrejl\AppData\Local\Steam
2017-03-08 09:28 - 2015-08-13 21:46 - 00001945 _____ C:\Users\jrejl\Desktop\Tento počítač.lnk
2017-03-08 09:17 - 2016-10-11 15:40 - 00000000 ____D C:\Users\vitek
2017-03-05 15:04 - 2016-12-13 16:15 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-05 15:04 - 2015-08-19 21:24 - 00002391 _____ C:\Users\marke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-04 22:28 - 2015-08-13 23:33 - 00000000 ____D C:\Users\jrejl\AppData\Roaming\vlc
2017-03-01 22:27 - 2015-08-13 21:24 - 00000000 ____D C:\Users\jrejl\AppData\Local\Packages
2017-03-01 14:28 - 2015-08-13 21:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-28 21:17 - 2015-12-21 13:14 - 00012800 _____ C:\Users\jrejl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-28 13:55 - 2015-08-13 21:26 - 00002391 _____ C:\Users\jrejl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-26 16:59 - 2015-08-13 21:24 - 00000000 ____D C:\Users\jrejl\AppData\Local\VirtualStore
2017-02-26 16:55 - 2016-10-11 15:40 - 00000000 ____D C:\Users\vitek\AppData\Local\VirtualStore
2017-02-26 16:54 - 2016-08-04 22:27 - 00237848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-26 16:54 - 2015-08-21 15:53 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-26 16:54 - 2015-08-21 15:53 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-26 16:53 - 2016-10-11 15:40 - 00000000 ____D C:\Users\vitek\AppData\Roaming\Adobe
2017-02-25 19:05 - 2016-10-15 14:43 - 00000000 ____D C:\Users\jrejl\AppData\Local\Ubisoft Game Launcher
2017-02-24 15:28 - 2016-10-11 15:40 - 00000000 ____D C:\Users\vitek\AppData\Local\Packages
2017-02-23 20:22 - 2015-08-15 10:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 20:20 - 2015-08-15 10:05 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 13:39 - 2015-08-19 21:14 - 00000000 ____D C:\Users\marke\AppData\Local\Packages
2017-02-21 19:17 - 2016-01-31 21:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-18 19:07 - 2016-08-04 22:35 - 00003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-02-18 19:07 - 2016-08-04 22:35 - 00003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-02-16 12:18 - 2016-08-04 22:29 - 00000000 ____D C:\Users\marke
2017-02-15 19:49 - 2015-08-13 21:53 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-15 08:59 - 2015-11-13 23:45 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-15 08:42 - 2015-08-13 21:55 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148714458862504
2017-02-12 17:24 - 2016-07-13 18:23 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-02-12 16:54 - 2016-08-04 22:35 - 00003352 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
2017-02-12 16:54 - 2016-07-13 18:23 - 00000000 ____D C:\ProgramData\Samsung

==================== Files in the root of some directories =======

2017-02-26 12:22 - 2017-02-28 18:53 - 0000000 _____ () C:\Users\jrejl\AppData\Roaming\FileIn.cns
2017-02-26 12:22 - 2017-02-28 18:53 - 0000000 _____ () C:\Users\jrejl\AppData\Roaming\FileOut.cns
2015-12-21 13:14 - 2017-02-28 21:17 - 0012800 _____ () C:\Users\jrejl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-01 23:01

==================== End of FRST.txt ============================

#7 Příspěvek od **Rudy** » 11 bře 2017 15:05

Otevřte poznámkový blok a zkopírujte do něj:

Start
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2044700190-3483193868-2252024492-1003\User: Restriction <======= ATTENTION
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\jrejl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Dále proveďte následující akce:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Tlapa · #8 Příspěvek od **Tlapa** » 11 bře 2017 16:48

Jak dlouho má bězet ten Zoek? Běželo to asi hodinu, vyhodilo hlášku o restartu a od té doby se to pořád nerestartovalo, asi 10 minut...

#9 Příspěvek od **Rudy** » 11 bře 2017 17:33

To záleží na tom, jek je velké nastavení prohlížečů a kolik jich máte celkem. Můžete ho spustit v nouz. režimu, půjde to o něco rychleji. Ty dva skeny vyčistí nastavení prohlížečů. Restart asi budete muset provést natvrdo.

Tlapa · #10 Příspěvek od **Tlapa** » 11 bře 2017 17:46

Tak tady je fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017
Ran by jrejl (11-03-2017 15:08:18) Run:1
Running from C:\Users\jrejl\Desktop
Loaded Profiles: jrejl (Available Profiles: jrejl & marke & vitek & prejl)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2044700190-3483193868-2252024492-1003\User: Restriction <======= ATTENTION
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\jrejl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
*****************

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-2044700190-3483193868-2252024492-1003\User => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\jrejl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95306223 B
Java, Flash, Steam htmlcache => 41446923 B
Windows/system/drivers => 7707104 B
Edge => 942 B
Chrome => 215389032 B
Firefox => 6546821 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7168 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 5714 B
NetworkService => 0 B
jrejl => 6544411 B
marke => 3359049 B
vitek => 2871567 B
prejl => 2266407 B

RecycleBin => 1267 B
EmptyTemp: => 363.8 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:08:28 ====

Log Zoek se bohužel po nuceném restartu neukázal. Proto jsem tedy pustil Junkware, zde je log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Pro x64
Ran by jrejl (Administrator) on 11.03.2017 at 17:39:23,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.03.2017 at 17:42:43,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#11 Příspěvek od **Rudy** » 11 bře 2017 18:36

OK. Nastala nějaká změna?

Tlapa · #12 Příspěvek od **Tlapa** » 11 bře 2017 18:39

na první pokus o otevření nové záložky v chromu se otevřel nějaký query vyhledávač - takže ještě není vyhráno...

#13 Příspěvek od **Rudy** » 11 bře 2017 20:06

Zkuste ještě jednou ten Zoek. Je možné, že sken neproběhl korektně.

Tlapa · #14 Příspěvek od **Tlapa** » 11 bře 2017 20:08

Myslel jsem si to, udělám a dám vědět..

#15 Příspěvek od **Rudy** » 11 bře 2017 20:12

VIRY.CZ

Chrome otevírá náhodné stránky, vyhledávače

Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače

Re: Chrome otevírá náhodné stránky, vyhledávače