Prev / nelze akutualizovat

[Wenzl]

Zdravím, prosím o kontrolu. Asi to nevyřeší můj problém, ale i tak budu vděčen. Děkuji.

Pokud by měl někdo nějaký nápad co s tou nefunkční aktualizací, tak budu také moc rád za jakoukoli radu. Standartní nástroje (fixit) nepomohli.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by admin (administrator) on ACER (01-01-2016 12:04:11)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIME.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIME.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_20_0_0_267_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(forum.viry.cz) C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCNSTWT4\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5089480 2015-07-08] (ESET)
HKU\S-1-5-21-1304745929-116714445-2305486652-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIME.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1304745929-116714445-2305486652-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIME.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{A82F97FA-A522-4E5B-990C-DDE47EBF3DE5}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3&q={searchTerms}
HKU\S-1-5-21-1304745929-116714445-2305486652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-1304745929-116714445-2305486652-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1304745929-116714445-2305486652-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1304745929-116714445-2305486652-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Dokumenty Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]
CHR Extension: (Disk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-05]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-05]
CHR Extension: (Tabulky Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1815800 2009-09-21] (AuthenTec, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5191680 2010-01-22] (ATI Technologies Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [132152 2015-07-14] (ESET)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [526392 2012-11-19] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-11-19] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 12:04 - 2016-01-01 12:04 - 00010036 _____ C:\Users\admin\Desktop\FRST.txt
2016-01-01 11:23 - 2016-01-01 12:04 - 00000000 ____D C:\FRST
2016-01-01 11:22 - 2016-01-01 11:22 - 01721856 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2015-12-30 18:39 - 2015-12-30 18:39 - 08886976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-12-27 09:11 - 2015-12-27 09:11 - 00000000 ____D C:\Windows\SoftwareDistribution.3
2015-12-26 20:09 - 2015-12-26 20:09 - 00003617 _____ C:\Users\admin\Downloads\Reset_Windows_Update_Full.bat
2015-12-26 20:02 - 2015-12-26 20:11 - 00000000 ____D C:\Windows\SoftwareDistribution.old2
2015-12-26 17:43 - 2015-12-26 17:43 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-26 17:43 - 2015-12-26 17:43 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-26 17:43 - 2015-12-26 17:43 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-12-26 17:43 - 2015-12-26 17:43 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-26 17:43 - 2015-12-26 17:43 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-12-26 17:43 - 2015-12-26 17:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-26 17:42 - 2015-12-26 17:42 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-12-26 17:42 - 2015-12-26 17:42 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-26 17:42 - 2015-12-26 17:42 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-12-26 17:42 - 2015-12-26 17:42 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-26 17:42 - 2015-12-26 17:42 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-12-26 17:42 - 2015-12-26 17:42 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-12-26 17:42 - 2015-12-26 17:42 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-12-26 17:42 - 2015-12-26 17:42 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-12-26 17:42 - 2015-12-26 17:42 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-12-26 17:42 - 2015-12-26 17:42 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-12-26 17:42 - 2015-12-26 17:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-12-26 17:42 - 2015-12-26 17:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-12-26 17:42 - 2015-12-26 17:42 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-12-26 17:41 - 2015-12-26 17:41 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-12-26 17:38 - 2015-12-26 17:38 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-12-26 16:24 - 2015-12-26 16:24 - 00000000 ____D C:\Users\admin\AppData\Local\WindowsUpdate
2015-12-26 15:43 - 2015-12-26 15:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-26 15:43 - 2015-12-26 15:43 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-26 15:43 - 2015-12-26 15:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-26 14:19 - 2015-12-26 14:19 - 00000000 ____D C:\Program Files\Common Files\Intel Corporation
2015-12-26 14:17 - 2015-12-26 14:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\Intel Corporation
2015-12-26 14:14 - 2012-11-19 12:10 - 00526392 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2015-12-26 14:14 - 2012-11-19 12:10 - 00025656 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2015-12-26 14:13 - 2015-12-26 14:14 - 12384248 _____ (Macrovision Corporation) C:\Users\admin\Downloads\iata_cd.exe
2015-12-26 13:25 - 2015-12-26 13:25 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2015-12-26 13:06 - 2015-12-26 13:06 - 02077392 _____ (Microsoft Corporation) C:\Users\admin\Downloads\IE11-Windows6.1 (1).exe
2015-12-26 13:05 - 2015-12-26 13:05 - 02077392 _____ (Microsoft Corporation) C:\Users\admin\Downloads\IE11-Windows6.1.exe
2015-12-26 12:57 - 2015-12-26 13:07 - 00000134 _____ C:\Users\admin\Desktop\Poradce při potížích s aplikací Internet Explorer.url
2015-12-26 12:06 - 2015-12-26 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-26 12:06 - 2015-12-26 12:06 - 00000000 ____D C:\ProgramData\ESET
2015-12-26 11:18 - 2015-12-26 11:18 - 00144104 _____ C:\Windows\Minidump\122615-16676-01.dmp
2015-12-23 09:26 - 2015-12-23 09:26 - 00000000 __SHD C:\found.000
2015-12-05 16:55 - 2015-12-05 16:55 - 00000000 ____D C:\Program Files\Common Files\AV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-01 11:48 - 2014-12-15 15:36 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-01 11:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2016-01-01 11:22 - 2015-07-16 10:03 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bfa646abe885.job
2016-01-01 11:10 - 2015-01-23 20:57 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-01 11:08 - 2015-05-19 10:43 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d092183aff7305.job
2016-01-01 11:08 - 2015-02-06 23:37 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0425d8182117a.job
2016-01-01 10:53 - 2011-04-12 02:37 - 00623698 _____ C:\Windows\system32\perfh005.dat
2016-01-01 10:53 - 2011-04-12 02:37 - 00119346 _____ C:\Windows\system32\perfc005.dat
2016-01-01 10:53 - 2010-11-20 22:01 - 01449156 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-01 10:53 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-01-01 10:51 - 2015-07-16 10:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfa646778a3f.job
2016-01-01 10:50 - 2014-12-15 15:36 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-31 00:45 - 2009-07-14 05:34 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-31 00:45 - 2009-07-14 05:34 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-30 18:39 - 2015-01-23 20:57 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-30 18:39 - 2015-01-23 20:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-27 09:23 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-27 09:07 - 2015-01-24 09:26 - 00000000 ____D C:\Users\admin\AppData\Roaming\webssearches
2015-12-27 09:07 - 2014-12-15 16:10 - 00000000 ____D C:\Users\admin\AppData\Local\ESET
2015-12-26 19:54 - 2014-12-15 15:54 - 00000000 ____D C:\Program Files\Intel
2015-12-26 17:47 - 2009-07-14 05:33 - 00293352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-26 17:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-26 15:43 - 2014-12-15 15:37 - 00000000 ____D C:\ProgramData\Adobe
2015-12-26 15:43 - 2014-12-15 15:37 - 00000000 ____D C:\Program Files\Adobe
2015-12-26 11:18 - 2015-03-30 09:17 - 243495696 _____ C:\Windows\MEMORY.DMP
2015-12-26 11:18 - 2015-03-30 09:17 - 00000000 ____D C:\Windows\Minidump
2015-12-24 16:34 - 2015-11-07 16:39 - 00657014 _____ C:\Windows\ntbtlog.txt
2015-12-23 09:29 - 2014-12-15 15:36 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======


Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\InstHelper.exe
C:\Users\admin\AppData\Local\Temp\jre-8u31-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-23 09:57

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:435.95 GB) NTFS

Available physical RAM: 1331.21 MB
Total physical RAM: 3066.93 MB
Percentage of memory in use: 56%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2BB47D34)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0425d8182117a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfa646778a3f.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d092183aff7305.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bfa646abe885.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\admin\Desktop" je 130 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Márty84]

Zdravim

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[Wenzl]

# AdwCleaner v5.027 - Logfile created 02/01/2016 at 09:01:52
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : admin - ACER
# Running from : C:\Users\admin\Desktop\adwcleaner_5.027.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files\Smart Driver Updater
Folder Found : C:\Program Files\XTab
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Driver Updater
Folder Found : C:\Users\admin\AppData\Roaming\Smart Driver Updater
Folder Found : C:\Users\admin\AppData\Roaming\webssearches

***** [ Files ] *****

File Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
File Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
File Found : C:\Users\admin\Desktop\Smart Driver Updater.lnk

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Smart Driver Updater
Key Found : HKLM\SOFTWARE\webssearchesSoftware
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Driver Updater_is1
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3&q={searchTerms}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Found : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1422087984&from=cvs&uid=WDCXWD5000LPVX-00V0TT0_WD-WX81A841RZZ31RZZ3

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2608 bytes] ##########






Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 2.1.2016
Čas skenování: 8:40
Protokol: adwcleaner.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.01.02.02
Databáze rootkitů: v2015.12.26.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: admin

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 281178
Uplynulý čas: 6 min, 19 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 3
PUP.Optional.WebSearch, HKLM\SOFTWARE\webssearchesSoftware, , [efeba49082171a1c7786cd062ad9a858],
PUP.Optional.WebSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [607ad064d8c15ed8c5365f744cb7e51b],
PUP.Optional.WebSearch, HKU\S-1-5-21-1304745929-116714445-2305486652-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [11c9ff3590099d99cf2b864dc43f9d63],

Hodnoty registru: 2
PUP.Optional.WebSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://istart.webssearches.com/web/?typ ... earchTerms}, , [607ad064d8c15ed8c5365f744cb7e51b]
PUP.Optional.WebSearch, HKU\S-1-5-21-1304745929-116714445-2305486652-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://istart.webssearches.com/web/?typ ... earchTerms}, , [11c9ff3590099d99cf2b864dc43f9d63]

Data registru: 5
PUP.Optional.WebSearch, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc ... 1RZZ31RZZ3, Dobré: (iexplore.exe), Špatné: (C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc ... 1RZZ31RZZ3),,[21b993a16138181e91b0e8b62dd7e61a]
PUP.Optional.WebSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?typ ... earchTerms}, Dobré: (www.google.com), Špatné: (http://istart.webssearches.com/web/?typ ... earchTerms}),,[0ccec56f8d0c7eb8ae68c2da976d02fe]
PUP.Optional.WebSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://istart.webssearches.com/web/?typ ... earchTerms}, Dobré: (www.google.com), Špatné: (http://istart.webssearches.com/web/?typ ... earchTerms}),,[76644fe5f2a7979f44d2297331d37090]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[fbdffd374b4e6ec8ad37debcef15b947]
PUP.Optional.WebSearch, HKU\S-1-5-21-1304745929-116714445-2305486652-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp ... 1RZZ31RZZ3, Dobré: (www.google.com), Špatné: (http://istart.webssearches.com/?type=hp ... 1RZZ31RZZ3),,[d1092311980160d6ce442b71d23207f9]

Složky: 2
PUP.Optional.WebSearch, C:\Users\admin\AppData\Roaming\webssearches, , [934711233960a0966fb6cee5877bd828],
PUP.Optional.WebSearch, C:\Users\admin\AppData\Roaming\webssearches\log, , [934711233960a0966fb6cee5877bd828],

Soubory: 2
PUP.Optional.XTabs, C:\Users\admin\AppData\Local\Temp\~dl387B\~dljyb\tmp\STab_Down_6.0.6.6.exe, , [9d3d1c18dbbe38fe92498732ea1a14ec],
PUP.Optional.WebSearch, C:\Users\admin\AppData\Roaming\webssearches\log\UninstallManager_2015-01-24[13-06-32-132].log, , [934711233960a0966fb6cee5877bd828],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

Vsechny nalezy MBAM nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte (ale tentokrat opravdu se spravnym nastavenim - tohle byl jen Sken hrozeb, ten nekontroluje cely pocitac, ja chtel Vlastni sken), at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.


Log z ADWCleaneru je jen po skenu, ja chtel az po odstraneni nalezu. Tak doufam, ze jste je nechal smaznout.

[Wenzl]

Omlouvám se za předchozí, snad jsem to teď udělal dobře.

# AdwCleaner v5.027 - Logfile created 02/01/2016 at 11:13:42
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : admin - ACER
# Running from : C:\Users\admin\Desktop\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Smart Driver Updater
[-] Folder Deleted : C:\Program Files\XTab
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Driver Updater
[-] Folder Deleted : C:\Users\admin\AppData\Roaming\Smart Driver Updater

***** [ Files ] *****

[-] File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
[-] File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
[-] File Deleted : C:\Users\admin\Desktop\Smart Driver Updater.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Smart Driver Updater
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Driver Updater_is1

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1441 bytes] ##########





Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 2.1.2016
Čas skenování: 9:44
Protokol: mam2.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.01.02.03
Databáze rootkitů: v2015.12.26.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: admin

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 348528
Uplynulý čas: 51 min, 22 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

MBAM odinstalujte.



Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Wenzl]

ComboFix 16-01-01.01 - admin 02.01.2016 14:08:14.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3067.1644 [GMT 1:00]
Spuštěný z: c:\users\admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET7F21.tmp
c:\windows\system32\SET8319.tmp
c:\windows\system32\SET94E8.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-02 do 2016-01-02 )))))))))))))))))))))))))))))))
.
.
2016-01-02 08:01 . 2016-01-02 10:13 -------- d-----w- C:\AdwCleaner
2016-01-02 07:39 . 2016-01-02 07:39 -------- d-----w- c:\programdata\Malwarebytes
2016-01-01 10:23 . 2016-01-01 11:04 -------- d-----w- C:\FRST
2015-12-26 16:42 . 2015-12-26 16:42 69632 ----a-w- c:\windows\system32\smss.exe
2015-12-26 16:42 . 2015-12-26 16:42 640512 ----a-w- c:\windows\system32\advapi32.dll
2015-12-26 16:42 . 2015-12-26 16:42 619520 ----a-w- c:\windows\system32\tdh.dll
2015-12-26 16:42 . 2015-12-26 16:42 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-26 16:42 . 2015-12-26 16:42 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-26 16:42 . 2015-12-26 16:42 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-12-26 16:42 . 2015-12-26 16:42 1289096 ----a-w- c:\windows\system32\ntdll.dll
2015-12-26 16:42 . 2015-12-26 16:42 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2015-12-26 16:42 . 2015-12-26 16:42 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2015-12-26 16:42 . 2015-12-26 16:42 231424 ----a-w- c:\windows\system32\mswsock.dll
2015-12-26 16:42 . 2015-12-26 16:42 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2015-12-26 16:42 . 2015-12-26 16:42 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2015-12-26 16:42 . 2015-12-26 16:42 49152 ----a-w- c:\windows\system32\taskhost.exe
2015-12-26 16:40 . 2015-12-26 16:40 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-12-26 16:38 . 2015-12-26 16:38 1505280 ----a-w- c:\windows\system32\d3d11.dll
2015-12-26 15:24 . 2015-12-26 15:24 -------- d-----w- c:\users\admin\AppData\Local\WindowsUpdate
2015-12-26 14:43 . 2015-12-26 14:43 -------- d-----w- c:\program files\Common Files\Adobe
2015-12-26 13:19 . 2015-12-26 13:19 -------- d-----w- c:\program files\Common Files\Intel Corporation
2015-12-26 13:17 . 2015-12-26 13:17 -------- d-----w- c:\users\admin\AppData\Roaming\Intel Corporation
2015-12-26 13:14 . 2012-11-19 11:10 526392 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2015-12-26 13:14 . 2012-11-19 11:10 25656 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2015-12-26 12:25 . 2015-12-26 12:25 -------- d-----w- c:\users\admin\AppData\Local\ElevatedDiagnostics
2015-12-23 08:26 . 2015-12-23 08:26 -------- d-----w- C:\found.000
2015-12-05 15:55 . 2015-12-05 15:55 -------- d-----w- c:\program files\Common Files\AV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-02 10:10 . 2015-01-23 19:57 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-01-02 10:10 . 2015-01-23 19:57 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIIME.EXE" [2012-02-29 249440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-07-08 5089480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-09-04 11:43 55357464 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-12-26 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 526392]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 25656]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-07-14 202704]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-07-14 144536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 172032]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-09-21 1815800]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2015-07-08 1353720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2015-07-14 132152]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-23 08:29 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23 10:10]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0425d8182117a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bfa646778a3f.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d092183aff7305.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0bfa646abe885.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2016-01-02 14:17:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-02 13:17
.
Před spuštěním: Volných bajtů: 467 698 536 448
Po spuštění: Volných bajtů: 467 477 413 888
.
- - End Of File - - E8CBF0D5652FFBBC85D92B4CC21B3CD1
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0425d8182117a.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bfa646778a3f.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1d092183aff7305.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0bfa646abe885.job

Folder::
c:\programdata\Malwarebytes

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Driver::
MBAMSwissArmy
SkypeUpdate

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[Wenzl]

Provedeno.

ComboFix 16-01-01.01 - admin 02.01.2016 18:47:44.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3067.2483 [GMT 1:00]
Spuštěný z: c:\users\admin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\admin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0425d8182117a.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bfa646778a3f.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA1d092183aff7305.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0bfa646abe885.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Malwarebytes
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\Configuration\gatekeeper.conf
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\Configuration\license.conf
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\Configuration\notifications.conf
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\Configuration\settings.conf
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\Configuration\scheduler.conf
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\Configuration\statistics.conf
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\exclusions.dat
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2016-01-02 (08-40-53).xml
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2016-01-02 (09-29-54).xml
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-2016-01-02 (09-44-43).xml
c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\Logs\protection-log-2016-01-02.xml
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MBAMSWISSARMY
-------\Service_MBAMSwissArmy
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-02 do 2016-01-02 )))))))))))))))))))))))))))))))
.
.
2016-01-02 17:53 . 2016-01-02 17:54 -------- d-----w- c:\users\admin\AppData\Local\temp
2016-01-02 17:53 . 2016-01-02 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-02 17:46 . 2016-01-02 17:46 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B760D923-8BBF-4627-AA05-395EC5B2BC1C}\offreg.dll
2016-01-02 08:01 . 2016-01-02 10:13 -------- d-----w- C:\AdwCleaner
2016-01-01 10:23 . 2016-01-01 11:04 -------- d-----w- C:\FRST
2015-12-26 16:42 . 2015-12-26 16:42 69632 ----a-w- c:\windows\system32\smss.exe
2015-12-26 16:42 . 2015-12-26 16:42 640512 ----a-w- c:\windows\system32\advapi32.dll
2015-12-26 16:42 . 2015-12-26 16:42 619520 ----a-w- c:\windows\system32\tdh.dll
2015-12-26 16:42 . 2015-12-26 16:42 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-26 16:42 . 2015-12-26 16:42 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-26 16:42 . 2015-12-26 16:42 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-12-26 16:42 . 2015-12-26 16:42 1289096 ----a-w- c:\windows\system32\ntdll.dll
2015-12-26 16:42 . 2015-12-26 16:42 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2015-12-26 16:42 . 2015-12-26 16:42 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2015-12-26 16:42 . 2015-12-26 16:42 231424 ----a-w- c:\windows\system32\mswsock.dll
2015-12-26 16:42 . 2015-12-26 16:42 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2015-12-26 16:42 . 2015-12-26 16:42 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2015-12-26 16:42 . 2015-12-26 16:42 49152 ----a-w- c:\windows\system32\taskhost.exe
2015-12-26 16:40 . 2015-12-26 16:40 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-12-26 16:38 . 2015-12-26 16:38 1505280 ----a-w- c:\windows\system32\d3d11.dll
2015-12-26 15:24 . 2015-12-26 15:24 -------- d-----w- c:\users\admin\AppData\Local\WindowsUpdate
2015-12-26 14:43 . 2015-12-26 14:43 -------- d-----w- c:\program files\Common Files\Adobe
2015-12-26 13:19 . 2015-12-26 13:19 -------- d-----w- c:\program files\Common Files\Intel Corporation
2015-12-26 13:17 . 2015-12-26 13:17 -------- d-----w- c:\users\admin\AppData\Roaming\Intel Corporation
2015-12-26 13:14 . 2012-11-19 11:10 526392 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2015-12-26 13:14 . 2012-11-19 11:10 25656 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2015-12-26 12:25 . 2015-12-26 12:25 -------- d-----w- c:\users\admin\AppData\Local\ElevatedDiagnostics
2015-12-23 08:26 . 2015-12-23 08:26 -------- d-----w- C:\found.000
2015-12-05 15:55 . 2015-12-05 15:55 -------- d-----w- c:\program files\Common Files\AV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-02 10:10 . 2015-01-23 19:57 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-01-02 10:10 . 2015-01-23 19:57 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIIME.EXE" [2012-02-29 249440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2015-07-08 5089480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-12-26 102912]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 526392]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 25656]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-07-14 202704]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-07-14 144536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 172032]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-09-21 1815800]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2015-07-08 1353720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2015-07-14 132152]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-23 08:29 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23 10:10]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0425d8182117a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bfa646778a3f.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d092183aff7305.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0bfa646abe885.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-15 10:18]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2016-01-02 18:56:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-02 17:56
ComboFix2.txt 2016-01-02 13:17
.
Před spuštěním: Volných bajtů: 467 078 631 424
Po spuštění: Volných bajtů: 467 027 304 448
.
- - End Of File - - 01A0E617EA0BF5DCFFD43004336F9261
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)


Dejte novy log z FRST

[Wenzl]

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition SP1 [6.1 Build 7601] (x86)
Date : 2016/01/02 22:17:15

-- Controller Map ----------------------------------------------------------
+ Standardní řadič AHCI 1.0 s rozhraním Serial ATA [ATA]
+ ATA Channel 0 (0)
- WDC WD5000LPVX-00V0TT0 ATA Device
+ ATA Channel 1 (1)
- HL-DT-ST DVDRAM GU10N ATA Device
- ATA Channel 4 (4)
- ATA Channel 5 (5)

-- Disk List ---------------------------------------------------------------
(1) WDC WD5000LPVX-00V0TT0 : 500,1 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) WDC WD5000LPVX-00V0TT0
----------------------------------------------------------------------------
Model : WDC WD5000LPVX-00V0TT0
Firmware : 01.01A01
Serial Number : WD-WX81A841RZZ3
Disk Size : 500,1 GB (8,4/137,4/500,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ----
Transfer Mode : SATA/600
Power On Hours : 302 hod.
Power On Count : 419 krát
Temparature : 27 C (80 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 00000000005D Počet chyb čtení
03 151 144 _21 000000000599 Čas na roztočení ploten
04 100 100 __0 0000000001A6 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 199 __0 000000000000 Počet chybných hledání
09 100 100 __0 00000000012E Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C 100 100 __0 0000000001A3 Počet cyklů zapnutí zařízení
C0 200 200 __0 00000000000C Počet vypnutí disku
C1 199 199 __0 0000000010C9 Počet cyklů načítání/vymazání
C2 116 _95 __0 00000000001B Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 100 253 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 4138 4138 3431 525A 5A33
020: 0000 4000 0000 3031 2E30 3031 3031 5744 4320 5744
030: 3530 3030 4C50 5658 2D30 3054 3054 5430 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0100
060: FFFF 0FFF 0000 0107 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 FF0E FF0E 0004 004C 0040
080: 03FE 0000 746B 7D69 6123 BC49 BC49 6123 007F 0031
090: 0031 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 6003 6003 0000 5001 4EE2
110: 606A BCBB 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 7035 7035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 103E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 C5A5

[Wenzl]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-12-2015
Ran by admin (2016-01-02 22:19:41)
Running from C:\Users\admin\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2014-12-15 14:33:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-1304745929-116714445-2305486652-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1304745929-116714445-2305486652-500 - Administrator - Disabled)
Guest (S-1-5-21-1304745929-116714445-2305486652-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{D2AB6631-A754-5BF3-4DA5-BDC13465019F}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
AuthenTec Fingerprint Software (HKLM\...\{83F136F0-2AE5-420C-A0B6-A440AD42591C}) (Version: 8.5.4.28 - AuthenTec, Inc.)
ccc-core-static (Version: 2010.0122.858.16002 - Název společnosti:) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
EPSON XP-202 203 206 Series Printer Uninstall (HKLM\...\EPSON XP-202 203 206 Series) (Version: - SEIKO EPSON Corporation)
ESET NOD32 Antivirus (HKLM\...\{6CDA4EB5-B6C5-4A81-89C2-4F210DCC7A2D}) (Version: 8.0.319.1 - ESET, spol s r. o.)
Google Chrome (HKLM\...\{C3FF5ACB-174A-3E07-AE2A-62063FBCC9B1}) (Version: 47.0.2526.106 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.9.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.0 - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM\...\{C560D6E7-E40A-435D-8B71-62CBCF1701B2}) (Version: 4.11.9775 - Apache Software Foundation)
PhotoFiltre 7 (HKU\S-1-5-21-1304745929-116714445-2305486652-1000\...\PhotoFiltre 7) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
Skype™ 7.10 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01063816-AA2A-4B48-B37B-CC6C7F535305} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {071FEB4E-FA40-43C3-B492-706402371E50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {172DFA9B-5B69-4A51-B291-414987F256BD} - System32\Tasks\GoogleUpdateTaskMachineUA1d092183aff7305 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {359CFF69-D7A7-42AF-9AFD-883888A13EBF} - System32\Tasks\{C98180D3-18F0-4065-A002-A72F2BBD1E95} => pcalua.exe -a C:\Users\admin\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION
Task: {403A2C48-752A-4ABD-8C00-53CA6A7014A0} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bfa646778a3f => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4B706E0F-30D7-4EC3-8985-0DA72C1F1475} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bfa646abe885 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {7D5BC47D-104B-4458-87D7-B9EE1AD45167} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-12-12] ()
Task: {A7AB6C35-3DB8-4B98-B2AF-23EFCD46953C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {C5955293-A4BE-4349-94F4-E9BB3ACBBE21} - System32\Tasks\GoogleUpdateTaskMachineCore1d0425d8182117a => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {DDDD749D-E238-4C67-A80A-D923FB3D231F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0425d8182117a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfa646778a3f.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d092183aff7305.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bfa646abe885.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-03-26 10:41 - 2010-03-26 10:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-12-15 15:58 - 2014-12-15 15:58 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-01-02 18:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1304745929-116714445-2305486652-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D27B0388-BA7B-4B1F-94B3-206958B36E46}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{960394C2-5581-415C-8BC5-3D86D808B940}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-09-2015 15:16:03 Naplánovaný kontrolní bod
03-10-2015 12:43:46 Naplánovaný kontrolní bod
10-10-2015 22:33:36 Naplánovaný kontrolní bod
23-12-2015 10:39:02 Naplánovaný kontrolní bod
26-12-2015 12:05:58 Nainstalováno: ESET NOD32 Antivirus
26-12-2015 12:57:20 Instalační služba modulů systému Windows
26-12-2015 13:03:53 Instalační služba modulů systému Windows
26-12-2015 13:06:13 Instalační služba modulů systému Windows
26-12-2015 13:07:07 Instalační služba modulů systému Windows
26-12-2015 13:31:48 Installed Microsoft Fix it 50123
26-12-2015 13:32:52 Installed Microsoft Fix it 50123
26-12-2015 16:10:16 Installed Microsoft Fix it 50123
26-12-2015 17:35:05 Installed Microsoft Fix it 50123
26-12-2015 17:38:33 Instalační služba modulů systému Windows
26-12-2015 20:16:10 Instalační služba modulů systému Windows
02-01-2016 14:06:30 ComboFix created restore point

==================== Faulty Device Manager Devices =============

Name: Adaptér miniportu Microsoft Virtual WiFi
Description: Adaptér miniportu Microsoft Virtual WiFi
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2016 09:22:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2016 09:02:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2016 06:56:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2016 04:29:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2016 02:16:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2016 12:34:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2016 11:16:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2016 11:06:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2016 09:42:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2016 09:30:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/02/2016 09:21:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (01/02/2016 09:01:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (01/02/2016 06:55:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (01/02/2016 06:54:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (18:52:57, ‎2.‎1.‎2016) bylo neočekávané.

Error: (01/02/2016 06:50:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/02/2016 06:47:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/02/2016 04:28:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (01/02/2016 04:27:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:01:00, ‎2.‎1.‎2016) bylo neočekávané.

Error: (01/02/2016 02:16:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (01/02/2016 02:15:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (14:13:56, ‎2.‎1.‎2016) bylo neočekávané.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 66%
Total physical RAM: 3066.93 MB
Available physical RAM: 1019.4 MB
Total Virtual: 6132.14 MB
Available Virtual: 3913.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:434.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2BB47D34)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Wenzl]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by admin (administrator) on ACER (02-01-2016 22:19:04)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIME.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_20_0_0_270_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5089480 2015-07-08] (ESET)
HKU\S-1-5-21-1304745929-116714445-2305486652-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIIME.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{A82F97FA-A522-4E5B-990C-DDE47EBF3DE5}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1304745929-116714445-2305486652-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1304745929-116714445-2305486652-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1304745929-116714445-2305486652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1304745929-116714445-2305486652-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Dokumenty Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-15]
CHR Extension: (Disk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-05]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-05]
CHR Extension: (Tabulky Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1815800 2009-09-21] (AuthenTec, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5191680 2010-01-22] (ATI Technologies Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202704 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [144536 2015-07-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [132152 2015-07-14] (ESET)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [526392 2012-11-19] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-11-19] (Intel Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 22:19 - 2016-01-02 22:19 - 00008661 _____ C:\Users\admin\Desktop\FRST.txt
2016-01-02 22:15 - 2016-01-02 22:16 - 00000000 ____D C:\Users\admin\Desktop\CrystalDiskInfo5_0_0
2016-01-02 22:15 - 2016-01-02 22:15 - 01721856 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2016-01-02 22:13 - 2016-01-02 22:13 - 01496172 _____ C:\Users\admin\Desktop\CrystalDiskInfo5_0_0.zip
2016-01-02 21:05 - 2016-01-02 21:05 - 00000000 ____D C:\Dir2Text
2016-01-02 21:04 - 2016-01-02 21:04 - 00273408 _____ C:\Users\admin\Desktop\Dir2text.EXE
2016-01-02 14:06 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-02 14:06 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-02 14:06 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-02 14:06 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-02 14:06 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-02 14:06 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-02 14:06 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-02 14:06 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-02 14:04 - 2016-01-02 18:57 - 00000000 ____D C:\Qoobox
2016-01-02 14:04 - 2016-01-02 18:53 - 00000000 ____D C:\Windows\erdnt
2016-01-02 12:36 - 2016-01-02 12:36 - 05643309 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2016-01-02 09:01 - 2016-01-02 11:13 - 00000000 ____D C:\AdwCleaner
2016-01-02 08:37 - 2016-01-02 08:37 - 22908888 _____ (Malwarebytes ) C:\Users\admin\Desktop\mbam-setup-2.2.0.1024.exe
2016-01-02 08:33 - 2016-01-02 08:33 - 01745920 _____ C:\Users\admin\Desktop\adwcleaner_5.027.exe
2016-01-01 12:13 - 2016-01-01 12:13 - 00005046 _____ C:\Users\admin\Desktop\Addition.zip
2016-01-01 11:23 - 2016-01-02 22:19 - 00000000 ____D C:\FRST
2015-12-27 09:11 - 2015-12-27 09:11 - 00000000 ____D C:\Windows\SoftwareDistribution.3
2015-12-26 20:09 - 2015-12-26 20:09 - 00003617 _____ C:\Users\admin\Downloads\Reset_Windows_Update_Full.bat
2015-12-26 20:02 - 2015-12-26 20:11 - 00000000 ____D C:\Windows\SoftwareDistribution.old2
2015-12-26 17:43 - 2015-12-26 17:43 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-26 17:43 - 2015-12-26 17:43 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-26 17:43 - 2015-12-26 17:43 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-12-26 17:43 - 2015-12-26 17:43 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-26 17:43 - 2015-12-26 17:43 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-12-26 17:43 - 2015-12-26 17:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-12-26 17:43 - 2015-12-26 17:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-12-26 17:43 - 2015-12-26 17:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-26 17:42 - 2015-12-26 17:42 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-12-26 17:42 - 2015-12-26 17:42 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-26 17:42 - 2015-12-26 17:42 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-12-26 17:42 - 2015-12-26 17:42 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-26 17:42 - 2015-12-26 17:42 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-12-26 17:42 - 2015-12-26 17:42 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-12-26 17:42 - 2015-12-26 17:42 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-12-26 17:42 - 2015-12-26 17:42 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-12-26 17:42 - 2015-12-26 17:42 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-12-26 17:42 - 2015-12-26 17:42 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-12-26 17:42 - 2015-12-26 17:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-12-26 17:42 - 2015-12-26 17:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-12-26 17:42 - 2015-12-26 17:42 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-12-26 17:41 - 2015-12-26 17:41 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-12-26 17:41 - 2015-12-26 17:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-12-26 17:40 - 2015-12-26 17:40 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-12-26 17:38 - 2015-12-26 17:38 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-12-26 16:24 - 2015-12-26 16:24 - 00000000 ____D C:\Users\admin\AppData\Local\WindowsUpdate
2015-12-26 15:43 - 2015-12-26 15:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-26 15:43 - 2015-12-26 15:43 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-26 15:43 - 2015-12-26 15:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-26 14:19 - 2015-12-26 14:19 - 00000000 ____D C:\Program Files\Common Files\Intel Corporation
2015-12-26 14:17 - 2015-12-26 14:17 - 00000000 ____D C:\Users\admin\AppData\Roaming\Intel Corporation
2015-12-26 14:14 - 2012-11-19 12:10 - 00526392 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2015-12-26 14:14 - 2012-11-19 12:10 - 00025656 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2015-12-26 14:13 - 2015-12-26 14:14 - 12384248 _____ (Macrovision Corporation) C:\Users\admin\Downloads\iata_cd.exe
2015-12-26 13:25 - 2015-12-26 13:25 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2015-12-26 13:06 - 2015-12-26 13:06 - 02077392 _____ (Microsoft Corporation) C:\Users\admin\Downloads\IE11-Windows6.1 (1).exe
2015-12-26 13:05 - 2015-12-26 13:05 - 02077392 _____ (Microsoft Corporation) C:\Users\admin\Downloads\IE11-Windows6.1.exe
2015-12-26 12:06 - 2015-12-26 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-26 12:06 - 2015-12-26 12:06 - 00000000 ____D C:\ProgramData\ESET
2015-12-26 11:18 - 2015-12-26 11:18 - 00144104 _____ C:\Windows\Minidump\122615-16676-01.dmp
2015-12-23 09:26 - 2015-12-23 09:26 - 00000000 ____D C:\found.000
2015-12-05 16:55 - 2015-12-05 16:55 - 00000000 ____D C:\Program Files\Common Files\AV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 22:12 - 2015-05-19 10:43 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d092183aff7305.job
2016-01-02 22:12 - 2015-01-23 20:57 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-02 22:12 - 2014-12-15 15:36 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-02 21:27 - 2009-07-14 05:34 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-02 21:27 - 2009-07-14 05:34 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-02 21:24 - 2011-04-12 02:37 - 00623698 _____ C:\Windows\system32\perfh005.dat
2016-01-02 21:24 - 2011-04-12 02:37 - 00119346 _____ C:\Windows\system32\perfc005.dat
2016-01-02 21:24 - 2010-11-20 22:01 - 01449156 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-02 21:24 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-01-02 21:22 - 2015-07-16 10:03 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bfa646abe885.job
2016-01-02 21:20 - 2015-07-16 10:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfa646778a3f.job
2016-01-02 21:20 - 2015-02-06 23:37 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0425d8182117a.job
2016-01-02 21:20 - 2014-12-15 15:36 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-02 21:20 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-02 21:14 - 2014-12-15 15:33 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2016-01-02 18:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2016-01-02 18:54 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2016-01-02 18:53 - 2009-07-14 03:03 - 29835264 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-01-02 18:53 - 2009-07-14 03:03 - 16515072 _____ C:\Windows\system32\config\SYSTEM.bak
2016-01-02 18:53 - 2009-07-14 03:03 - 00245760 _____ C:\Windows\system32\config\DEFAULT.bak
2016-01-02 18:53 - 2009-07-14 03:03 - 00061440 _____ C:\Windows\system32\config\SAM.bak
2016-01-02 18:53 - 2009-07-14 03:03 - 00024576 _____ C:\Windows\system32\config\SECURITY.bak
2016-01-02 11:10 - 2015-01-23 20:57 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-02 11:10 - 2015-01-23 20:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-02 09:40 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\addins
2015-12-27 09:07 - 2014-12-15 16:10 - 00000000 ____D C:\Users\admin\AppData\Local\ESET
2015-12-26 19:54 - 2014-12-15 15:54 - 00000000 ____D C:\Program Files\Intel
2015-12-26 17:47 - 2009-07-14 05:33 - 00293352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-26 17:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-26 15:43 - 2014-12-15 15:37 - 00000000 ____D C:\ProgramData\Adobe
2015-12-26 15:43 - 2014-12-15 15:37 - 00000000 ____D C:\Program Files\Adobe
2015-12-26 11:18 - 2015-03-30 09:17 - 243495696 _____ C:\Windows\MEMORY.DMP
2015-12-26 11:18 - 2015-03-30 09:17 - 00000000 ____D C:\Windows\Minidump
2015-12-24 16:34 - 2015-11-07 16:39 - 00657014 _____ C:\Windows\ntbtlog.txt
2015-12-23 09:29 - 2014-12-15 15:36 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-23 09:57

==================== End of FRST.txt ============================

[Márty84]

Vypnete trvale Windows Defender.



Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1304745929-116714445-2305486652-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1304745929-116714445-2305486652-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Toolbar: HKU\S-1-5-21-1304745929-116714445-2305486652-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

2016-01-02 08:37 - 2016-01-02 08:37 - 22908888 _____ (Malwarebytes ) C:\Users\admin\Desktop\mbam-setup-2.2.0.1024.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0425d8182117a.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bfa646778a3f.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d092183aff7305.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bfa646abe885.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {359CFF69-D7A7-42AF-9AFD-883888A13EBF} - System32\Tasks\{C98180D3-18F0-4065-A002-A72F2BBD1E95} => pcalua.exe -a C:\Users\admin\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[Wenzl]

Další opravu musím odložit o min. 2 týdny. Každopádně moc děkuji za dosavadní pomoc.