VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

otvirani oken na internetu

https://forum.viry.cz:443/viewtopic.php?t=148035

Stránka 1 z 1

otvirani oken na internetu

Napsal: 22 úno 2016 18:41
od j819
prosím o kontrolu počítače.

při procházení internetem se začnou otvírat nová okna s reklamou nebo hrou, internet je pomaly.

předem dík :)


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Vlastnik (administrator) on PC (22-02-2016 18:37:05)
Running from C:\Users\Vlastnik\Desktop
Loaded Profiles: Vlastnik (Available Profiles: Vlastnik)
Platform: Windows 8.1 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Users\Vlastnik\AppData\Roaming\Seznam Browser\Seznam.cz.exe" -surl="%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Akamai Technologies, Inc.) C:\Users\Vlastnik\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Vlastnik\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(forum.viry.cz) C:\Users\Vlastnik\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-10-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-03] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7682368 2014-04-28] (OrdinarySoft)
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Vlastnik\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: G - "G:\noautorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: H - "H:\autorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {26f8baa0-3148-11e5-8284-0023541a9327} - "J:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {49faa4f7-2b1c-11e5-827d-0023541a9327} - "I:\Autorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {bd643153-24b2-11e5-826e-0023541a9327} - "H:\autorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {bd643195-24b2-11e5-826e-0023541a9327} - "G:\noautorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {d8db889b-8326-11e5-830c-0023541a9327} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {e9d86e7b-2a24-11e5-827c-0023541a9327} - "I:\SISetup.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {fbbcff9c-18df-11e5-8254-0023541a9327} - "P:\Autorun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
BootExecute: autocheck autochk * aswBoot.exe /M:15b15c78 /wow /dir:"C:\Program Files\AVAST Software\Avast"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{593D310F-245A-4E7A-B655-8083CB7DDD3E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-16] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Vlastnik\AppData\Roaming\Mozilla\Firefox\Profiles\31pz98yp.default
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2015-07-06] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"WinDivert1.1" => service could not be unlocked. <===== ATTENTION

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-10-28] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-10-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-10-28] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-03] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-07-15] ()
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-22] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-07-15] ()
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-10-28] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [47760 2015-11-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-10-28] (NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S5 WinDivert1.1; <===== ATTENTION: Locked Service
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-22 18:37 - 2016-02-22 18:37 - 00014228 _____ C:\Users\Vlastnik\Desktop\FRST.txt
2016-02-22 18:36 - 2016-02-22 18:37 - 00000000 ____D C:\FRST
2016-02-22 18:36 - 2016-02-22 18:36 - 00112640 _____ (forum.viry.cz) C:\Users\Vlastnik\Desktop\FRSTLauncher.exe
2016-02-22 18:16 - 2016-02-22 18:16 - 00112640 _____ (forum.viry.cz) C:\Users\Vlastnik\Downloads\FRSTLauncher.exe.part
2016-02-22 18:14 - 2016-02-22 18:12 - 02371072 _____ (Farbar) C:\Users\Vlastnik\Desktop\FRST64.exe
2016-02-22 18:11 - 2016-02-22 18:12 - 02371072 _____ (Farbar) C:\Users\Vlastnik\Downloads\FRST64.exe
2016-02-22 17:02 - 2016-02-22 17:11 - 00000000 ____D C:\AdwCleaner
2016-02-22 17:02 - 2016-02-22 17:02 - 01511936 _____ C:\Users\Vlastnik\Downloads\adwcleaner_5.036.exe
2016-02-21 21:44 - 2016-02-22 05:03 - 00000000 ____D C:\Users\Vlastnik\AppData\Local\Mozilla
2016-02-21 21:44 - 2016-02-21 21:44 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-21 21:44 - 2016-02-21 21:44 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-21 21:44 - 2016-02-21 21:44 - 00000000 ____D C:\Users\Vlastnik\AppData\Roaming\Mozilla
2016-02-21 19:31 - 2016-02-21 19:31 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-02-21 19:31 - 2016-02-21 19:31 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-21 19:31 - 2016-02-21 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-02-21 19:31 - 2016-02-21 19:31 - 00000000 ____D C:\Program Files\CCleaner
2016-02-20 17:44 - 2016-02-20 17:44 - 00003734 _____ C:\Windows\System32\Tasks\{ABB45ECA-CCD1-8B19-D936-8D083D051F17}
2016-02-20 17:44 - 2016-02-20 17:44 - 00000000 ____D C:\ProgramData\85204114
2016-02-14 10:49 - 2016-02-14 10:49 - 00262144 ____H C:\Windows\DUMP7708.DMP
2016-02-13 08:44 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-13 08:44 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-13 08:44 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-13 08:44 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-13 08:44 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-13 08:44 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-13 08:44 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-13 08:44 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 16:46 - 2016-01-22 09:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 16:46 - 2016-01-22 08:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 16:46 - 2016-01-22 06:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-02-10 16:46 - 2016-01-22 06:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-02-10 16:46 - 2016-01-22 06:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 16:46 - 2016-01-22 05:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 16:46 - 2016-01-15 02:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 16:46 - 2016-01-14 21:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 16:46 - 2016-01-14 21:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 16:46 - 2016-01-14 21:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 16:46 - 2016-01-14 21:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 16:46 - 2016-01-14 21:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 16:46 - 2016-01-14 21:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 16:46 - 2016-01-10 20:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 16:46 - 2016-01-10 19:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 16:46 - 2016-01-10 19:15 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 16:46 - 2016-01-10 19:15 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 16:46 - 2016-01-10 18:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-10 16:46 - 2016-01-10 18:43 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-02-10 16:46 - 2016-01-10 18:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 16:46 - 2016-01-10 18:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 16:46 - 2016-01-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-10 16:46 - 2016-01-10 18:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 16:46 - 2016-01-10 18:09 - 01442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 16:46 - 2016-01-10 18:09 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-02-10 16:46 - 2016-01-10 18:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 16:46 - 2016-01-10 17:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 16:46 - 2016-01-10 17:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-02-10 16:46 - 2016-01-10 17:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 16:46 - 2016-01-10 17:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 16:46 - 2016-01-10 17:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 16:46 - 2016-01-10 17:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 16:46 - 2016-01-07 19:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 16:46 - 2015-12-29 16:45 - 07783936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-10 16:46 - 2015-12-29 16:45 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-02-10 16:46 - 2015-12-29 16:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-02-10 16:46 - 2015-12-29 16:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 16:45 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 16:45 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 16:45 - 2016-01-22 07:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-10 16:45 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 16:45 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 16:45 - 2016-01-22 06:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-02-10 16:45 - 2016-01-22 06:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-10 16:45 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 16:45 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 16:45 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 16:45 - 2016-01-22 06:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 16:45 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 16:45 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 16:45 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 16:45 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 16:45 - 2016-01-22 06:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-02-10 16:45 - 2016-01-22 06:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-02-10 16:45 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 16:45 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 16:45 - 2016-01-22 06:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 16:45 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 16:45 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 16:45 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 16:45 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 16:45 - 2016-01-19 20:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 16:45 - 2016-01-19 20:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-10 16:45 - 2016-01-19 20:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-10 16:45 - 2016-01-19 20:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 16:45 - 2016-01-19 20:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 16:45 - 2016-01-19 19:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-10 16:45 - 2016-01-19 19:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 16:45 - 2016-01-19 19:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-10 16:45 - 2016-01-19 19:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 16:45 - 2016-01-19 18:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 16:45 - 2016-01-19 17:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-02-10 16:45 - 2016-01-10 20:37 - 00136912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 16:45 - 2016-01-10 17:51 - 03707392 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 16:45 - 2016-01-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 16:45 - 2016-01-10 17:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 16:45 - 2016-01-10 17:36 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-02-10 16:45 - 2016-01-10 17:36 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 16:45 - 2016-01-10 17:35 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 16:45 - 2016-01-10 17:35 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 16:45 - 2016-01-10 17:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 16:45 - 2016-01-10 17:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 16:45 - 2016-01-10 17:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 16:45 - 2016-01-10 17:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 16:45 - 2016-01-06 19:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 16:45 - 2015-12-28 22:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
2016-02-10 16:45 - 2015-12-28 21:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
2016-02-10 16:45 - 2015-12-17 19:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 16:45 - 2015-12-17 17:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-07 17:30 - 2016-02-07 17:30 - 00280115 _____ C:\Users\Vlastnik\Downloads\Faktura vydaná-1209003101.pdf
2016-02-06 16:32 - 2016-02-06 12:40 - 12306444 ____N C:\Users\Vlastnik\Desktop\VIDEO0008.mp4
2016-01-26 20:46 - 2016-01-26 20:46 - 01044992 _____ C:\Users\Vlastnik\Downloads\hodnoceni_.ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-22 18:34 - 2015-11-10 20:09 - 00159744 ___SH C:\Users\Vlastnik\Desktop\Thumbs.db
2016-02-22 18:33 - 2015-07-23 20:31 - 00000000 ____D C:\Users\Vlastnik\AppData\Local\HTC MediaHub
2016-02-22 18:33 - 2015-06-22 10:54 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-22 18:33 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-22 17:24 - 2015-12-27 11:15 - 00000000 ____D C:\Users\Vlastnik\AppData\LocalLow\Unity
2016-02-22 17:24 - 2015-12-27 11:15 - 00000000 ____D C:\Users\Vlastnik\AppData\Local\Unity
2016-02-22 17:22 - 2015-06-14 07:16 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3392686917-2945606473-3598457833-1001
2016-02-22 17:18 - 2014-03-18 16:33 - 01658450 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-22 17:18 - 2014-03-18 15:54 - 00704264 _____ C:\Windows\system32\perfh005.dat
2016-02-22 17:18 - 2014-03-18 15:54 - 00143624 _____ C:\Windows\system32\perfc005.dat
2016-02-22 17:18 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-02-22 17:04 - 2016-01-10 16:45 - 00000000 ____D C:\Users\Vlastnik\AppData\Local\Seznam.cz
2016-02-22 16:38 - 2015-07-23 20:40 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C265F4E-6A35-48B0-A1C1-81A5BE828252}
2016-02-21 21:44 - 2015-12-09 16:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-21 19:49 - 2015-06-14 07:16 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-21 19:32 - 2015-08-04 20:29 - 00000000 ____D C:\Users\Vlastnik\AppData\Roaming\Media Player Classic
2016-02-21 19:32 - 2015-06-22 20:33 - 00000000 ____D C:\Windows\Minidump
2016-02-21 19:32 - 2015-06-22 19:18 - 00000000 ____D C:\Users\Vlastnik\AppData\Roaming\DAEMON Tools Lite
2016-02-21 19:32 - 2015-06-14 08:00 - 00000000 ____D C:\Windows\Panther
2016-02-21 13:11 - 2016-01-10 16:45 - 00000000 ____D C:\Users\Vlastnik\AppData\Roaming\Seznam Browser
2016-02-18 21:58 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-16 20:38 - 2015-09-05 17:57 - 00000000 ____D C:\Users\Vlastnik\.oracle_jre_usage
2016-02-16 20:38 - 2015-07-23 15:48 - 00000000 ____D C:\ProgramData\Oracle
2016-02-16 20:38 - 2015-07-23 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-16 20:38 - 2015-07-23 15:48 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-16 20:37 - 2015-07-23 15:49 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-16 19:57 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2016-02-14 11:29 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-14 11:20 - 2015-10-25 17:56 - 00000000 ____D C:\KMPlayer
2016-02-14 10:50 - 2013-08-22 15:44 - 00483568 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-14 10:49 - 2015-09-26 09:55 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-14 10:49 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2016-02-13 08:56 - 2015-06-14 07:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-13 08:55 - 2013-08-22 14:25 - 00000167 _____ C:\Windows\win.ini
2016-02-13 08:50 - 2015-09-24 18:54 - 00000000 ____D C:\Windows\system32\MRT
2016-02-13 08:50 - 2014-03-18 16:10 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-13 08:45 - 2015-09-24 18:54 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-11 22:05 - 2015-06-14 07:05 - 00000000 ____D C:\Users\Vlastnik\AppData\Local\Packages
2016-02-10 18:47 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 18:47 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-10 16:35 - 2015-11-11 19:58 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-10 16:35 - 2015-11-11 19:58 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-03 20:41 - 2015-07-23 20:30 - 00002047 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2016-02-03 20:41 - 2015-07-23 20:20 - 00000000 ____D C:\Users\Vlastnik\AppData\Local\Downloaded Installations
2016-02-02 03:37 - 2015-09-27 07:19 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-02 03:37 - 2015-09-27 07:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-25 20:01 - 2015-06-14 07:05 - 00000000 ____D C:\Users\Vlastnik
2016-01-24 13:03 - 2015-10-08 20:17 - 00617984 ___SH C:\Users\Vlastnik\Downloads\Thumbs.db

==================== Files in the root of some directories =======


Some files in TEMP:
====================
C:\Users\Vlastnik\AppData\Local\Temp\download-1456081570735-174392.exe
C:\Users\Vlastnik\AppData\Local\Temp\download-1456081579553-666641.exe
C:\Users\Vlastnik\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-22 05:07

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:55.56 GB) (Free:9.36 GB) NTFS
Drive d: (SYSTEM) (Fixed) (Total:149.01 GB) (Free:88.55 GB) NTFS
Drive p: (anno1404cz) (CDROM) (Total:2.75 GB) (Free:0 GB) UDF

Available physical RAM: 1037.81 MB
Total physical RAM: 2047.23 MB
Percentage of memory in use: 49%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 149 GB) (Disk ID: CFDCCFDC)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: C0C6E0A4)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.6 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Vlastnik\Desktop" je 14 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: otvirani oken na internetu

Napsal: 22 úno 2016 18:59
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: otvirani oken na internetu

Napsal: 22 úno 2016 20:01
od j819
to už jsem zkoušela odpoledne :)
teď to nic nenašlo, problém přetrvává
# AdwCleaner v5.036 - Logfile created 22/02/2016 at 19:58:06
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Vlastnik - PC
# Running from : C:\Users\Vlastnik\Desktop\adwcleaner_5.036(1).exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2561 bytes] - [22/02/2016 17:04:07]
C:\AdwCleaner\AdwCleaner[C2].txt - [1060 bytes] - [22/02/2016 17:11:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [2338 bytes] - [22/02/2016 17:02:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [896 bytes] - [22/02/2016 17:10:02]
C:\AdwCleaner\AdwCleaner[S3].txt - [892 bytes] - [22/02/2016 19:58:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [964 bytes] ##########

Re: otvirani oken na internetu

Napsal: 22 úno 2016 20:07
od j819
i když teď se zdá, že už to nedělá. tak snad to bude dobrý.

Re: otvirani oken na internetu

Napsal: 22 úno 2016 21:11
od Rudy
Potřebovalo by to ručně dočistit. Otevřte poznámkový blok a zkopírujte do něj:
Start
C:\Users\Vlastnik\AppData\Local\Akamai
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Vlastnik\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: G - "G:\noautorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: H - "H:\autorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {26f8baa0-3148-11e5-8284-0023541a9327} - "J:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {49faa4f7-2b1c-11e5-827d-0023541a9327} - "I:\Autorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {bd643153-24b2-11e5-826e-0023541a9327} - "H:\autorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {bd643195-24b2-11e5-826e-0023541a9327} - "G:\noautorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {d8db889b-8326-11e5-830c-0023541a9327} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {e9d86e7b-2a24-11e5-827c-0023541a9327} - "I:\SISetup.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {fbbcff9c-18df-11e5-8254-0023541a9327} - "P:\Autorun.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
"WinDivert1.1" => service could not be unlocked. <===== ATTENTION
S5 WinDivert1.1; <===== ATTENTION: Locked Service
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Vlastnik\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: otvirani oken na internetu

Napsal: 23 úno 2016 19:56
od j819
Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Vlastnik (2016-02-23 19:52:40) Run:1
Running from C:\Users\Vlastnik\Desktop
Loaded Profiles: Vlastnik (Available Profiles: Vlastnik)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
C:\Users\Vlastnik\AppData\Local\Akamai
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Vlastnik\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: G - "G:\noautorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: H - "H:\autorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {26f8baa0-3148-11e5-8284-0023541a9327} - "J:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {49faa4f7-2b1c-11e5-827d-0023541a9327} - "I:\Autorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {bd643153-24b2-11e5-826e-0023541a9327} - "H:\autorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {bd643195-24b2-11e5-826e-0023541a9327} - "G:\noautorun.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {d8db889b-8326-11e5-830c-0023541a9327} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {e9d86e7b-2a24-11e5-827c-0023541a9327} - "I:\SISetup.exe"
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\...\MountPoints2: {fbbcff9c-18df-11e5-8254-0023541a9327} - "P:\Autorun.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
"WinDivert1.1" => service could not be unlocked. <===== ATTENTION
S5 WinDivert1.1; <===== ATTENTION: Locked Service
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Vlastnik\AppData\Local\Temp
End
*****************


"C:\Users\Vlastnik\AppData\Local\Akamai" folder move:

Could not move "C:\Users\Vlastnik\AppData\Local\Akamai" => Scheduled to move on reboot.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
"HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully
"HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26f8baa0-3148-11e5-8284-0023541a9327}" => key removed successfully
HKCR\CLSID\{26f8baa0-3148-11e5-8284-0023541a9327} => key not found.
"HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49faa4f7-2b1c-11e5-827d-0023541a9327}" => key removed successfully
HKCR\CLSID\{49faa4f7-2b1c-11e5-827d-0023541a9327} => key not found.
"HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd643153-24b2-11e5-826e-0023541a9327}" => key removed successfully
HKCR\CLSID\{bd643153-24b2-11e5-826e-0023541a9327} => key not found.
"HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd643195-24b2-11e5-826e-0023541a9327}" => key removed successfully
HKCR\CLSID\{bd643195-24b2-11e5-826e-0023541a9327} => key not found.
"HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8db889b-8326-11e5-830c-0023541a9327}" => key removed successfully
HKCR\CLSID\{d8db889b-8326-11e5-830c-0023541a9327} => key not found.
"HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9d86e7b-2a24-11e5-827c-0023541a9327}" => key removed successfully
HKCR\CLSID\{e9d86e7b-2a24-11e5-827c-0023541a9327} => key not found.
"HKU\S-1-5-21-3392686917-2945606473-3598457833-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbbcff9c-18df-11e5-8254-0023541a9327}" => key removed successfully
HKCR\CLSID\{fbbcff9c-18df-11e5-8254-0023541a9327} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"WinDivert1.1" => service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
WinDivert1.1 => service not found.
xhunter1 => service removed successfully

"C:\Users\Vlastnik\AppData\Local\Temp" folder move:

Could not move "C:\Users\Vlastnik\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-23 19:55:57)

C:\Users\Vlastnik\AppData\Local\Akamai => Is moved successfully
"C:\Users\Vlastnik\AppData\Local\Temp" => Could not move

==== End of Fixlog 19:56:00 ====

Re: otvirani oken na internetu

Napsal: 23 úno 2016 21:17
od Rudy
Smazáno. Nastala nějaká změna?

Re: otvirani oken na internetu

Napsal: 24 úno 2016 20:08
od j819
okna zase vyskakují, chvíli to vypadalo, že už ne, ale po zapnutí počítače, zase začaly vyskakovat.

Re: otvirani oken na internetu

Napsal: 24 úno 2016 20:16
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: otvirani oken na internetu

Napsal: 24 úno 2016 20:33
od j819
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 24. 2. 2016
Čas skenování: 20:24
Protokol: 1.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.02.24.07
Databáze rootkitů: v2016.02.17.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Vlastnik

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 343485
Uplynulý čas: 7 min, 53 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.143.171 82.163.142.173, Dobré: (8.8.8.8), Špatné: (82.163.143.171 82.163.142.173),,[4344451fefaa94a2a626a355986c49b7]

Složky: 1
Rogue.Multiple, C:\ProgramData\85204114, , [5a2dcc9824751b1b27c48d29c0425ca4],

Soubory: 1
Rogue.Multiple, C:\ProgramData\85204114\9e61d3cf.dll, , [5a2dcc9824751b1b27c48d29c0425ca4],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Re: otvirani oken na internetu

Napsal: 24 úno 2016 21:18
od Rudy
Všechny nálezy smažte.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz