VIRY.CZ

Dobrý den,

chtěl bych poprosit o pomoc a kontrolu logu. Jedná se o FB spam s pornem, a nedokáži se toho sám zbavit. Přikládám log:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Nada (administrator) on NADA-PC (14-03-2016 12:36:19)
Running from C:\Users\Nada\Desktop
Loaded Profiles: Nada (Available Profiles: Nada)
Platform: Windows 8.1 Connected (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Nada\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-10] (AVAST Software)
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Samsung Appstore] => C:\Users\Nada\AppData\Roaming\Mozila\autoit.exe [934400 2016-03-08] (AutoIt Team)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-19] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6E5A4AC0-FDFE-437D-9F91-08ED351CA1FF}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8D836E76-BFBF-4D5B-98C8-93B1A8CA35C2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={2800D097-B4F9-48C0-B156-DCC9B6B9623A}&mid=bc2ad292f48b47cda1dc0982ccc252cf-68697508040668318d9d022bd3a6f6170aa796f1&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-06 05:07:14&v=4.2.4.155&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {39C43AF2-84D9-462F-8814-D5D9A06262C6} URL =
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2800D097-B4F9-48C0-B156-DCC9B6B9623A}&mid=bc2ad292f48b47cda1dc0982ccc252cf-68697508040668318d9d022bd3a6f6170aa796f1&lang=cs&ds=AVG&coid=avgtbavg&cmpid=1215tb&pr=fr&d=2015-05-06 05:07:14&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-19] (AVAST Software)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-19] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-22]

Chrome:
=======
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Profile 1 -> "hxxps://www.google.cz/"
CHR DefaultSearchURL: Profile 1 -> hxxps://www.google.cz/images/branding/product/i ... g_lodp.ico
CHR DefaultSearchKeyword: Profile 1 -> https://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Dokumenty Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Disk Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Heartbleed Search) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicaihgfofmggmmbdoaccgaelpfmdiph [2015-08-30]
CHR Extension: (YouTube) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (AVG Secure Search) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-01-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Avast SafePrice) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-29]
CHR Extension: (Tabulky Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (ipRE999e) - C:\Users\Nada\AppData\Roaming\Mozila [2016-03-08]
CHR Profile: C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Dokumenty Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-12]
CHR Extension: (Disk Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-12]
CHR Extension: (YouTube) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-12]
CHR Extension: (Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbkpdmnjjnoecjoplgjofdbekmmkldhb [2016-03-12]
CHR Extension: (Vyhledávání Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-12]
CHR Extension: (Tabulky Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-12]
CHR Extension: (Skype) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-12]
CHR Extension: (www.seznam.cz) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\llbjemicmpmdlpnoehnmoaoajimdchnm [2016-03-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-12]
CHR Extension: (Gmail) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-12]
CHR Extension: (ipRE999e) - C:\Users\Nada\AppData\Roaming\Mozila [2016-03-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-19] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-04-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-19] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-10] ()
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 12:36 - 2016-03-14 12:36 - 00018666 _____ C:\Users\Nada\Desktop\FRST.txt
2016-03-14 12:35 - 2016-03-14 12:36 - 00000000 ____D C:\FRST
2016-03-14 12:32 - 2016-03-14 12:00 - 00112640 ____N (forum.viry.cz) C:\Users\Nada\Desktop\FRSTLauncher.exe
2016-03-14 12:08 - 2016-03-14 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Nada\Desktop\trz2A3D.tmp
2016-03-14 12:02 - 2016-03-14 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Nada\Desktop\trzB28.tmp
2016-03-14 11:55 - 2016-03-14 11:55 - 02374144 _____ (Farbar) C:\Users\Nada\Desktop\FRST64.exe
2016-03-12 22:37 - 2016-03-12 22:38 - 00000000 ____D C:\Users\Nada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2016-03-10 09:34 - 2016-03-10 09:34 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-03-10 09:24 - 2016-03-10 09:24 - 00000000 _____ C:\autoexec.bat
2016-03-08 20:40 - 2016-02-20 16:45 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-08 20:40 - 2016-02-08 21:05 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-03-08 20:40 - 2016-02-05 20:06 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-08 20:40 - 2016-01-06 19:25 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-03-08 20:40 - 2015-12-30 22:53 - 02017624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-03-08 20:39 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-03-08 20:39 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-03-08 20:39 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-03-08 20:39 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2016-03-08 20:39 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-03-08 20:39 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-03-08 20:39 - 2016-02-08 21:07 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-03-08 20:39 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-03-08 20:39 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-03-08 20:39 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-03-08 20:39 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-03-08 20:39 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-03-08 20:39 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-03-08 20:39 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-03-08 20:39 - 2016-02-08 19:27 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-03-08 20:39 - 2016-02-08 19:26 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-03-08 20:39 - 2016-02-08 19:16 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-03-08 20:39 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2016-03-08 20:39 - 2016-02-08 19:13 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-03-08 20:39 - 2016-02-08 18:51 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-03-08 20:39 - 2016-02-08 18:42 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-03-08 20:39 - 2016-02-08 18:37 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-03-08 20:39 - 2016-02-08 18:34 - 00798720 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-03-08 20:39 - 2016-02-08 18:33 - 14613504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-03-08 20:39 - 2016-02-08 18:33 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-03-08 20:39 - 2016-02-08 18:19 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-03-08 20:39 - 2016-02-08 18:15 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2016-03-08 20:39 - 2016-02-08 18:07 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-03-08 20:39 - 2016-02-08 17:55 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-03-08 20:38 - 2016-01-24 19:19 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-03-08 20:38 - 2016-01-24 19:19 - 00378712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-03-08 20:38 - 2016-01-24 19:19 - 00331608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2016-03-08 20:38 - 2016-01-24 12:57 - 01335296 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2016-03-08 20:38 - 2016-01-24 12:45 - 01063424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2016-03-08 20:38 - 2016-01-09 02:38 - 00091992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-03-08 20:37 - 2016-02-11 15:21 - 00869576 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:21 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:20 - 00875720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:20 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-03-08 20:37 - 2016-02-05 15:59 - 07784960 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2016-03-08 20:37 - 2016-02-05 15:55 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 20:37 - 2016-02-05 15:48 - 07075840 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2016-03-08 20:37 - 2016-02-05 15:47 - 05268480 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2016-03-08 20:37 - 2016-01-09 02:49 - 00218448 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2016-03-08 20:37 - 2016-01-09 02:49 - 00192120 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2016-03-08 20:36 - 2016-02-06 17:58 - 00987648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-03-08 20:36 - 2016-02-06 17:32 - 00801792 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-03-08 20:36 - 2016-01-07 00:46 - 00148752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2016-03-08 20:36 - 2016-01-07 00:45 - 00177712 _____ (Microsoft Corporation) C:\windows\system32\wscapi.dll
2016-03-08 20:36 - 2016-01-06 17:47 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2016-03-08 20:35 - 2016-02-12 20:14 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-03-08 20:35 - 2016-02-12 16:14 - 03708416 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-03-08 20:35 - 2016-02-12 15:55 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-03-08 20:35 - 2016-02-12 15:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-03-08 20:35 - 2016-02-12 15:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-03-08 20:35 - 2016-02-12 15:51 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-03-08 20:35 - 2016-02-12 15:48 - 02244096 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-03-08 20:35 - 2016-02-12 15:47 - 00897024 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-03-08 20:35 - 2016-02-12 15:46 - 00726528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-03-08 20:35 - 2016-02-03 21:37 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-03-08 20:35 - 2016-02-03 21:36 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-03-08 20:35 - 2016-02-03 16:09 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-03-08 20:35 - 2016-02-03 16:00 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-03-08 20:35 - 2016-02-03 16:00 - 00077824 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-03-08 20:34 - 2016-01-10 17:41 - 01707008 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-03-08 20:34 - 2016-01-10 17:31 - 01344512 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-03-08 20:34 - 2015-11-19 15:33 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-03-08 20:34 - 2015-11-19 15:26 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-03-08 20:33 - 2016-02-06 19:08 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-03-08 20:33 - 2015-12-30 21:49 - 00470360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-03-08 20:32 - 2016-02-05 20:07 - 00292696 _____ (Microsoft Corporation) C:\windows\system32\WMASF.DLL
2016-03-08 20:32 - 2016-02-05 20:07 - 00243032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMASF.DLL
2016-03-08 20:32 - 2016-02-05 16:03 - 15432704 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-03-08 20:32 - 2016-02-05 16:00 - 13318144 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-03-08 20:32 - 2016-01-31 20:16 - 00148832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-03-08 20:31 - 2016-02-04 19:18 - 04174336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-03-08 20:31 - 2016-02-04 19:18 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-03-08 20:31 - 2016-02-04 19:12 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-03-08 20:31 - 2016-02-04 18:44 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-03-08 20:31 - 2016-02-04 18:39 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-03-08 20:30 - 2015-12-20 15:57 - 00839168 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2016-03-08 20:30 - 2015-12-20 15:56 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\msra.exe
2016-03-08 20:30 - 2015-12-20 15:43 - 00696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2016-03-08 20:29 - 2016-02-04 18:24 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-03-08 20:29 - 2016-02-04 18:02 - 00483328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-03-08 20:29 - 2016-01-15 17:56 - 02487296 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2016-03-08 20:29 - 2016-01-15 17:45 - 01482240 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2016-03-08 20:29 - 2016-01-05 16:00 - 00570880 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-03-08 11:38 - 2016-03-08 11:38 - 00000000 ____D C:\Users\Nada\AppData\Roaming\Mozila
2016-02-22 17:37 - 2015-07-19 10:24 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-02-14 16:11 - 2016-02-14 16:11 - 00004608 ___SH C:\Users\Nada\Desktop\Thumbs.db

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 12:35 - 2015-02-02 16:46 - 00000976 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-14 12:27 - 2015-02-02 17:10 - 00000000 ____D C:\Users\Nada\AppData\Roaming\Skype
2016-03-14 12:22 - 2015-01-31 03:57 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-311984320-3021778478-3963052507-1002
2016-03-14 12:14 - 2014-11-27 02:09 - 01714228 _____ C:\windows\SysWOW64\rootpa.e2e
2016-03-14 12:13 - 2015-02-02 16:46 - 00000972 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 12:11 - 2015-01-31 03:51 - 00000000 ____D C:\Users\Nada
2016-03-14 12:11 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-14 11:58 - 2015-01-31 03:58 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CE3410BC-F0FD-4B1D-AE2B-AD1BCAA0187B}
2016-03-14 11:56 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2016-03-14 11:53 - 2014-11-27 02:56 - 00738666 _____ C:\windows\system32\perfh005.dat
2016-03-14 11:53 - 2014-11-27 02:56 - 00151408 _____ C:\windows\system32\perfc005.dat
2016-03-14 11:53 - 2014-03-18 10:53 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-14 11:53 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-03-13 07:38 - 2015-02-02 16:46 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-13 07:38 - 2015-02-02 16:46 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-12 22:21 - 2015-06-03 20:02 - 00000000 ____D C:\Users\Nada\AppData\Local\CrashDumps
2016-03-12 22:18 - 2015-07-19 10:25 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-03-12 20:14 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2016-03-11 06:43 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-03-11 06:36 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-03-10 10:43 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-03-10 07:24 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 05:18 - 2013-08-22 15:44 - 00346656 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-08 21:49 - 2015-04-16 11:20 - 00000000 ____D C:\windows\system32\appraiser
2016-03-08 21:20 - 2015-02-03 08:51 - 00000000 ____D C:\windows\system32\MRT
2016-03-08 21:13 - 2015-02-03 08:51 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-08 08:00 - 2015-02-04 05:34 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:00 - 2015-02-04 05:34 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-01 05:26 - 2015-02-02 17:09 - 00000000 ____D C:\ProgramData\Skype
2016-02-26 05:56 - 2015-04-04 07:29 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-26 05:56 - 2015-04-04 07:29 - 00000000 ___SD C:\windows\system32\GWX
2016-02-22 17:37 - 2015-07-19 10:25 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-22 17:34 - 2015-12-04 10:56 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-02-22 17:29 - 2013-08-22 16:36 - 00000000 ____D C:\windows\registration

==================== Files in the root of some directories =======

2015-02-02 16:44 - 2015-03-04 05:10 - 0000028 _____ () C:\Users\Nada\AppData\Roaming\msfsxau.dat
2015-02-02 16:44 - 2015-02-02 16:44 - 0008989 _____ () C:\Users\Nada\AppData\Roaming\mstlnagk.dat
2014-11-27 02:07 - 2014-11-27 02:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Nada\AppData\Local\Temp\COMAP.EXE
C:\Users\Nada\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\Nada\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Nada\AppData\Local\Temp\oct1568.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct1B0D.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct2688.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct2D49.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct408D.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct5444.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct7774.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct77F6.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct787E.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct88DE.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct94F9.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octAA50.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBA69.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBA8B.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBBB9.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBCD1.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octDFC2.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octE0D8.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octE484.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octF38E.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octFEC5.tmp.exe
C:\Users\Nada\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nada\AppData\Local\Temp\{FB3D6387-11F3-4AC6-B1BB-3011E8FD1786}-47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Nada\Desktop" je 5324 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Děkuji. Přikládám LOG:


# AdwCleaner v5.102 - Logfile created 14/03/2016 at 19:27:40
# Updated 13/03/2016 by Xplode
# Database : 2016-03-13.2 [Local]
# Operating system : Windows 8.1 Connected (x64)
# Username : Nada - NADA-PC
# Running from : C:\Users\Nada\Desktop\adwcleaner_5.102.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Amazon\ABB
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Folder Deleted : C:\Users\Nada\AppData\Roaming\Mozila

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Samsung Appstore]
[#] Value Deleted : HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Windows\CurrentVersion\Run [Samsung Appstore]
[-] Value Deleted : HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Samsung Appstore]
[-] Key Deleted : HKCU\Software\Classes\pokki

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2967 bytes] - [14/03/2016 19:27:40]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [3783 bytes] - [14/03/2016 19:25:33]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [3153 bytes] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Nada (administrator) on NADA-PC (14-03-2016 20:40:35)
Running from C:\Users\Nada\Desktop
Loaded Profiles: Nada (Available Profiles: Nada)
Platform: Windows 8.1 Connected (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(forum.viry.cz) C:\Users\Nada\AppData\Local\Microsoft\Windows\INetCache\IE\3000IKCD\FRSTLauncher[1].exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-14] (AVAST Software)
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-14] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6E5A4AC0-FDFE-437D-9F91-08ED351CA1FF}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8D836E76-BFBF-4D5B-98C8-93B1A8CA35C2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {39C43AF2-84D9-462F-8814-D5D9A06262C6} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-14] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-14] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Profile 1 -> "hxxps://www.google.cz/"
CHR DefaultSearchURL: Profile 1 -> hxxps://www.google.cz/images/branding/product/i ... g_lodp.ico
CHR DefaultSearchKeyword: Profile 1 -> https://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Dokumenty Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Disk Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Heartbleed Search) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\bicaihgfofmggmmbdoaccgaelpfmdiph [2015-08-30]
CHR Extension: (YouTube) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Avast SafePrice) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-29]
CHR Extension: (Tabulky Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Dokumenty Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-12]
CHR Extension: (Disk Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-12]
CHR Extension: (YouTube) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-12]
CHR Extension: (Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbkpdmnjjnoecjoplgjofdbekmmkldhb [2016-03-12]
CHR Extension: (Vyhledávání Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-12]
CHR Extension: (Tabulky Google) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-12]
CHR Extension: (Skype) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-12]
CHR Extension: (www.seznam.cz) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\llbjemicmpmdlpnoehnmoaoajimdchnm [2016-03-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-12]
CHR Extension: (Gmail) - C:\Users\Nada\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-12]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-14] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-23] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-04-16] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-04-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2014-04-16] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-04-16] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-14] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-10] ()
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 20:40 - 2016-03-14 20:41 - 00000000 _____ C:\Users\Nada\Desktop\FRSTLauncher.exe
2016-03-14 19:44 - 2016-03-14 19:44 - 00003046 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1457981086
2016-03-14 19:44 - 2016-03-14 19:44 - 00001064 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-14 19:44 - 2016-03-14 19:44 - 00001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-14 19:38 - 2016-03-14 19:37 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-03-14 19:37 - 2016-03-14 19:37 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-03-14 19:37 - 2016-03-14 19:37 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-03-14 19:36 - 2016-03-14 19:36 - 00880208 _____ (Google Inc.) C:\Users\Nada\Desktop\ChromeSetup (1).exe
2016-03-14 19:34 - 2016-03-14 20:41 - 00000050 _____ C:\Users\Nada\Desktop\AdwCleaner[C2].txt
2016-03-14 19:30 - 2016-03-14 19:30 - 00003268 _____ C:\Users\Nada\Desktop\AdwCleaner[C1].txt
2016-03-14 19:25 - 2016-03-14 19:32 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-14 12:42 - 2016-03-14 12:42 - 22908888 _____ (Malwarebytes ) C:\Users\Nada\Desktop\mbam-setup-2.2.0.1024.exe
2016-03-14 12:41 - 2016-03-14 12:41 - 00522240 _____ (OldTimer Tools) C:\Users\Nada\Desktop\OTM.exe
2016-03-14 12:40 - 2016-03-14 12:40 - 01527296 _____ C:\Users\Nada\Desktop\adwcleaner_5.102.exe
2016-03-14 12:36 - 2016-03-14 20:40 - 00017363 _____ C:\Users\Nada\Desktop\FRST.txt
2016-03-14 12:35 - 2016-03-14 12:36 - 00000000 ____D C:\FRST
2016-03-14 12:08 - 2016-03-14 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Nada\Desktop\trz2A3D.tmp
2016-03-14 12:02 - 2016-03-14 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Nada\Desktop\trzB28.tmp
2016-03-14 11:55 - 2016-03-14 11:55 - 02374144 _____ (Farbar) C:\Users\Nada\Desktop\FRST64.exe
2016-03-12 22:37 - 2016-03-12 22:38 - 00000000 ____D C:\Users\Nada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2016-03-10 09:34 - 2016-03-10 09:34 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-03-10 09:24 - 2016-03-10 09:24 - 00000000 _____ C:\autoexec.bat
2016-03-08 20:40 - 2016-02-20 16:45 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-08 20:40 - 2016-02-20 16:45 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-08 20:40 - 2016-02-08 21:05 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-03-08 20:40 - 2016-02-05 20:06 - 00046768 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-08 20:40 - 2016-01-06 19:25 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-03-08 20:40 - 2015-12-30 22:53 - 02017624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-03-08 20:39 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-03-08 20:39 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-03-08 20:39 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-03-08 20:39 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\windows\SysWOW64\hlink.dll
2016-03-08 20:39 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-03-08 20:39 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-03-08 20:39 - 2016-02-08 21:07 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-03-08 20:39 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-03-08 20:39 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-03-08 20:39 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-03-08 20:39 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-03-08 20:39 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-03-08 20:39 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-03-08 20:39 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-03-08 20:39 - 2016-02-08 19:27 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-03-08 20:39 - 2016-02-08 19:26 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-03-08 20:39 - 2016-02-08 19:16 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-03-08 20:39 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2016-03-08 20:39 - 2016-02-08 19:13 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-03-08 20:39 - 2016-02-08 18:51 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-03-08 20:39 - 2016-02-08 18:42 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-03-08 20:39 - 2016-02-08 18:37 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-03-08 20:39 - 2016-02-08 18:34 - 00798720 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-03-08 20:39 - 2016-02-08 18:33 - 14613504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-03-08 20:39 - 2016-02-08 18:33 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-03-08 20:39 - 2016-02-08 18:19 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-03-08 20:39 - 2016-02-08 18:15 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2016-03-08 20:39 - 2016-02-08 18:07 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-03-08 20:39 - 2016-02-08 17:55 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-03-08 20:38 - 2016-01-24 19:19 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2016-03-08 20:38 - 2016-01-24 19:19 - 00378712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2016-03-08 20:38 - 2016-01-24 19:19 - 00331608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2016-03-08 20:38 - 2016-01-24 12:57 - 01335296 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2016-03-08 20:38 - 2016-01-24 12:45 - 01063424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2016-03-08 20:38 - 2016-01-09 02:38 - 00091992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-03-08 20:37 - 2016-02-11 15:21 - 00869576 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:21 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:20 - 00875720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2016-03-08 20:37 - 2016-02-11 15:20 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2016-03-08 20:37 - 2016-02-05 15:59 - 07784960 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2016-03-08 20:37 - 2016-02-05 15:55 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 20:37 - 2016-02-05 15:48 - 07075840 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2016-03-08 20:37 - 2016-02-05 15:47 - 05268480 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2016-03-08 20:37 - 2016-01-09 02:49 - 00218448 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2016-03-08 20:37 - 2016-01-09 02:49 - 00192120 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2016-03-08 20:36 - 2016-02-06 17:58 - 00987648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-03-08 20:36 - 2016-02-06 17:32 - 00801792 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-03-08 20:36 - 2016-01-07 00:46 - 00148752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2016-03-08 20:36 - 2016-01-07 00:45 - 00177712 _____ (Microsoft Corporation) C:\windows\system32\wscapi.dll
2016-03-08 20:36 - 2016-01-06 17:47 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2016-03-08 20:35 - 2016-02-12 20:14 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-03-08 20:35 - 2016-02-12 16:14 - 03708416 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-03-08 20:35 - 2016-02-12 15:55 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-03-08 20:35 - 2016-02-12 15:54 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-03-08 20:35 - 2016-02-12 15:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-03-08 20:35 - 2016-02-12 15:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-03-08 20:35 - 2016-02-12 15:51 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-03-08 20:35 - 2016-02-12 15:48 - 02244096 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-03-08 20:35 - 2016-02-12 15:47 - 00897024 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-03-08 20:35 - 2016-02-12 15:46 - 00726528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-03-08 20:35 - 2016-02-03 21:37 - 01661576 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-03-08 20:35 - 2016-02-03 21:36 - 01212248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-03-08 20:35 - 2016-02-03 16:09 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-03-08 20:35 - 2016-02-03 16:00 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-03-08 20:35 - 2016-02-03 16:00 - 00077824 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-03-08 20:34 - 2016-01-10 17:41 - 01707008 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-03-08 20:34 - 2016-01-10 17:31 - 01344512 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-03-08 20:34 - 2015-11-19 15:33 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-03-08 20:34 - 2015-11-19 15:26 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-03-08 20:33 - 2016-02-06 19:08 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-03-08 20:33 - 2015-12-30 21:49 - 00470360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-03-08 20:32 - 2016-02-05 20:07 - 00292696 _____ (Microsoft Corporation) C:\windows\system32\WMASF.DLL
2016-03-08 20:32 - 2016-02-05 20:07 - 00243032 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMASF.DLL
2016-03-08 20:32 - 2016-02-05 16:03 - 15432704 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-03-08 20:32 - 2016-02-05 16:00 - 13318144 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-03-08 20:32 - 2016-01-31 20:16 - 00148832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-03-08 20:31 - 2016-02-04 19:18 - 04174336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-03-08 20:31 - 2016-02-04 19:18 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-03-08 20:31 - 2016-02-04 19:12 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-03-08 20:31 - 2016-02-04 18:44 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-03-08 20:31 - 2016-02-04 18:39 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-03-08 20:30 - 2015-12-20 15:57 - 00839168 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2016-03-08 20:30 - 2015-12-20 15:56 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\msra.exe
2016-03-08 20:30 - 2015-12-20 15:43 - 00696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2016-03-08 20:29 - 2016-02-04 18:24 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-03-08 20:29 - 2016-02-04 18:02 - 00483328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-03-08 20:29 - 2016-01-15 17:56 - 02487296 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2016-03-08 20:29 - 2016-01-15 17:45 - 01482240 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2016-03-08 20:29 - 2016-01-05 16:00 - 00570880 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-02-14 16:11 - 2016-02-14 16:11 - 00004608 ___SH C:\Users\Nada\Desktop\Thumbs.db

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-14 20:35 - 2015-02-02 16:46 - 00000976 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-14 20:22 - 2015-01-31 03:57 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-311984320-3021778478-3963052507-1002
2016-03-14 19:45 - 2015-02-02 17:10 - 00000000 ____D C:\Users\Nada\AppData\Roaming\Skype
2016-03-14 19:45 - 2014-11-27 02:09 - 01810956 _____ C:\windows\SysWOW64\rootpa.e2e
2016-03-14 19:44 - 2015-02-02 16:46 - 00000972 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 19:44 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-14 19:38 - 2015-07-19 10:25 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-03-14 19:38 - 2015-07-19 10:25 - 00463744 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-03-14 19:38 - 2015-07-19 10:25 - 00287016 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-03-14 19:38 - 2015-07-19 10:25 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2016-03-14 19:38 - 2015-07-19 10:25 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-03-14 19:38 - 2015-02-02 16:46 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 19:38 - 2015-02-02 16:46 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-14 19:38 - 2015-01-31 03:58 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CE3410BC-F0FD-4B1D-AE2B-AD1BCAA0187B}
2016-03-14 19:38 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2016-03-14 19:37 - 2015-07-19 10:25 - 00165344 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-03-14 19:37 - 2015-07-19 10:25 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-03-14 19:37 - 2015-07-19 10:25 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-03-14 19:37 - 2015-07-19 10:25 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-03-14 19:37 - 2015-07-19 10:22 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-14 19:37 - 2015-07-19 10:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-14 19:28 - 2015-01-31 03:51 - 00000000 ____D C:\Users\Nada
2016-03-14 19:27 - 2014-11-27 02:20 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-03-14 11:56 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\NDF
2016-03-14 11:53 - 2014-11-27 02:56 - 00738666 _____ C:\windows\system32\perfh005.dat
2016-03-14 11:53 - 2014-11-27 02:56 - 00151408 _____ C:\windows\system32\perfc005.dat
2016-03-14 11:53 - 2014-03-18 10:53 - 01745984 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-12 22:21 - 2015-06-03 20:02 - 00000000 ____D C:\Users\Nada\AppData\Local\CrashDumps
2016-03-12 20:14 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2016-03-11 06:43 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2016-03-11 06:36 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2016-03-10 10:43 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-03-10 07:24 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 05:18 - 2013-08-22 15:44 - 00346656 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-08 21:49 - 2015-04-16 11:20 - 00000000 ____D C:\windows\system32\appraiser
2016-03-08 21:20 - 2015-02-03 08:51 - 00000000 ____D C:\windows\system32\MRT
2016-03-08 21:13 - 2015-02-03 08:51 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-08 08:00 - 2015-02-04 05:34 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:00 - 2015-02-04 05:34 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-01 05:26 - 2015-02-02 17:09 - 00000000 ____D C:\ProgramData\Skype
2016-02-26 05:56 - 2015-04-04 07:29 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-26 05:56 - 2015-04-04 07:29 - 00000000 ___SD C:\windows\system32\GWX
2016-02-22 17:37 - 2015-07-19 10:25 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-22 17:34 - 2015-12-04 10:56 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-02-22 17:29 - 2013-08-22 16:36 - 00000000 ____D C:\windows\registration

==================== Files in the root of some directories =======

2015-02-02 16:44 - 2015-03-04 05:10 - 0000028 _____ () C:\Users\Nada\AppData\Roaming\msfsxau.dat
2015-02-02 16:44 - 2015-02-02 16:44 - 0008989 _____ () C:\Users\Nada\AppData\Roaming\mstlnagk.dat
2014-11-27 02:07 - 2014-11-27 02:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Nada\AppData\Local\Temp\COMAP.EXE
C:\Users\Nada\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\Nada\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Nada\AppData\Local\Temp\oct1568.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct1B0D.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct2688.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct2D49.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct408D.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct5444.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct7774.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct77F6.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct787E.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct88DE.tmp.exe
C:\Users\Nada\AppData\Local\Temp\oct94F9.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octAA50.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBA69.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBA8B.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBBB9.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octBCD1.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octDFC2.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octE0D8.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octE484.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octF38E.tmp.exe
C:\Users\Nada\AppData\Local\Temp\octFEC5.tmp.exe
C:\Users\Nada\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nada\AppData\Local\Temp\sqlite3.dll
C:\Users\Nada\AppData\Local\Temp\{FB3D6387-11F3-4AC6-B1BB-3011E8FD1786}-47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Nada\Desktop" je 5349 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {39C43AF2-84D9-462F-8814-D5D9A06262C6} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR DefaultSearchKeyword: Profile 1 -> https://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Users\Nada\AppData\Local\Temp
AlternateDataStreams: C:\Windows:nlsPreferences [386]
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\Nada\Desktop" je 5349 MB.

To je příliš mnoho a může to způsobovat zpomalení startu. Udělejte v C:\Users\Nada novou složku, do ni přesuňte všechna data z plochy (kromě zástupců) a na plochu si dejte pro snazší přístup zástupce té složky.

Ty data na ploště jsou dočasné fotografie.. Jen jsem došel k poznatku,jelikož mám teď PC k netu připojené přes USB Tethering, tak mi najednou vyskočili viry na FB i v mobilu, aniž bych cokoliv dělal.


LOG z fixit


Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Nada (2016-03-14 21:00:30) Run:1
Running from C:\Users\Nada\Desktop
Loaded Profiles: Nada (Available Profiles: Nada)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-311984320-3021778478-3963052507-1002 -> {39C43AF2-84D9-462F-8814-D5D9A06262C6} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
CHR HomePage: Profile 1 -> mysearch.avg.com/?rvt=1
CHR DefaultSearchKeyword: Profile 1 -> https://mysearch.avg.com
CHR DefaultSuggestURL: Profile 1 -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\DP45977C.lfl
C:\Users\Nada\AppData\Local\Temp
AlternateDataStreams: C:\Windows:nlsPreferences [386]
End

*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-311984320-3021778478-3963052507-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-311984320-3021778478-3963052507-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-311984320-3021778478-3963052507-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39C43AF2-84D9-462F-8814-D5D9A06262C6}" => key removed successfully
HKCR\CLSID\{39C43AF2-84D9-462F-8814-D5D9A06262C6} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
Chrome HomePage => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
c2cautoupdatesvc => Unable to stop service.
c2cautoupdatesvc => service removed successfully
c2cpnrsvc => Unable to stop service.
c2cpnrsvc => service removed successfully
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Nada\AppData\Local\Temp" folder move:

Could not move "C:\Users\Nada\AppData\Local\Temp" => Scheduled to move on reboot.

C:\Windows => ":nlsPreferences" ADS removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-14 21:03:17)

C:\Users\Nada\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:03:17 ====

Nevadí, co je to za data, je jich ale moc. Plocha je otevřený adresář, který se při startu kompletně načítá. Čím více je tam dat, tím déle to trvá. Jinak smazáno. Nastala nějaká změna?

Zřejmě mi to nějakým způsobem zavirovává síť, jelikož i dalšímu členovi rodiny, začali na androidu vyskakovat chyby FB

Účet na FB přeheslujte a udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 14. 3. 2016
Čas skenování: 21:17
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.03.14.06
Databáze rootkitů: v2016.03.12.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Nada

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 345464
Uplynulý čas: 11 min, 37 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 3
PUP.Optional.HistoryTool, C:\Users\Nada\AppData\Roaming\wld\iehv.exe, , [802e30572c6d1e18500c136f5fa2c53b],
PUP.Optional.Seznam, C:\$Recycle.Bin\S-1-5-21-311984320-3021778478-3963052507-1002\$R3AG336.exe, , [1d9165224b4e9c9ac766139e7d83847c],
Trojan.Agent.Trace, C:\Windows\Inf\ntvdm.inf, , [7c32cbbc9dfc191d34425bef8a7a5ea2],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Všechny nálezy smažte.

Smazano, spustil jsem jeste jednou test a zatim nic nenasel.

Takže vše OK?

Projel jsem jeste jednou kompletni test mbam a nic nenaslo.. Zatim se vse tvari, ze je v poradku. Mockrat dekuji za Vaši pomoc.