VIRY.CZ

Dobrý den, facebook začal z mého profilu rozesílat spam (porno) do skupin. Prosím o zkontrolování a předem děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by user (administrator) on USER-PC (13-04-2016 18:22:18)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Realtek) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe
(Realtek) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtWLan.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [Cm108Sound] => "C:\WINDOWS\syswow64\RunDll32.exe" C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd)
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-05] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{715d44d6-c999-41eb-b9be-df28e9eadef0}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{ef8ecec9-cbc0-4c16-b28f-8d22b84c476f}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1eyohW3yv0n
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-08] (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-08] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-08] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-03] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-03] (Pando Networks)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-27] ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml [2011-12-21]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (TrackMania Online) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbfcgenalmboiphnkbaebjofimjdecp [2013-10-29]
CHR Extension: (Webcam Toy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 Realtek8709; C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
R2 RtlService; C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [245016 2015-12-15] (SlimWare Utilities, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [307456 2012-02-24] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R1 EIO64; C:\Windows\System32\drivers\EIO64.sys [16384 2012-01-02] (ASUSTeK Computer Inc.)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-22] (Glarysoft Ltd)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 RtlWlanu; C:\Windows\System32\drivers\wna3100m.sys [1576080 2012-10-04] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-09-15 19:37 - 2120-09-15 19:37 - 00143872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iacenc.dll
2099-09-15 19:37 - 2120-09-15 19:37 - 00056832 _____ C:\WINDOWS\SysWOW64\iyvu9_32.dll
2016-04-13 18:22 - 2016-04-13 18:23 - 00015261 _____ C:\Users\user\Desktop\FRST.txt
2016-04-13 18:21 - 2016-04-13 18:22 - 00000000 ____D C:\FRST
2016-04-13 18:20 - 2016-04-13 18:21 - 00112640 _____ (forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
2016-04-13 18:18 - 2016-04-13 18:18 - 02375168 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-04-13 18:05 - 2016-04-13 18:05 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe
2016-04-10 19:36 - 2016-04-10 19:36 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-10 16:54 - 2016-04-10 16:54 - 00031123 _____ C:\Users\user\Downloads\The Big Bang Theory - 01x01 - Pilot.WEB-DL.PhoenixRG.English.C.updated.Addic7ed.com.srt
2016-04-10 16:53 - 2016-04-10 16:53 - 00014425 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s01e01.hdtv.xvid.xor.torrent
2016-04-10 14:42 - 2016-04-10 15:04 - 364326912 _____ C:\Users\user\Downloads\Simpsonovi-S05E04-Medvídek.XviD.AC3.CZ.avi.crdownload
2016-04-10 12:48 - 2016-04-10 12:51 - 00253434 _____ C:\TDSSKiller.3.0.0.16_10.04.2016_12.48.19_log.txt
2016-04-10 12:48 - 2016-04-10 12:49 - 02156640 _____ C:\Users\user\Downloads\tdsskiller.zip.uq2yx17.partial
2016-04-10 12:41 - 2016-04-10 12:41 - 00004835 _____ C:\Users\user\Downloads\[kat.cr]kaspersky.tdsskiller.2.7.5.0.torrent
2016-04-10 12:37 - 2016-04-10 12:37 - 00007978 _____ C:\Users\user\Downloads\[kat.cr]malwarebytes.anti.malware.premium.2.2.0.1024.final.multilingual.incl.keygen.team.os.torrent
2016-04-08 19:44 - 2016-04-08 20:42 - 1044101894 _____ C:\Users\user\Downloads\Legendy.z.Dogtownu.2005.DVDRip.XviD.CZ-XtrM.avi.crdownload
2016-04-08 19:16 - 2016-04-08 19:17 - 00000000 ____D C:\Users\user\Desktop\The.Big.Bang.Theory.S09E20.HDTV.x264-LOL[rarbg]
2016-04-08 19:16 - 2016-04-08 19:16 - 00029683 _____ C:\Users\user\Downloads\The Big Bang Theory - 09x20 - The Big Bear Precipitation.DIMENSION.English.HI.C.orig.Addic7ed.com.srt
2016-04-08 19:16 - 2016-04-08 19:16 - 00009766 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s09e20.hdtv.x264.lol.rartv (1).torrent
2016-04-08 19:15 - 2016-04-08 19:15 - 00009766 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s09e20.hdtv.x264.lol.rartv.torrent
2016-04-01 14:43 - 2016-04-01 14:43 - 00000000 ____D C:\Users\user\Desktop\The.Big.Bang.Theory.S09E19.HDTV.x264-LOL[ettv]
2016-03-26 14:28 - 2016-04-09 20:39 - 00000000 ____D C:\Users\user\Desktop\WoW Cata
2016-03-26 00:13 - 2016-03-26 14:21 - 2451867803 ____N C:\Users\user\Desktop\WoW_Cata.zip
2016-03-26 00:12 - 2016-03-26 00:12 - 00146563 _____ C:\Users\user\Downloads\WoW_Cata.torrent
2016-03-26 00:09 - 2016-03-26 00:09 - 04747214 _____ C:\Users\user\Downloads\wow.exe.zip
2016-03-22 14:39 - 2016-03-22 14:39 - 00567255 _____ C:\Users\user\Downloads\Beduíni.pptx
2016-03-21 18:13 - 2016-03-21 18:20 - 00002960 ____N C:\Users\user\Desktop\x360ce.ini
2016-03-21 18:13 - 2016-03-21 18:13 - 00171176 ____N (hxxp://x360ce.googlecode.com) C:\Users\user\Desktop\xinput1_3.dll
2016-03-20 20:20 - 2016-03-21 18:01 - 00002964 _____ C:\Users\user\Documents\x360ce.ini
2016-03-20 20:20 - 2016-03-20 20:20 - 00171176 _____ (hxxp://x360ce.googlecode.com) C:\Users\user\Documents\xinput1_3.dll
2016-03-20 20:19 - 2016-03-20 20:19 - 01346760 ____N (TocaEdit) C:\Users\user\Desktop\Hacked Gamepad BY SARATH GAMER.exe
2016-03-20 20:17 - 2016-03-20 20:18 - 00517542 _____ C:\Users\user\Downloads\Hacked Gamepad BY Sarath@Gamer.rar
2016-03-15 15:45 - 2016-03-15 15:45 - 00000000 ____D C:\Users\user\AppData\Roaming\.mono
2016-03-15 15:45 - 2016-03-15 15:45 - 00000000 ____D C:\ProgramData\.mono

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-13 18:20 - 2010-01-29 12:24 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 16:18 - 2015-06-16 19:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 15:20 - 2010-01-29 12:24 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 14:27 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 14:27 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 14:27 - 2015-10-16 07:01 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-04-11 17:49 - 2013-11-11 20:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-10 21:36 - 2014-10-03 17:47 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2016-04-10 19:36 - 2015-06-16 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-10 19:36 - 2015-06-16 19:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-10 17:30 - 2013-10-05 14:52 - 00000000 ____D C:\Users\user\Desktop\PROGRAMY
2016-04-10 17:19 - 2016-02-07 17:33 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2016-04-10 17:08 - 2014-07-07 17:59 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-04-10 17:00 - 2015-10-25 14:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2016-04-10 16:52 - 2013-10-05 18:01 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-04-10 15:15 - 2014-10-03 17:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-10 14:13 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-10 13:54 - 2016-01-11 22:18 - 02048234 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-10 13:54 - 2015-10-30 20:31 - 00846796 _____ C:\WINDOWS\system32\perfh005.dat
2016-04-10 13:54 - 2015-10-30 20:31 - 00193746 _____ C:\WINDOWS\system32\perfc005.dat
2016-04-10 13:49 - 2016-01-11 22:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-10 13:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\TAPI
2016-04-10 13:48 - 2015-10-30 08:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-10 13:46 - 2011-12-25 01:37 - 00000000 ____D C:\Program Files (x86)\Conduit
2016-04-10 13:46 - 2011-07-01 18:06 - 00000000 ____D C:\ProgramData\ICQ
2016-04-08 17:05 - 2015-05-30 12:31 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2016-04-08 17:04 - 2014-12-22 22:00 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-04-07 18:11 - 2014-10-05 20:12 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-04-07 18:11 - 2013-10-02 16:15 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard Entertainment
2016-04-07 17:58 - 2015-12-25 19:38 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-04-04 21:29 - 2013-10-12 18:49 - 00000000 ____D C:\Users\user\Documents\Škola
2016-03-31 22:06 - 2015-04-19 20:52 - 00000000 ____D C:\Users\user\Documents\Heroes of the Storm
2016-03-26 22:09 - 2012-03-05 18:57 - 00000000 ____D C:\Users\user\AppData\Roaming\.minecraft
2016-03-26 20:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-26 00:16 - 2013-04-19 20:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-03-26 00:11 - 2016-01-16 12:26 - 00000000 ____D C:\Users\user\Desktop\World of Warcraft
2016-03-24 14:09 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-24 13:12 - 2016-01-11 20:04 - 00000000 ____D C:\Users\user\Documents\GTA San Andreas User Files
2016-03-23 23:42 - 2014-06-30 17:47 - 00000000 ____D C:\Users\user\Documents\Euro Truck Simulator 2
2016-03-22 20:15 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-22 13:35 - 2015-10-30 09:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-03-20 21:51 - 2015-05-29 22:38 - 00000866 ____N C:\Users\user\Desktop\CCleaner.lnk
2016-03-20 20:52 - 2012-06-18 15:33 - 00000000 ____D C:\Program Files (x86)\Mount&Blade
2016-03-15 15:36 - 2015-01-11 19:13 - 00000000 ____D C:\Program Files (x86)\Hearthstone

==================== Files in the root of some directories =======

2013-06-19 19:43 - 2013-06-19 19:43 - 2280581 _____ () C:\Program Files (x86)\steven 2.age3sav
2013-05-26 18:28 - 2013-09-17 15:10 - 3249855 _____ () C:\Program Files (x86)\steven.age3sav
2013-06-21 21:21 - 2013-06-23 14:07 - 1421905 _____ () C:\Program Files (x86)\steven3.age3sav
2014-12-22 22:20 - 2014-12-22 22:42 - 0099384 _____ () C:\Users\user\AppData\Roaming\inst.exe
2014-12-22 22:20 - 2014-12-22 22:42 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
2014-12-22 22:20 - 2014-12-22 22:42 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
2014-12-22 22:20 - 2014-12-22 22:42 - 0000055 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
2014-12-22 22:20 - 2014-12-22 22:42 - 0082816 _____ (VSO Software) C:\Users\user\AppData\Roaming\pcouffin.sys
2012-01-31 21:58 - 2013-09-24 22:52 - 0001057 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
2011-10-06 23:01 - 2013-10-28 18:39 - 0008192 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-09 22:19 - 2012-05-09 22:19 - 0007612 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2009-11-12 16:16 - 2009-11-12 16:16 - 0000008 __RSH () C:\ProgramData\51A8C86491.sys
2016-01-12 21:32 - 2016-01-12 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2009-09-02 20:32 - 2010-01-05 18:26 - 0001986 _____ () C:\ProgramData\hpzinstall.log
2009-11-12 16:16 - 2009-11-12 16:17 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - user).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{EF925198-493B-4701-9840-0A3CD96FDF8D}.job => C:\Windows\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\user\Desktop" je 19599 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup
"C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Díky za rychlou reakci.

# AdwCleaner v5.110 - Log soubor vytvořen 13/04/2016 o 18:47:41
# Aktualizováno 10/04/2016 by Xplode
# Databáze : 2016-04-11.4 [Server]
# Operační systém : Windows 10 Home (X64)
# Jméno uživatele : user - USER-PC
# Spuštěno z : C:\Users\user\Desktop\adwcleaner_5.110.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****

[-] Složka smazáno : C:\Program Files\slimcleaner plus
[-] Složka smazáno : C:\Program Files\slimservice
[-] Složka smazáno : C:\Program Files (x86)\Application Updater
[-] Složka smazáno : C:\Program Files (x86)\Conduit
[-] Složka smazáno : C:\Program Files (x86)\DriverToolkit
[-] Složka smazáno : C:\Program Files (x86)\iMesh Applications
[-] Složka smazáno : C:\Program Files (x86)\Innovative Solutions
[-] Složka smazáno : C:\ProgramData\Ask
[-] Složka smazáno : C:\ProgramData\slimware utilities inc
[-] Složka smazáno : C:\ProgramData\SlimWare Utilities, Inc
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
[-] Složka smazáno : C:\Users\Public\Documents\Downloaded Installers
[#] Složka smazáno : C:\Users\Public\Documents\Downloaded Installers\{76F909AC-80EB-47F4-AE1C-299741F83F76}
[-] Složka smazáno : C:\users\user\AppData\Local\DriverToolkit
[-] Složka smazáno : C:\users\user\AppData\Local\Innovative Solutions
[-] Složka smazáno : C:\users\user\AppData\Local\Downloaded Installers
[-] Složka smazáno : C:\users\user\AppData\Roaming\Innovative Solutions
[-] Složka smazáno : C:\WINDOWS\Installer\{76F909AC-80EB-47F4-AE1C-299741F83F76}
[-] Složka smazáno : C:\WINDOWS\SysWOW64\C2MP

***** [ Soubory ] *****


***** [ DLLs ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****


***** [ Registr ] *****

[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Klávesa smazáno : HKCU\Software\APN PIP
[-] Klávesa smazáno : HKCU\Software\Conduit
[-] Klávesa smazáno : HKCU\Software\DriverToolkit
[-] Klávesa smazáno : HKCU\Software\IM
[-] Klávesa smazáno : HKCU\Software\ImInstaller
[-] Klávesa smazáno : HKCU\Software\SlimWare Utilities Inc
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Conduit
[-] Klávesa smazáno : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Klávesa smazáno : HKLM\SOFTWARE\Conduit
[-] Klávesa smazáno : HKLM\SOFTWARE\ImInstaller
[-] Klávesa smazáno : HKLM\SOFTWARE\PIP
[-] Klávesa smazáno : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76F909AC-80EB-47F4-AE1C-299741F83F76}
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

***** [ Webové prohlížeče ] *****

[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] smazáno : search.yahoo.com
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] smazáno : yahoo.com search
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : icdlfehblmklkikfigmjhbmmpmkmpooj
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] smazáno : pfndaklgolladniicklehhancnlgocpp

*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4657 bytes] - [13/04/2016 18:47:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [5354 bytes] - [13/04/2016 18:44:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4803 bytes] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by user (administrator) on USER-PC (13-04-2016 19:45:12)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe
(Realtek) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtWLan.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
Failed to access process -> nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.35-delta.exe
(forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [Cm108Sound] => "C:\WINDOWS\syswow64\RunDll32.exe" C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-05] (Glarysoft Ltd)
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-05] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{715d44d6-c999-41eb-b9be-df28e9eadef0}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{ef8ecec9-cbc0-4c16-b28f-8d22b84c476f}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-08] (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-08] (Sun Microsystems, Inc.)
DPF: HKLM {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/CZ/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-08] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-03] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-08-03] (Pando Networks)
FF Plugin HKU\S-1-5-21-3464139075-1475970981-2524642495-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-27] ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml [2011-12-21]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (TrackMania Online) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkbfcgenalmboiphnkbaebjofimjdecp [2013-10-29]
CHR Extension: (Webcam Toy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R2 Realtek8709; C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
R2 RtlService; C:\Program Files (x86)\REALTEK\8709 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) [File not signed]
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [307456 2012-02-24] ()
S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-22] (Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R1 EIO64; C:\Windows\System32\drivers\EIO64.sys [16384 2012-01-02] (ASUSTeK Computer Inc.)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-22] (Glarysoft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 RtlWlanu; C:\Windows\System32\drivers\wna3100m.sys [1576080 2012-10-04] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-09-15 19:37 - 2120-09-15 19:37 - 00143872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iacenc.dll
2099-09-15 19:37 - 2120-09-15 19:37 - 00056832 _____ C:\WINDOWS\SysWOW64\iyvu9_32.dll
2016-04-13 18:44 - 2016-04-13 18:47 - 00000000 ____D C:\AdwCleaner
2016-04-13 18:43 - 2016-04-13 18:44 - 03465280 _____ C:\Users\user\Desktop\adwcleaner_5.110.exe
2016-04-13 18:22 - 2016-04-13 19:46 - 00016029 _____ C:\Users\user\Desktop\FRST.txt
2016-04-13 18:21 - 2016-04-13 19:45 - 00000000 ____D C:\FRST
2016-04-13 18:20 - 2016-04-13 18:21 - 00112640 _____ (forum.viry.cz) C:\Users\user\Desktop\FRSTLauncher.exe
2016-04-13 18:18 - 2016-04-13 18:18 - 02375168 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-04-13 18:05 - 2016-04-13 18:05 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe
2016-04-10 19:36 - 2016-04-10 19:36 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-10 16:54 - 2016-04-10 16:54 - 00031123 _____ C:\Users\user\Downloads\The Big Bang Theory - 01x01 - Pilot.WEB-DL.PhoenixRG.English.C.updated.Addic7ed.com.srt
2016-04-10 16:53 - 2016-04-10 16:53 - 00014425 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s01e01.hdtv.xvid.xor.torrent
2016-04-10 14:42 - 2016-04-10 15:04 - 364326912 _____ C:\Users\user\Downloads\Simpsonovi-S05E04-Medvídek.XviD.AC3.CZ.avi.crdownload
2016-04-10 12:48 - 2016-04-10 12:51 - 00253434 _____ C:\TDSSKiller.3.0.0.16_10.04.2016_12.48.19_log.txt
2016-04-10 12:48 - 2016-04-10 12:49 - 02156640 _____ C:\Users\user\Downloads\tdsskiller.zip.uq2yx17.partial
2016-04-10 12:41 - 2016-04-10 12:41 - 00004835 _____ C:\Users\user\Downloads\[kat.cr]kaspersky.tdsskiller.2.7.5.0.torrent
2016-04-10 12:37 - 2016-04-10 12:37 - 00007978 _____ C:\Users\user\Downloads\[kat.cr]malwarebytes.anti.malware.premium.2.2.0.1024.final.multilingual.incl.keygen.team.os.torrent
2016-04-08 19:44 - 2016-04-08 20:42 - 1044101894 _____ C:\Users\user\Downloads\Legendy.z.Dogtownu.2005.DVDRip.XviD.CZ-XtrM.avi.crdownload
2016-04-08 19:16 - 2016-04-08 19:17 - 00000000 ____D C:\Users\user\Desktop\The.Big.Bang.Theory.S09E20.HDTV.x264-LOL[rarbg]
2016-04-08 19:16 - 2016-04-08 19:16 - 00029683 _____ C:\Users\user\Downloads\The Big Bang Theory - 09x20 - The Big Bear Precipitation.DIMENSION.English.HI.C.orig.Addic7ed.com.srt
2016-04-08 19:16 - 2016-04-08 19:16 - 00009766 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s09e20.hdtv.x264.lol.rartv (1).torrent
2016-04-08 19:15 - 2016-04-08 19:15 - 00009766 _____ C:\Users\user\Downloads\[kat.cr]the.big.bang.theory.s09e20.hdtv.x264.lol.rartv.torrent
2016-04-01 14:43 - 2016-04-01 14:43 - 00000000 ____D C:\Users\user\Desktop\The.Big.Bang.Theory.S09E19.HDTV.x264-LOL[ettv]
2016-03-26 14:28 - 2016-04-09 20:39 - 00000000 ____D C:\Users\user\Desktop\WoW Cata
2016-03-26 00:13 - 2016-03-26 14:21 - 2451867803 ____N C:\Users\user\Desktop\WoW_Cata.zip
2016-03-26 00:12 - 2016-03-26 00:12 - 00146563 _____ C:\Users\user\Downloads\WoW_Cata.torrent
2016-03-26 00:09 - 2016-03-26 00:09 - 04747214 _____ C:\Users\user\Downloads\wow.exe.zip
2016-03-22 14:39 - 2016-03-22 14:39 - 00567255 _____ C:\Users\user\Downloads\Beduíni.pptx
2016-03-21 18:13 - 2016-03-21 18:20 - 00002960 ____N C:\Users\user\Desktop\x360ce.ini
2016-03-21 18:13 - 2016-03-21 18:13 - 00171176 ____N (hxxp://x360ce.googlecode.com) C:\Users\user\Desktop\xinput1_3.dll
2016-03-20 20:20 - 2016-03-21 18:01 - 00002964 _____ C:\Users\user\Documents\x360ce.ini
2016-03-20 20:20 - 2016-03-20 20:20 - 00171176 _____ (hxxp://x360ce.googlecode.com) C:\Users\user\Documents\xinput1_3.dll
2016-03-20 20:19 - 2016-03-20 20:19 - 01346760 ____N (TocaEdit) C:\Users\user\Desktop\Hacked Gamepad BY SARATH GAMER.exe
2016-03-20 20:17 - 2016-03-20 20:18 - 00517542 _____ C:\Users\user\Downloads\Hacked Gamepad BY Sarath@Gamer.rar
2016-03-15 15:45 - 2016-03-15 15:45 - 00000000 ____D C:\Users\user\AppData\Roaming\.mono
2016-03-15 15:45 - 2016-03-15 15:45 - 00000000 ____D C:\ProgramData\.mono

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-13 19:45 - 2013-08-16 00:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 19:45 - 2011-06-30 11:01 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 19:39 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 19:31 - 2015-06-16 19:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 19:20 - 2010-01-29 12:24 - 00000976 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 18:57 - 2016-01-11 22:18 - 02048234 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 18:57 - 2015-10-30 20:31 - 00846796 _____ C:\WINDOWS\system32\perfh005.dat
2016-04-13 18:57 - 2015-10-30 20:31 - 00193746 _____ C:\WINDOWS\system32\perfc005.dat
2016-04-13 18:57 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 18:51 - 2010-01-29 12:24 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 18:50 - 2016-01-11 22:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-13 18:49 - 2015-10-30 08:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 14:27 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 14:27 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 14:27 - 2015-10-16 07:01 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-04-11 17:49 - 2013-11-11 20:24 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-10 21:36 - 2014-10-03 17:47 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2016-04-10 19:36 - 2015-06-16 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-10 19:36 - 2015-06-16 19:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-10 17:30 - 2013-10-05 14:52 - 00000000 ____D C:\Users\user\Desktop\PROGRAMY
2016-04-10 17:19 - 2016-02-07 17:33 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2016-04-10 17:08 - 2014-07-07 17:59 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-04-10 17:00 - 2015-10-25 14:48 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2016-04-10 16:52 - 2013-10-05 18:01 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-04-10 15:15 - 2014-10-03 17:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-10 13:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\TAPI
2016-04-10 13:46 - 2011-07-01 18:06 - 00000000 ____D C:\ProgramData\ICQ
2016-04-08 17:05 - 2015-05-30 12:31 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2016-04-08 17:04 - 2014-12-22 22:00 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-04-07 18:11 - 2014-10-05 20:12 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-04-07 18:11 - 2013-10-02 16:15 - 00000000 ____D C:\Users\user\AppData\Local\Blizzard Entertainment
2016-04-07 17:58 - 2015-12-25 19:38 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-04-06 20:32 - 2016-01-12 20:06 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2016-01-12 20:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 21:29 - 2013-10-12 18:49 - 00000000 ____D C:\Users\user\Documents\Škola
2016-03-31 22:06 - 2015-04-19 20:52 - 00000000 ____D C:\Users\user\Documents\Heroes of the Storm
2016-03-26 22:09 - 2012-03-05 18:57 - 00000000 ____D C:\Users\user\AppData\Roaming\.minecraft
2016-03-26 20:33 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-26 00:16 - 2013-04-19 20:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-03-26 00:11 - 2016-01-16 12:26 - 00000000 ____D C:\Users\user\Desktop\World of Warcraft
2016-03-24 14:09 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-24 13:12 - 2016-01-11 20:04 - 00000000 ____D C:\Users\user\Documents\GTA San Andreas User Files
2016-03-23 23:42 - 2014-06-30 17:47 - 00000000 ____D C:\Users\user\Documents\Euro Truck Simulator 2
2016-03-22 13:35 - 2015-10-30 09:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-03-22 13:35 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-03-22 13:35 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-03-20 21:51 - 2015-05-29 22:38 - 00000866 ____N C:\Users\user\Desktop\CCleaner.lnk
2016-03-20 20:52 - 2012-06-18 15:33 - 00000000 ____D C:\Program Files (x86)\Mount&Blade
2016-03-15 15:36 - 2015-01-11 19:13 - 00000000 ____D C:\Program Files (x86)\Hearthstone

==================== Files in the root of some directories =======

2013-06-19 19:43 - 2013-06-19 19:43 - 2280581 _____ () C:\Program Files (x86)\steven 2.age3sav
2013-05-26 18:28 - 2013-09-17 15:10 - 3249855 _____ () C:\Program Files (x86)\steven.age3sav
2013-06-21 21:21 - 2013-06-23 14:07 - 1421905 _____ () C:\Program Files (x86)\steven3.age3sav
2014-12-22 22:20 - 2014-12-22 22:42 - 0099384 _____ () C:\Users\user\AppData\Roaming\inst.exe
2014-12-22 22:20 - 2014-12-22 22:42 - 0007859 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
2014-12-22 22:20 - 2014-12-22 22:42 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
2014-12-22 22:20 - 2014-12-22 22:42 - 0000055 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
2014-12-22 22:20 - 2014-12-22 22:42 - 0082816 _____ (VSO Software) C:\Users\user\AppData\Roaming\pcouffin.sys
2012-01-31 21:58 - 2013-09-24 22:52 - 0001057 _____ () C:\Users\user\AppData\Roaming\vso_ts_preview.xml
2011-10-06 23:01 - 2013-10-28 18:39 - 0008192 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-09 22:19 - 2012-05-09 22:19 - 0007612 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2009-11-12 16:16 - 2009-11-12 16:16 - 0000008 __RSH () C:\ProgramData\51A8C86491.sys
2016-01-12 21:32 - 2016-01-12 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2009-09-02 20:32 - 2010-01-05 18:26 - 0001986 _____ () C:\ProgramData\hpzinstall.log
2009-11-12 16:16 - 2009-11-12 16:17 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - user).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{EF925198-493B-4701-9840-0A3CD96FDF8D}.job => C:\Windows\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\user\Desktop" je 19602 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup
"C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
U3 idsvc; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\51A8C86491.sys
C:\ProgramData\DP45977C.lfl
C:\ProgramData\KGyGaAvL.sys
C:\Users\user\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\user\Desktop" je 19602 MB.

To je příliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\user novou složku, přesuňte do ni všechna data z plochy (kromě zástupců) a na plochu si dejte kvůli snazšímu přístupu zástupce té složky.

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
U3 idsvc; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\51A8C86491.sys
C:\ProgramData\DP45977C.lfl
C:\ProgramData\KGyGaAvL.sys
C:\Users\user\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\user\Desktop" je 19602 MB.

To je příliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\user novou složku, přesuňte do ni všechna data z plochy (kromě zástupců) a na plochu si dejte kvůli snazšímu přístupu zástupce té složky.

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by user (2016-04-13 21:21:16) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3464139075-1475970981-2524642495-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
U3 idsvc; no ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\ProgramData\51A8C86491.sys
C:\ProgramData\DP45977C.lfl
C:\ProgramData\KGyGaAvL.sys
C:\Users\user\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-3464139075-1475970981-2524642495-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => key removed successfully
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => not found.
C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => moved successfully
C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => not found.
idsvc => service removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\ProgramData\51A8C86491.sys => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\KGyGaAvL.sys => moved successfully
C:\Users\user\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:21:18 ====

Smazáno. Nastala nějaká změna?