VIRY.CZ

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.17071 BrowserJavaVersion: 11.101.2
Run by dgm at 19:29:16 on 2016-09-14
Microsoft Windows 10 Pro 10.0.10240.0.1250.420.1029.18.4095.2208 [GMT 2:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k appmodel
C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\sihost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\system32\taskhostw.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\dgm\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\dgm\AppData\Roaming\NotepadPlusPlusApp\nppApplication.exe
C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\ApplicationFrameHost.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [OneDrive] "C:\Users\dgm\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [AdobeBridge] <no file>
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.8.0_101\bin\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\COLORM~1.LNK - C:\Program Files (x86)\X-Rite\ColorMunki Photo\Gamma\CalibrationLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\COLORM~2.LNK - C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: Vystřihnout obrázek - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Vystřihnout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Vystřihnout výběr - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Vystřihnout záložku - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_101-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00101-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_101-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_101-windows-i586.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{f11d856a-0791-4a99-93c8-8f2e48e5004a} : DHCPNameServer = 10.0.0.138
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorAV;Řadič Intel(R) SATA diskového pole RAID – Windows;C:\Windows\System32\drivers\iaStorAV.sys [2015-7-10 673120]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\Windows\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2016-8-2 200528]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 FileCrypt;FileCrypt;C:\Windows\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\Windows\System32\drivers\gpuenergydrv.sys [2016-8-2 8192]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-3-3 2159320]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2016-8-4 67584]
R2 CobianBackup11;Cobian Backup 11 Gravity;C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2016-8-4 1131008]
R2 ColorMunkiService;X-Rite Device ColorMunki;C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [2016-8-8 147968]
R2 CoreMessagingRegistrar;CoreMessaging;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Služba diagnostického trasování;C:\Windows\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-9-14 1136608]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-9-14 1514464]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2016-8-3 70768]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-9-14 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-9-14 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-9-14 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-8-8 426040]
R2 storqosflt;Ovladač filtru technologie QoS pro úložiště;C:\Windows\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Server datového modelu dlaždic;C:\Windows\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;Správce uživatelů;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 xritedeviced;X-Rite Device Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [2016-8-8 130048]
R3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;C:\Windows\System32\drivers\BthLEEnum.sys [2016-8-2 238080]
R3 lfsvc;Služba sledování zeměpisné polohy;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 LicenseManager;Služba správce licencí Windows;C:\Windows\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-9-14 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-9-14 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-9-14 65408]
R3 NcbService;Zprostředkovatel síťového připojení;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Enumerátor virtuálního síťového adaptéru Microsoft;C:\Windows\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 rt640x64;Ovladač Realtek RT640 NT;C:\Windows\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187.sys [2016-8-2 448512]
R3 StateRepository;Služba State Repository;C:\Windows\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\drivers\WUDFRd.sys [2015-7-10 214016]
R3 yukonw8;NDIS6.3 Miniport – ovladač pro Marvell Yukon Ethernet Legacy Controllers;C:\Windows\System32\drivers\yk63x64.sys [2015-7-10 295216]
S2 dmwappushservice;dmwappushsvc;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Optimalizace doručení;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Správce stažených map;C:\Windows\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 UsoSvc;Aktualizovat službu Orchestrator;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;Služba směrovače AllJoyn;C:\Windows\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;Připravenost aplikací;C:\Windows\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Služba Bluetooth Handsfree;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Služba pro zařízení pro ovládání přenosných zařízení;C:\Windows\System32\drivers\buttonconverter.sys [2016-8-2 36352]
S3 CapImg;Ovladač HID pro dotykovou obrazovku CapImg;C:\Windows\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;Služba CDPS;C:\Windows\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 ClipSVC;Služba pro klientské licence (ClipSVC);C:\Windows\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 colormunki;colormunki;C:\Windows\System32\drivers\colormunki_x64.sys [2016-8-8 51600]
S3 DcpSvc;DataCollectionPublishingService;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Backgroud Discovery Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Standardní služba sběru dat pro Centrum diagnostiky Microsoft (R);C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Služba zápisu při správě zařízení;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Služba sdílení dat;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\Windows\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\Windows\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Obecná funkční třída USB;C:\Windows\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Společný ovladač pro tlačítka standardu HID implementovaná s přerušeními;C:\Windows\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Ovladač řadiče Intel(R) Serial IO I2C;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 ibbus;Mellanox InfiniBand Bus/AL (ovladač filtru);C:\Windows\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Služba mobilní hotspot systému Windows;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Služba sběru událostí funkce ETW pro aplikaci Internet Explorer;C:\Windows\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Ovladač modulu Intel(R) Power Engine Plug-in;C:\Windows\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\Windows\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\Windows\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\Windows\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Enumerátor sběrnice Mellanox ConnectX;C:\Windows\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;Služba NetworkDirect;C:\Windows\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Služba nastavení sítě;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\Windows\System32\lsass.exe [2015-7-10 56344]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-12-8 178760]
S3 percsas2i;percsas2i;C:\Windows\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\Windows\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\Windows\System32\drivers\refsv1.sys [2016-8-2 934752]
S3 RetailDemo;Služba ukázkového režimu pro prodejny;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Služba výčtu zařízení čipové karty;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Služba dat ze senzorů;C:\Windows\System32\SensorDataService.exe [2016-8-2 1031680]
S3 SensorService;Senzorová služba;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Prostory úložiště SMP společnosti Microsoft;C:\Windows\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Služba směrovače SMS systému Microsoft Windows;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Ovladač Microsoft Standard NVM Express ;C:\Windows\System32\drivers\stornvme.sys [2016-8-2 80720]
S3 storufs;Ovladač Microsoft Universal Flash Storage (UFS);C:\Windows\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\Windows\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;Klient UCSI Správce konektoru USB;C:\Windows\System32\drivers\UcmUcsi.sys [2016-8-2 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\Windows\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Ovladač Microsoft UEFI;C:\Windows\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\Windows\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;Řadič USB – Chipidea;C:\Windows\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;Řadič USB – Synopsys;C:\Windows\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsCx01000;USB Role-Switch Support Library;C:\Windows\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsChipidea;Chipidea – ovladač USB pro přepínání rolí;C:\Windows\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsSynopsys;Synopsys – ovladač USB pro přepínání rolí;C:\Windows\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 vhf;Ovladač VHF (Virtual HID Framework);C:\Windows\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Rozhraní služby hosta technologie Hyper-V;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Služba relací virtuálního počítače s technologií Hyper-V;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;C:\Windows\System32\svchost.exe -k ICService [2015-7-10 39856]
S3 WalletService;WalletService;C:\Windows\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wampapache64;wampapache64;C:\wamp64\bin\apache\apache2.4.18\bin\httpd.exe [2016-8-8 29696]
S3 wampmysqld64;wampmysqld64;c:\wamp64\bin\mysql\mysql5.7.11\bin\mysqld.exe wampmysqld64 --> c:\wamp64\bin\mysql\mysql5.7.11\bin\mysqld.exe wampmysqld64 [?]
S3 wdiwifi;WDI Driver Framework;C:\Windows\System32\drivers\WdiWiFi.sys [2016-8-2 685568]
S3 WdNisDrv;Systémový ovladač kontroly sítě programu Windows Defender;C:\Windows\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Služba kontroly sítě programu Windows Defender;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Hostitelská služba zprostředkovatele šifrování Windows;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;Služba WinMad;C:\Windows\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;Služba WinVerbs;C:\Windows\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Pracovní složky;C:\Windows\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Služba nabízených oznámení Windows;C:\Windows\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Uložení hry Xbox Live;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\Windows\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Síťová služba Xbox Live;C:\Windows\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\Windows\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2016-09-14 17:00:52 16148 ----a-w- C:\Windows\System32\DESKTOP-7FRIM92_dgm_HistoryPrediction.bin
2016-09-14 16:47:18 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-09-14 16:47:05 65408 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-09-14 16:47:05 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-09-14 16:47:05 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-09-14 16:47:05 -------- d-----w- C:\ProgramData\Malwarebytes
2016-09-14 16:47:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-14 16:45:33 -------- d-----w- C:\Program Files\CCleaner
2016-09-14 16:43:43 -------- d-----w- C:\Program Files\Common Files\AV
2016-09-14 16:38:44 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2016-09-14 16:38:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2016-09-14 16:38:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-14 15:54:06 -------- d-----w- C:\Users\dgm\AppData\Roaming\NotepadPlusPlusApp
2016-09-14 15:16:08 11847048 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0147E4C-5B0F-4512-8C76-BFEEF70520E1}\mpengine.dll
2016-09-14 15:16:07 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{323E7E2B-C180-4263-9B17-60E02AD2324A}\gapaengine.dll
2016-09-13 13:29:35 11847048 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-09-13 13:22:58 -------- d-----w- C:\Program Files\CMAK
2016-09-13 13:22:58 -------- d-----w- C:\Program Files (x86)\CMAK
2016-09-08 16:37:17 -------- d-----w- C:\Users\dgm\AppData\Local\GlobalMapper
2016-09-08 16:36:37 -------- d-----w- C:\Users\dgm\AppData\Local\IIIQF
2016-09-07 16:56:26 -------- d-----w- C:\Users\dgm\Evernote
2016-09-07 16:56:15 -------- d-----w- C:\Program Files (x86)\Evernote
2016-09-07 16:25:39 -------- d-----w- C:\Users\dgm\.oracle_jre_usage
2016-09-07 16:25:35 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-09-07 16:25:19 -------- d-----w- C:\ProgramData\Oracle
2016-09-05 13:37:08 -------- d-----w- C:\Program Files (x86)\GPSBabel
2016-09-01 17:48:20 -------- d-----w- C:\Program Files (x86)\GPS Track Editor
2016-08-31 18:35:42 -------- d-----w- C:\Users\dgm\AppData\Roaming\Mobile Atlas Creator
2016-08-16 13:59:21 -------- d-----w- C:\ProgramData\GARMIN
2016-08-15 17:53:44 -------- d-----w- C:\Program Files (x86)\cGPSmapper
.
==================== Find3M ====================
.
2016-08-14 10:34:48 30568 ----a-w- C:\Windows\System32\drivers\grmngen.sys
2016-08-14 10:34:48 19304 ----a-w- C:\Windows\System32\drivers\grmnusb.sys
2016-08-08 19:20:26 411368 ----a-w- C:\Windows\SysWow64\deploytk.dll
2016-08-03 06:45:18 2718208 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2016-08-03 06:25:56 953472 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-08-03 06:25:44 365120 ----a-w- C:\Windows\SysWow64\bcryptprimitives.dll
2016-08-03 06:24:58 2152744 ----a-w- C:\Windows\SysWow64\mfcore.dll
2016-08-03 06:24:37 1531368 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-08-03 06:24:37 1356368 ----a-w- C:\Windows\SysWow64\winmde.dll
2016-08-03 06:24:34 46480 ----a-w- C:\Windows\SysWow64\wldp.dll
2016-08-03 06:24:34 439648 ----a-w- C:\Windows\SysWow64\SettingSyncHost.exe
2016-08-03 06:24:33 1767008 ----a-w- C:\Windows\SysWow64\CoreUIComponents.dll
2016-08-03 06:23:13 1895576 ----a-w- C:\Windows\SysWow64\hevcdecoder.dll
2016-08-03 06:22:26 1811360 ----a-w- C:\Windows\SysWow64\combase.dll
2016-08-03 06:15:58 468832 ----a-w- C:\Windows\SysWow64\NetSetupEngine.dll
2016-08-03 06:15:57 46080 ----a-w- C:\Windows\SysWow64\NAPCRYPT.DLL
2016-08-03 06:15:06 700256 ----a-w- C:\Windows\SysWow64\WWAHost.exe
2016-08-03 06:14:10 565648 ----a-w- C:\Windows\SysWow64\SHCore.dll
2016-08-03 06:13:40 65096 ----a-w- C:\Windows\SysWow64\Clipc.dll
2016-08-03 06:09:35 185952 ----a-w- C:\Windows\SysWow64\policymanager.dll
2016-08-03 05:44:58 2495776 ----a-w- C:\Windows\System32\CoreUIComponents.dll
2016-08-03 05:44:36 2115936 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2016-08-03 05:44:35 2429792 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2016-08-03 05:44:35 2156400 ----a-w- C:\Windows\System32\hevcdecoder.dll
2016-08-03 05:44:27 388896 ----a-w- C:\Windows\System32\wmpps.dll
2016-08-03 05:44:22 243760 ----a-w- C:\Windows\System32\mfps.dll
2016-08-03 05:39:23 660320 ----a-w- C:\Windows\System32\NetSetupEngine.dll
2016-08-03 05:38:29 801632 ----a-w- C:\Windows\System32\WWAHost.exe
2016-08-03 05:38:25 6525424 ----a-w- C:\Windows\System32\sppsvc.exe
2016-08-03 05:38:20 252760 ----a-w- C:\Windows\System32\ContentDeliveryManager.Utilities.dll
2016-08-03 05:38:12 724168 ----a-w- C:\Windows\System32\SHCore.dll
2016-08-03 05:38:03 78040 ----a-w- C:\Windows\System32\Clipc.dll
2016-08-03 05:38:00 1134792 ----a-w- C:\Windows\System32\ClipUp.exe
2016-08-03 05:37:59 658568 ----a-w- C:\Windows\System32\ClipSVC.dll
2016-08-03 05:33:59 224704 ----a-w- C:\Windows\System32\policymanager.dll
2016-08-03 05:32:22 983904 ----a-w- C:\Windows\System32\SecConfig.efi
2016-08-03 05:09:02 954368 ----a-w- C:\Windows\System32\IKEEXT.DLL
2016-08-03 05:03:18 16708608 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll
2016-08-03 04:57:57 694784 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-08-03 04:57:26 21862912 ----a-w- C:\Windows\System32\edgehtml.dll
2016-08-03 04:57:17 483328 ----a-w- C:\Windows\System32\OneDriveSettingSyncProvider.dll
2016-08-03 04:55:44 290304 ----a-w- C:\Windows\System32\oemlicense.dll
2016-08-03 04:54:07 11557888 ----a-w- C:\Windows\System32\twinui.dll
2016-08-03 04:53:43 7569408 ----a-w- C:\Windows\System32\mos.dll
2016-08-03 04:53:10 13027328 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll
2016-08-03 04:52:41 2418688 ----a-w- C:\Windows\System32\MFMediaEngine.dll
2016-08-03 04:51:59 446976 ----a-w- C:\Windows\System32\MapConfiguration.dll
2016-08-03 04:50:29 2902528 ----a-w- C:\Windows\System32\CertEnroll.dll
2016-08-03 04:49:25 6305792 ----a-w- C:\Windows\System32\Windows.UI.Search.dll
2016-08-03 04:49:20 371712 ----a-w- C:\Windows\SysWow64\OneDriveSettingSyncProvider.dll
2016-08-03 04:49:18 2446336 ----a-w- C:\Windows\System32\InputService.dll
2016-08-03 04:48:38 6788096 ----a-w- C:\Windows\System32\Windows.Data.Pdf.dll
2016-08-03 04:47:42 553472 ----a-w- C:\Windows\System32\GamePanel.exe
2016-08-03 04:47:39 209920 ----a-w- C:\Windows\SysWow64\oemlicense.dll
2016-08-03 04:47:33 293376 ----a-w- C:\Windows\System32\TextInputFramework.dll
2016-08-03 04:47:21 456704 ----a-w- C:\Windows\System32\certcli.dll
2016-08-03 04:47:10 184320 ----a-w- C:\Windows\System32\WSClient.dll
2016-08-03 04:46:49 963072 ----a-w- C:\Windows\System32\WSShared.dll
2016-08-03 04:46:42 1123840 ----a-w- C:\Windows\System32\NaturalLanguage6.dll
2016-08-03 04:46:32 324096 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-03 04:46:30 780288 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2016-08-03 04:46:27 1416704 ----a-w- C:\Windows\System32\lsasrv.dll
2016-08-03 04:46:22 183808 ----a-w- C:\Windows\System32\WSSync.dll
2016-08-03 04:45:52 147456 ----a-w- C:\Windows\System32\iassvcs.dll
2016-08-03 04:45:13 4847616 ----a-w- C:\Windows\System32\dbgeng.dll
2016-08-03 04:44:57 9889792 ----a-w- C:\Windows\SysWow64\twinui.dll
2016-08-03 04:44:51 814592 ----a-w- C:\Windows\System32\provcore.dll
2016-08-03 04:44:39 328704 ----a-w- C:\Windows\SysWow64\MapConfiguration.dll
2016-08-03 04:44:12 893440 ----a-w- C:\Windows\System32\MbaeApiPublic.dll
2016-08-03 04:44:09 345088 ----a-w- C:\Windows\System32\eappcfg.dll
2016-08-03 04:43:16 326656 ----a-w- C:\Windows\System32\eapp3hst.dll
2016-08-03 04:43:14 279040 ----a-w- C:\Windows\System32\eapphost.dll
2016-08-03 04:43:08 107008 ----a-w- C:\Windows\System32\eappgnui.dll
2016-08-03 04:43:01 7055872 ----a-w- C:\Windows\System32\BingMaps.dll
2016-08-03 04:42:58 65024 ----a-w- C:\Windows\System32\eappprxy.dll
2016-08-03 04:42:33 197632 ----a-w- C:\Windows\System32\NetSetupSvc.dll
2016-08-03 04:42:32 2253824 ----a-w- C:\Windows\System32\WpcWebSync.dll
2016-08-03 04:42:14 2598912 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2016-08-03 04:42:13 2839040 ----a-w- C:\Windows\System32\Wpc.dll
2016-08-03 04:41:46 1823232 ----a-w- C:\Windows\SysWow64\InputService.dll
2016-08-03 04:41:38 799232 ----a-w- C:\Windows\System32\wpccpl.dll
2016-08-03 04:41:17 4398592 ----a-w- C:\Windows\SysWow64\Windows.UI.Search.dll
2016-08-03 04:41:00 3119104 ----a-w- C:\Windows\System32\wininet.dll
2016-08-03 04:40:56 1918976 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll
2016-08-03 04:40:53 771072 ----a-w- C:\Windows\System32\Chakradiag.dll
2016-08-03 04:40:33 420352 ----a-w- C:\Windows\SysWow64\GamePanel.exe
2016-08-03 04:40:33 200704 ----a-w- C:\Windows\SysWow64\TextInputFramework.dll
2016-08-03 04:40:13 572928 ----a-w- C:\Windows\System32\vbscript.dll
2016-08-03 04:40:03 5160960 ----a-w- C:\Windows\SysWow64\Windows.Data.Pdf.dll
2016-08-03 04:40:03 338944 ----a-w- C:\Windows\SysWow64\certcli.dll
2016-08-03 04:39:22 587776 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2016-08-03 04:39:17 806912 ----a-w- C:\Windows\SysWow64\WSShared.dll
2016-08-03 04:39:13 247808 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-03 04:39:08 846848 ----a-w- C:\Windows\SysWow64\NaturalLanguage6.dll
2016-08-03 04:39:08 151552 ----a-w- C:\Windows\SysWow64\WSClient.dll
2016-08-03 04:39:05 5448704 ----a-w- C:\Windows\System32\aclui.dll
2016-08-03 04:39:02 153088 ----a-w- C:\Windows\SysWow64\WSSync.dll
2016-08-03 04:38:48 51200 ----a-w- C:\Windows\System32\Windows.Shell.Search.UriHandler.dll
2016-08-03 04:38:39 110080 ----a-w- C:\Windows\System32\IdCtrls.dll
2016-08-03 04:38:33 819712 ----a-w- C:\Windows\System32\licensingdiag.exe
.
============= FINISH: 19:29:29,56 ===============

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Přikládám scan AdwCleaner po scanování a vyčištění, stránky jako:
ru.aliexpress.com
http://chain-reaction-pro.co/ref/cr06
http://thirafsleb-si.ru/?token=v7rfq
http://apytrc.com/apref/6dc3d948-b1fc.....

a pod. se opakovaně ve Firefoxu náhodně otevírají:
Zatím děkuji.

# AdwCleaner v6.020 - Log soubor vytvořen 15/09/2016 na 14:06:40
# Aktualizováno dne 14/09/2016 z ToolsLib
# Databáze : 2016-09-14.2 [Server]
# Operační systém : Windows 10 Pro (X64)
# Uživatelské jméno : dgm - DESKTOP-7FRIM92
# Beží od : C:\Users\dgm\Desktop\adwcleaner_6.020(1).exe
# Mod: Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

***** [ Adresáře ] *****

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupce ] *****

***** [ Plánovač úloh ] *****

***** [ Registry ] *****

[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Klíč smazán:HKU\S-1-5-21-2758356745-1180579949-2161618819-1001\Software\IM
[#] Klíč smazán po restartování:HKCU\Software\IM
[-] Klíč smazán:HKLM\SOFTWARE\HPRewriter
[#] Klíč smazán po restartování:[x64] HKCU\Software\IM

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1141 Bajtů] - [15/09/2016 14:06:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [1384 Bajtů] - [15/09/2016 14:01:52]
C:\AdwCleaner\AdwCleaner[S1].txt - [1708 Bajtů] - [15/09/2016 14:06:24]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1363 Bajtů] ##########

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Přikládám lof FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by dgm (administrator) on DESKTOP-7FRIM92 (15-09-2016 19:20:00)
Running from C:\Users\dgm\Desktop
Loaded Profiles: dgm (Available Profiles: dgm)
Platform: Windows 10 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(PoloPurple Horsea) C:\Users\dgm\AppData\Roaming\NotepadPlusPlusApp\nppApplication.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
() C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\dgm\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2016-08-02] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2758356745-1180579949-2161618819-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2016-08-02] (BitTorrent, Inc.)
HKU\S-1-5-21-2758356745-1180579949-2161618819-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2758356745-1180579949-2161618819-1001\...\Run: [nppApplication] => C:\Users\dgm\AppData\Roaming\NotepadPlusPlusApp\nppApplication.exe [1068032 2016-08-19] (PoloPurple Horsea)
HKU\S-1-5-21-2758356745-1180579949-2161618819-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2758356745-1180579949-2161618819-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Gamma.lnk [2016-08-08]
ShortcutTarget: ColorMunki Gamma.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Photo\Gamma\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunkiPhotoTray.exe.lnk [2016-08-08]
ShortcutTarget: ColorMunkiPhotoTray.exe.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Photo\Tools\ColorMunki Photo Tray.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f11d856a-0791-4a99-93c8-8f2e48e5004a}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-08-11] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2758356745-1180579949-2161618819-1001 -> hxxp://google.com/

FireFox:
========
FF ProfilePath: C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314
FF Homepage: hxxps://www.google.cz/
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-08-25] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: (Flash Block) - C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314\extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2016-09-14]
FF Extension: (Menu Wizard) - C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314\extensions\s3menu@wizard.xpi [2016-09-14]
FF Extension: (Firefox Hotfix) - C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-14]
FF Extension: (Adblock Plus) - C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-09-14]
FF Extension: (web_clipper) - C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-09-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 ColorMunkiService; C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe [147968 2009-10-21] (X-Rite Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 wampapache64; c:\wamp64\bin\apache\apache2.4.18\bin\httpd.exe [29696 2015-12-09] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.11\bin\mysqld.exe [39622144 2016-02-02] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24856 2016-08-03] (Microsoft Corporation)
R2 xritedeviced; C:\Program Files (x86)\X-Rite\Devices\Services\xritedeviced.exe [130048 2009-10-21] (X-Rite Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 colormunki; C:\Windows\System32\Drivers\colormunki_x64.sys [51600 2007-10-02] (Thesycon GmbH, Germany)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2016-08-02] ()
R3 PdiPorts; C:\Windows\System32\drivers\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 yukonw8; C:\Windows\System32\drivers\yk63x64.sys [295216 2015-07-10] (Marvell)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-15 19:20 - 2016-09-15 19:20 - 00013620 _____ C:\Users\dgm\Desktop\FRST.txt
2016-09-15 19:18 - 2016-09-15 19:20 - 00000000 ____D C:\FRST
2016-09-15 19:18 - 2016-09-15 19:16 - 02398720 _____ (Farbar) C:\Users\dgm\Desktop\FRST64.exe
2016-09-15 19:12 - 2016-09-15 19:12 - 00112640 _____ (forum.viry.cz) C:\Users\dgm\Desktop\FRSTLauncher.exe
2016-09-15 18:28 - 2016-09-15 18:29 - 00062496 _____ C:\Users\dgm\Documents\cc_20160915_182854.reg
2016-09-15 18:25 - 2016-09-15 18:25 - 00016148 _____ C:\Windows\system32\DESKTOP-7FRIM92_dgm_HistoryPrediction.bin
2016-09-15 14:00 - 2016-09-15 13:57 - 03861056 _____ C:\Users\dgm\Desktop\adwcleaner_6.020(1).exe
2016-09-15 13:59 - 2016-09-15 14:06 - 00000000 ____D C:\AdwCleaner
2016-09-14 19:59 - 2016-09-14 19:59 - 00000000 ____D C:\Users\dgm\AppData\Roaming\Notepad++
2016-09-14 19:35 - 2016-09-14 19:35 - 00000242 _____ C:\Users\dgm\Desktop\VIRY.CZ • Zobrazit téma - Prosím o kontrolu logu (zpouštění nežádoucích str. v prohlíž.URL
2016-09-14 19:29 - 2016-09-14 19:29 - 00032890 _____ C:\Users\dgm\Desktop\dds.txt
2016-09-14 19:29 - 2016-09-14 19:29 - 00006248 _____ C:\Users\dgm\Desktop\attach.txt
2016-09-14 19:28 - 2016-09-14 19:28 - 00688992 ____R (Swearware) C:\Users\dgm\Desktop\dds.exe
2016-09-14 18:47 - 2016-09-15 19:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-14 18:47 - 2016-09-14 18:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-14 18:47 - 2016-09-14 18:47 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-14 18:47 - 2016-09-14 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-14 18:47 - 2016-09-14 18:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-14 18:47 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-14 18:47 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-14 18:47 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-14 18:45 - 2016-09-14 18:46 - 00000000 ____D C:\Program Files\CCleaner
2016-09-14 18:45 - 2016-09-14 18:45 - 00002866 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-09-14 18:45 - 2016-09-14 18:45 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-14 18:45 - 2016-09-14 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-14 18:43 - 2016-09-14 18:43 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-14 18:43 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-09-14 18:38 - 2016-09-14 19:58 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-14 18:38 - 2016-09-14 18:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-14 18:38 - 2016-09-14 18:38 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-14 18:38 - 2016-09-14 18:38 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-09-14 18:38 - 2016-09-14 18:38 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-09-14 18:38 - 2016-09-14 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-14 18:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-09-14 18:25 - 2016-09-14 18:25 - 00000000 ____D C:\Users\dgm\Desktop\Původní data aplikace Firefox
2016-09-14 17:56 - 2016-09-14 17:56 - 00000270 __RSH C:\Users\dgm\ntuser.pol
2016-09-14 17:54 - 2016-09-14 17:54 - 00001806 __RSH C:\ProgramData\ntuser.pol
2016-09-14 17:54 - 2016-09-14 17:54 - 00001212 _____ C:\Users\dgm\Desktop\notepad++.lnk
2016-09-14 17:54 - 2016-09-14 17:54 - 00000000 ____D C:\Users\dgm\AppData\Roaming\NotepadPlusPlusApp
2016-09-14 17:53 - 2016-09-14 17:53 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-09-13 15:22 - 2016-09-13 15:22 - 00000000 ____D C:\Program Files\CMAK
2016-09-13 15:22 - 2016-09-13 15:22 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-09-13 15:19 - 2016-09-13 15:19 - 00001009 _____ C:\Users\dgm\Desktop\greenland_2016_work_2 – zástupce.lnk
2016-09-08 19:43 - 2016-09-08 19:43 - 00000000 ____D C:\Users\dgm\AppData\LocalLow\Temp
2016-09-08 18:37 - 2016-09-12 18:49 - 00000000 ____D C:\Users\dgm\AppData\Local\GlobalMapper
2016-09-08 18:36 - 2016-09-14 17:37 - 00000000 ____D C:\Users\dgm\AppData\Local\IIIQF
2016-09-08 06:19 - 2016-09-08 06:19 - 00003334 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-09-08 06:18 - 2016-09-08 06:18 - 00000000 ____D C:\Users\dgm\AppData\Roaming\Skype
2016-09-07 20:11 - 2016-09-07 20:11 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-09-07 20:11 - 2016-09-07 20:11 - 00000000 ____D C:\Users\dgm\AppData\LocalLow\Google
2016-09-07 20:11 - 2016-09-07 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-09-07 18:56 - 2016-09-07 18:56 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-09-07 18:56 - 2016-09-07 18:56 - 00000000 ____D C:\Users\dgm\Evernote
2016-09-07 18:56 - 2016-09-07 18:56 - 00000000 ____D C:\Users\dgm\AppData\LocalLow\Evernote
2016-09-07 18:56 - 2016-09-07 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-09-07 18:56 - 2016-09-07 18:56 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-09-07 18:25 - 2016-09-07 18:27 - 00000000 ____D C:\ProgramData\Oracle
2016-09-07 18:25 - 2016-09-07 18:25 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-09-07 18:25 - 2016-09-07 18:25 - 00000000 ____D C:\Users\dgm\AppData\Roaming\Sun
2016-09-07 18:25 - 2016-09-07 18:25 - 00000000 ____D C:\Users\dgm\.oracle_jre_usage
2016-09-07 18:25 - 2016-09-07 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-05 17:44 - 2016-09-13 15:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-05 15:37 - 2016-09-05 15:37 - 00001090 _____ C:\Users\Public\Desktop\GPSBabel.lnk
2016-09-05 15:37 - 2016-09-05 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPSBabel
2016-09-05 15:37 - 2016-09-05 15:37 - 00000000 ____D C:\Program Files (x86)\GPSBabel
2016-09-01 19:48 - 2016-09-01 19:48 - 00001166 _____ C:\Users\dgm\Desktop\GPS Track Editor.lnk
2016-09-01 19:48 - 2016-09-01 19:48 - 00000000 ____D C:\Users\dgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS Track Editor
2016-09-01 19:48 - 2016-09-01 19:48 - 00000000 ____D C:\Program Files (x86)\GPS Track Editor
2016-08-31 20:35 - 2016-08-31 20:35 - 00000000 ____D C:\Users\dgm\AppData\Roaming\Mobile Atlas Creator
2016-08-16 16:16 - 2016-08-16 16:16 - 00001650 _____ C:\Users\dgm\Desktop\BaseCamp.lnk
2016-08-16 15:59 - 2016-08-16 15:59 - 00000000 ____D C:\ProgramData\GARMIN

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-15 19:20 - 2016-08-02 18:07 - 00000000 ____D C:\Users\dgm\AppData\Roaming\uTorrent
2016-09-15 19:15 - 2016-08-09 19:25 - 00000000 ____D C:\Users\dgm\Desktop\Nová složka
2016-09-15 18:40 - 2016-08-04 20:07 - 00000000 ____D C:\Users\dgm\AppData\Roaming\MPC-HC
2016-09-15 18:39 - 2016-08-08 19:28 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 18:28 - 2016-08-02 17:45 - 00000000 ____D C:\Windows\Panther
2016-09-15 18:28 - 2015-07-10 13:02 - 00000000 ____D C:\Windows\INF
2016-09-15 18:22 - 2016-08-02 17:01 - 01762290 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-15 18:22 - 2015-07-10 18:02 - 00745406 _____ C:\Windows\system32\perfh005.dat
2016-09-15 18:22 - 2015-07-10 18:02 - 00149344 _____ C:\Windows\system32\perfc005.dat
2016-09-15 18:19 - 2016-08-02 17:00 - 00003808 _____ C:\Windows\System32\Tasks\AutoKMS
2016-09-15 18:16 - 2016-08-08 19:28 - 00000988 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 18:15 - 2016-08-02 17:02 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-15 18:15 - 2015-07-10 14:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-15 18:14 - 2015-07-10 11:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2016-09-15 17:51 - 2016-08-03 18:16 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 14:31 - 2016-08-02 17:46 - 00000000 ____D C:\Windows\system32\MRT
2016-09-15 14:31 - 2015-07-10 18:05 - 00000000 ____D C:\Windows\ShellNew
2016-09-15 14:31 - 2015-07-10 12:55 - 00000000 ____D C:\Windows\CbsTemp
2016-09-15 14:28 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\rescache
2016-09-15 14:27 - 2016-08-03 17:19 - 00005258 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-7FRIM92-dgm DESKTOP-7FRIM92
2016-09-15 14:27 - 2016-08-02 17:45 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-15 13:48 - 2016-08-02 19:53 - 00000000 ____D C:\Users\dgm\AppData\Local\Adobe
2016-09-14 19:00 - 2015-07-10 18:03 - 00000000 ____D C:\Windows\SKB
2016-09-14 18:52 - 2016-08-02 16:55 - 00000000 ____D C:\Users\dgm
2016-09-14 18:09 - 2016-08-15 18:29 - 00000000 ____D C:\Users\dgm\AppData\Roaming\Garmin
2016-09-14 17:54 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-09-14 17:13 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\AppReadiness
2016-09-13 15:24 - 2016-08-02 19:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-13 15:24 - 2016-08-02 17:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-13 15:22 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-09-13 15:22 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-09-13 15:22 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-09-13 15:22 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\oobe
2016-09-13 15:22 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-09-13 15:22 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-09-13 15:17 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-08 06:19 - 2016-08-02 16:57 - 00002385 _____ C:\Users\dgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-08 06:19 - 2016-08-02 16:57 - 00000000 ___RD C:\Users\dgm\OneDrive
2016-09-07 20:11 - 2016-08-08 19:28 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-07 18:26 - 2016-08-08 21:20 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-07 18:25 - 2016-08-08 21:20 - 00269888 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-09-07 03:02 - 2015-07-10 13:06 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-07 03:02 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-16 19:17 - 2016-08-15 18:30 - 00000000 ____D C:\Users\dgm\AppData\Local\Garmin
2016-08-16 18:20 - 2016-08-15 19:54 - 00000000 ____D C:\ProgramData\TEMP
2016-08-16 16:12 - 2016-08-02 16:55 - 00000000 ____D C:\Users\dgm\AppData\Local\VirtualStore
2016-08-16 16:00 - 2016-08-15 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-08-16 15:54 - 2016-08-14 13:38 - 00001080 _____ C:\Users\Public\Desktop\GMapTool.lnk
2016-08-16 15:54 - 2016-08-14 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMapTool
2016-08-16 15:54 - 2016-08-14 13:38 - 00000000 ____D C:\Program Files (x86)\GMapTool

==================== Files in the root of some directories =======

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-08 19:17

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:238.47 GB) (Free:193.82 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (D_Raid) (Fixed) (Total:1863.01 GB) (Free:155.51 GB) NTFS
Drive e: (E_Raid_1) (Fixed) (Total:698.63 GB) (Free:415.16 GB) NTFS
Drive f: (G_disk) (Fixed) (Total:698.64 GB) (Free:6.36 GB) NTFS
Drive g: (F_disk) (Fixed) (Total:298.09 GB) (Free:297.92 GB) NTFS
Drive h: (H_Raid) (Fixed) (Total:931.51 GB) (Free:228.66 GB) NTFS
Drive j: () (Removable) (Total:29.05 GB) (Free:11.42 GB) NTFS
Drive x: (X_swap) (Fixed) (Total:111.79 GB) (Free:94.2 GB) NTFS

Available physical RAM: 2298.18 MB
Total physical RAM: 4095.08 MB
Percentage of memory in use: 43%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D306D499)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3373FD60)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5D88F10B)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)
Disk: 3 (Size: 698.6 GB) (Disk ID: 612E1E50)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9E899E89)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: FEDFFEDF)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: ADB599DA)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
Disk: 7 (Size: 29.1 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164 [290]

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\dgm\Desktop" je 94 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164 [290]
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Přikládám log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-09-2016
Ran by dgm (15-09-2016 20:30:50) Run:1
Running from C:\Users\dgm\Desktop
Loaded Profiles: dgm (Available Profiles: dgm)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164 [290]
End
*****************

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\TEMP => ":5F64C164" ADS removed successfully.

==== End of Fixlog 20:30:50 ====

Smazáno. Nastala nějaká změna?

Dobrý den, bohužel ne, v příloze zasílám snímek z historie Firefoxu, kde jsou uvedeny pravidelně otevírané nežádoucí stránky.
Jako domovskou stránku mám nastavený google.com
Zatím děkuji.

Proveďte tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Přikládám skeny.
Zatím díky.

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by dgm on 19.09.2016 at 19:43:00,33.
Microsoft Windows 10 Pro 10.0.10240 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dgm\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19.09.2016 19:43:41 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Nalpeiron deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\dgm\AppData\Local\NetworkTiles deleted successfully
C:\Users\dgm\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2758356745-1180579949-2161618819-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.cz/");
user_pref("services.sync.prefs.sync.browser.search.selectedEngine", true);

Added to C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\My Program deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314\jetpack deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\dgm\AppData\Roaming\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314
- <--Block site--> - %ProfilePath%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
- Undetermined - %ProfilePath%\extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
- Menu Wizard - %ProfilePath%\extensions\s3menu@wizard.xpi
- Flash Block - %ProfilePath%\extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- web_clipper - %ProfilePath%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dgm\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\dgm\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\dgm\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\dgm\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\dgm\AppData\Local\Mozilla\Firefox\Profiles\dklcazrp.default-1473870339314\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=42 folders=50 43894863 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\dgm\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 19.09.2016 at 20:01:12,20 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64
Ran by dgm (Administrator) on 19.09.2016 at 20:19:21,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.09.2016 at 20:20:19,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jak to vypadá teď?

Dobrý den, bohužel ty stejné stránky nabíhají po zapnutí Firefoxu, po restartu PC a zapnutí Firefox prakticky hned, pak v průbehu práce náhodně.
Jsou to ty stejné stránky jako jsem uvedl v příloze mého dřívějšho příspěvku.
Zdravím. M.

FF zazálohujte pomocí MozBackup: http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ . Pak FF odinstalujte vč. jeho profilu (podadresáře Mozilla v c:\users\dgm\appdata\local, c:\users\dgm\appdata\roaming, c:\users\dgm\data aplikací, c:\users\dgm\local settings a v c:\program data musí být smazány). Proveďte novou, čistou instalaci firefoxu a zpět ze zálohy nakopírujte pouze záložky a hesla.

Dobrý den, bohužel bez úspěchu.
Odinstaloval jsem Firefox přes Win 10, odebrat programy.
Vymazal složku Mozily v Program Files.
Vymazal složku Mozily a Firefoxu v Datech aplikací.
Pročistil všecny možné cookies, historii, hesla atd. přes CCleaner.
Stáhnul novou instalačku Firefoxu.
Nainstaloval a neobnovoval zatím nic z původních preferencí, nechal jen čistou instalaci a opět ty známé stránky - viz příloha, snímek z historie Firefoxu.
Zdraví M.

VIRY.CZ

Prosím o kontrolu logu (zpouštění nežádoucích str. v prohlíž

Prosím o kontrolu logu (zpouštění nežádoucích str. v prohlíž

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro

Re: Prosím o kontrolu logu (zpouštění nežádoucích str. v pro