VIRY.CZ

Při činnosti nad některými stránkami dochází k otevírání reklamních panelů. Prosím proto o kontrolu logu z FRSTu:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by Ivo Brož (administrator) on BROZ-NB (11-12-2016 11:28:56)
Running from C:\Users\Ivo Brož\Desktop
Loaded Profiles: Ivo Brož (Available Profiles: Ivo Brož)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Atomic Alarm Clock\timeserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(BitTorrent, Inc.) C:\Users\Ivo Brož\AppData\Roaming\uTorrent\utorrent.exe
() C:\Users\Ivo Brož\Disk Mega\Správce\Timery\AlphaClock\aclock.exe
(Drive Software Company) C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Winstep Software Technologies) C:\Program Files\Winstep\WsxService.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Winstep Software Technologies) C:\Program Files\Winstep\Nexus.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(Mega Limited) C:\Users\Ivo Brož\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_111\launch4j-tmp\frd.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2015-12-07] (Realtek Semiconductor)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2009-04-01] (ASUS)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1004064 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2015-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm106Sound] => RunDll32 cm106.cpl,CMICtrlWnd
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-26] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [2739240 2015-11-13] ()
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [uTorrent] => C:\Users\Ivo Brož\AppData\Roaming\uTorrent\utorrent.exe [416168 2015-02-22] (BitTorrent, Inc.)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [Alpha Clock] => C:\Users\Ivo Brož\Disk Mega\Správce\Timery\AlphaClock\aclock.exe [69120 2003-10-23] ()
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [3621376 2016-03-22] (Drive Software Company)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1021736 2016-01-08] (Samsung)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [Nexus] => C:\Program Files\Winstep\Nexus.exe [13556352 2016-12-09] (Winstep Software Technologies)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [NeXuS-Ultimate] => C:\Program Files\Winstep\Nexus.exe [13556352 2016-12-09] (Winstep Software Technologies)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23819048 2016-11-11] (Google)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\MountPoints2: {e9e3f691-99c8-11e5-85a1-002243c6c20d} - E:\sources\SetupError.exe x64
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ivo Brož\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-30] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ivo Brož\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-30] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ivo Brož\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-30] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\USB Multi-Channel Audio Device – zástupce.lnk [2016-01-20]
ShortcutTarget: USB Multi-Channel Audio Device – zástupce.lnk -> (No File)
Startup: C:\Users\Ivo Brož\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.9u4.lnk [2016-02-24]
ShortcutTarget: FreeRapid 0.9u4.lnk -> C:\Frd\frd.exe (Vity)
Startup: C:\Users\Ivo Brož\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-11-30]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Ivo Brož\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{8F985A02-AFC7-4F31-9AEB-B906A326FEEF}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{E4F7D5EC-A14C-4D43-80CC-AD22C07F8A51}: [DhcpNameServer] 10.10.15.1 10.10.15.10

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131230232319602000&GUID=8055860F-EFF5-4C63-9C53-171B90716F95
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
SearchScopes: HKU\S-1-5-21-698314851-3235763532-1396065412-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-11] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-11] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rxbgig8q.default
FF ProfilePath: C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default [2016-12-11]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\rxbgig8q.default -> Yahoo®
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\rxbgig8q.default -> Yahoo®
FF Homepage: Mozilla\Firefox\Profiles\rxbgig8q.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\rxbgig8q.default -> is enabled.
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\artur.dubovoy@gmail.com [2016-11-13]
FF Extension: (Facefont) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\facefont@mc.com [2016-08-06]
FF Extension: (FaviconizeTab) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\faviconizetab@espion.just-size.jp.xpi [2016-11-17]
FF Extension: (IdentFavIcon) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\identfavicon@david.hanak.hu.xpi [2016-11-17]
FF Extension: (Big Emo For Facebook) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\jid0-3w5IeNyk2A0kYZWgtBwRAxwtyTo@jetpack.xpi [2016-07-19]
FF Extension: (Pin It button) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-07-19]
FF Extension: (Print Edit) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\printedit@DW-dev.xpi [2016-11-26]
FF Extension: (Save as PDF) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2016-08-06]
FF Extension: (pdfit) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\service@touchpdf.com.xpi [2016-08-06]
FF Extension: (FxIF) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2016-08-06]
FF Extension: (FireTray) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{9533f794-00b4-4354-aa15-c2bbda6989f8} [2016-08-06]
FF Extension: (SaveLink) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{BAFDF624-6BFC-4179-BE0A-925BC15ECFBA}.xpi [2016-08-07]
FF Extension: (Adblock Plus) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Tab Mix Plus) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-28]
FF Extension: (Web2PDF converter) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2016-08-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-12-07] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Windows\system32\npdeployJava1.dll [2016-12-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-11] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [35440 2016-11-28] (Dropbox, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [931200 2016-02-17] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [104200 2016-08-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-08-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 Winstep Xtreme Service; C:\Program Files\Winstep\WsxService [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [191200 2016-01-08] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [3105280 2012-10-04] (C-Media Electronics Inc)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 11:28 - 2016-12-11 11:29 - 00020561 _____ C:\Users\Ivo Brož\Desktop\FRST.txt
2016-12-11 11:28 - 2016-12-11 11:28 - 00000000 ____D C:\FRST
2016-12-11 11:25 - 2016-12-11 11:26 - 01761792 _____ (Farbar) C:\Users\Ivo Brož\Desktop\FRST.exe
2016-12-11 11:03 - 2016-12-11 11:01 - 00908352 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2016-12-11 11:03 - 2016-12-11 11:01 - 00826432 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2016-12-11 11:02 - 2016-12-11 11:02 - 00000000 ____D C:\Program Files\Common Files\Java
2016-12-11 11:01 - 2016-12-11 11:01 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-12-11 11:01 - 2016-12-11 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-11 09:56 - 2016-12-11 09:56 - 00278174 _____ C:\Users\Ivo Brož\Desktop\FN ZPS 8 - 20.pdf
2016-12-11 07:38 - 2016-12-11 07:38 - 00000000 ___HD C:\OneDriveTemp
2016-12-09 03:58 - 2016-12-09 03:58 - 79114461 _____ C:\Users\Ivo Brož\Desktop\Neo-Matrix_1.mp4
2016-12-09 03:33 - 2016-12-09 03:33 - 11322632 _____ C:\Users\Ivo Brož\Desktop\Neo-Matrix_2.mp4
2016-12-02 22:20 - 2016-12-02 22:20 - 01225577 _____ C:\Users\Ivo Brož\Desktop\Žicer.mp4
2016-12-02 09:50 - 2016-12-02 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-01 22:24 - 2016-12-01 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-01 03:18 - 2016-12-01 03:18 - 00000000 ____D C:\Users\Ivo Brož\Desktop\Malý motor
2016-12-01 03:17 - 2016-12-01 03:17 - 00000000 ____D C:\Users\Ivo Brož\Desktop\Ozubená tyč
2016-11-30 18:43 - 2016-12-11 07:38 - 00000000 ___RD C:\Users\Ivo Brož\OneDrive
2016-11-30 18:08 - 2016-11-30 18:08 - 00001989 _____ C:\Users\Ivo Brož\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-30 18:08 - 2016-11-30 18:08 - 00001928 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-30 18:08 - 2016-11-30 18:08 - 00001928 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-30 18:08 - 2016-11-30 18:08 - 00000000 ____D C:\Program Files\Microsoft OneDrive
2016-11-30 18:07 - 2016-11-30 18:07 - 00000000 ____D C:\Users\Ivo Brož\AppData\Roaming\Skype
2016-11-30 18:07 - 2016-11-30 18:07 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-11-28 15:05 - 2016-11-28 15:05 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-28 15:05 - 2016-11-28 15:05 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-28 15:05 - 2016-11-28 15:05 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-28 15:05 - 2016-11-28 15:05 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-23 01:26 - 2016-11-30 22:15 - 00000000 ____D C:\Users\Ivo Brož\Desktop\Obrázkové recepty
2016-11-22 15:55 - 2016-12-02 10:43 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-11-20 22:28 - 2016-11-20 22:28 - 74962220 _____ C:\Users\Ivo Brož\Desktop\_Symphonie pour un violon_ par ALAINJUNO (Artiste Peintre).mp4
2016-11-19 15:13 - 2016-11-19 15:14 - 00000000 ____D C:\Users\Ivo Brož\Desktop\Zuzka
2016-11-17 10:32 - 2016-12-11 11:05 - 00000000 ____D C:\Users\Ivo Brož\AppData\LocalLow\Mozilla
2016-11-16 13:19 - 2016-12-11 11:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-16 00:21 - 2016-11-16 00:23 - 00000000 ____D C:\Users\Ivo Brož\Desktop\vyprazdnovani tlusteho streva
2016-11-12 03:47 - 2016-11-12 03:47 - 00028383 _____ C:\Users\Ivo Brož\Documents\formulář-1.xlsm
2016-11-12 03:15 - 2016-11-12 03:15 - 00044032 _____ C:\Users\Ivo Brož\Documents\indikator_pro_Koju.xls
2016-11-12 03:06 - 2016-11-12 03:06 - 00129024 _____ C:\Users\Ivo Brož\Documents\excel_prvky.xls
2016-11-11 12:52 - 2016-11-11 12:53 - 00011077 _____ C:\Users\Ivo Brož\Documents\Test - třídění.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 11:28 - 2015-12-09 17:18 - 00000000 ____D C:\Users\Ivo Brož\AppData\Roaming\uTorrent
2016-12-11 11:24 - 2015-12-07 20:47 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-11 11:22 - 2016-07-28 21:17 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-11 11:20 - 2016-11-05 09:02 - 00000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-11 11:04 - 2016-01-21 12:38 - 00000000 ____D C:\ProgramData\Oracle
2016-12-11 11:01 - 2016-02-23 20:58 - 00269888 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-12-11 11:01 - 2016-01-21 12:38 - 00000000 ____D C:\Program Files\Java
2016-12-11 10:57 - 2016-10-30 10:53 - 00000000 ____D C:\Users\Ivo Brož\.rainlendar2
2016-12-11 09:36 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-11 09:36 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-11 07:39 - 2015-12-09 15:48 - 00000000 ___RD C:\Users\Ivo Brož\Dropbox
2016-12-11 07:38 - 2015-12-16 03:11 - 00000000 ___RD C:\Users\Ivo Brož\Disk Google
2016-12-11 07:37 - 2016-07-28 21:17 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-11 07:36 - 2016-11-05 09:02 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-11 07:36 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-11 05:21 - 2015-12-03 15:08 - 00002871 _____ C:\Windows\bthservsdp.dat
2016-12-11 05:21 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-09 20:23 - 2016-02-24 21:04 - 00000000 ____D C:\Users\Ivo Brož\AppData\Local\CrashDumps
2016-12-09 05:05 - 2016-09-24 10:07 - 00000647 _____ C:\Users\Ivo Brož\Documents\Winstep.lnk
2016-12-09 05:05 - 2016-09-24 10:07 - 00000000 ____D C:\Users\Public\Documents\Winstep
2016-12-09 05:05 - 2016-09-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winstep
2016-12-09 05:05 - 2016-09-24 10:07 - 00000000 ____D C:\Program Files\Winstep
2016-12-04 06:55 - 2015-12-03 10:46 - 00000680 _____ C:\Users\Ivo Brož\AppData\Local\d3d9caps.dat
2016-12-03 12:24 - 2016-11-09 14:19 - 00000000 ____D C:\Users\Ivo Brož\Desktop\Roztřídit
2016-12-02 17:23 - 2015-12-10 22:50 - 00000132 _____ C:\Users\Ivo Brož\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2016-12-02 10:43 - 2015-12-07 14:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-02 09:50 - 2015-12-16 03:08 - 00000000 ____D C:\Users\Ivo Brož\AppData\Local\Google
2016-12-01 22:25 - 2015-12-09 15:43 - 00000000 ____D C:\Program Files\Dropbox
2016-12-01 22:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-12-01 01:41 - 2016-01-22 18:41 - 00000000 ____D C:\Users\Ivo Brož\AppData\Roaming\AIMP3
2016-12-01 01:39 - 2016-07-15 20:43 - 00000811 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-30 18:46 - 2015-12-03 10:46 - 00000000 ____D C:\Users\Ivo Brož
2016-11-30 06:05 - 2016-01-29 18:15 - 00000000 ____D C:\Users\Ivo Brož\AppData\Local\MEGAsync
2016-11-17 21:20 - 2016-11-09 01:19 - 00071680 _____ C:\Users\Ivo Brož\Documents\Výdaje.xls
2016-11-15 13:17 - 2008-04-17 13:36 - 00644548 _____ C:\Windows\system32\perfh005.dat
2016-11-15 13:17 - 2008-04-17 13:36 - 00137186 _____ C:\Windows\system32\perfc005.dat
2016-11-15 13:17 - 2006-11-02 11:33 - 01530430 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-12-10 22:50 - 2016-12-02 17:23 - 0000132 _____ () C:\Users\Ivo Brož\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2015-12-10 19:20 - 2015-12-10 19:20 - 0023888 _____ () C:\Users\Ivo Brož\AppData\Roaming\UserTile.png
2015-12-03 10:46 - 2016-12-04 06:55 - 0000680 _____ () C:\Users\Ivo Brož\AppData\Local\d3d9caps.dat
2015-12-04 03:15 - 2016-02-20 07:36 - 0109160 _____ () C:\ProgramData\nvModes.001
2015-12-04 03:15 - 2016-02-20 07:36 - 0109160 _____ () C:\ProgramData\nvModes.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-11 07:42

==================== End of FRST.txt ============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Díky za reakci na moje volání "HELP" - zde je log:


# AdwCleaner v6.040 - Log vytvořen 11/12/2016 v 12:12:23
# Aktualizováno dne 02/12/2016 z Malwarebytes
# Databáze : 2016-12-11.2 [Server]
# Operační systém : Windows Vista (TM) Business Service Pack 2 (X86)
# Uživatelské jméno : Ivo Brož - BROZ-NB
# Spuštěno z : C:\Users\Ivo Brož\Desktop\adwcleaner_6.040.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\HPReyos


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [868 Bajty] - [11/12/2016 12:12:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [1379 Bajty] - [11/12/2016 12:12:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1013 Bajty] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by Ivo Brož (administrator) on BROZ-NB (11-12-2016 15:06:01)
Running from C:\Users\Ivo Brož\Desktop
Loaded Profiles: Ivo Brož (Available Profiles: Ivo Brož)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\Atomic Alarm Clock\timeserv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Winstep Software Technologies) C:\Program Files\Winstep\WsxService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(BitTorrent, Inc.) C:\Users\Ivo Brož\AppData\Roaming\uTorrent\utorrent.exe
() C:\Users\Ivo Brož\Disk Mega\Správce\Timery\AlphaClock\aclock.exe
(Drive Software Company) C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Winstep Software Technologies) C:\Program Files\Winstep\Nexus.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Mega Limited) C:\Users\Ivo Brož\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_111\launch4j-tmp\frd.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2015-12-07] (Realtek Semiconductor)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2009-04-01] (ASUS)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1004064 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2015-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Cm106Sound] => RunDll32 cm106.cpl,CMICtrlWnd
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-26] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [2739240 2015-11-13] ()
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [uTorrent] => C:\Users\Ivo Brož\AppData\Roaming\uTorrent\utorrent.exe [416168 2015-02-22] (BitTorrent, Inc.)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [Alpha Clock] => C:\Users\Ivo Brož\Disk Mega\Správce\Timery\AlphaClock\aclock.exe [69120 2003-10-23] ()
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [3621376 2016-03-22] (Drive Software Company)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1572648 2016-01-08] (Samsung)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1021736 2016-01-08] (Samsung)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [Nexus] => C:\Program Files\Winstep\Nexus.exe [13556352 2016-12-09] (Winstep Software Technologies)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [NeXuS-Ultimate] => C:\Program Files\Winstep\Nexus.exe [13556352 2016-12-09] (Winstep Software Technologies)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23819048 2016-11-11] (Google)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\MountPoints2: {e9e3f691-99c8-11e5-85a1-002243c6c20d} - E:\sources\SetupError.exe x64
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ivo Brož\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-30] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ivo Brož\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-30] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ivo Brož\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-30] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\USB Multi-Channel Audio Device – zástupce.lnk [2016-01-20]
ShortcutTarget: USB Multi-Channel Audio Device – zástupce.lnk -> (No File)
Startup: C:\Users\Ivo Brož\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.9u4.lnk [2016-02-24]
ShortcutTarget: FreeRapid 0.9u4.lnk -> C:\Frd\frd.exe (Vity)
Startup: C:\Users\Ivo Brož\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-11-30]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Ivo Brož\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{8F985A02-AFC7-4F31-9AEB-B906A326FEEF}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{E4F7D5EC-A14C-4D43-80CC-AD22C07F8A51}: [DhcpNameServer] 10.10.15.1 10.10.15.10

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131230232319602000&GUID=8055860F-EFF5-4C63-9C53-171B90716F95
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
SearchScopes: HKU\S-1-5-21-698314851-3235763532-1396065412-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-11] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-11] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rxbgig8q.default
FF ProfilePath: C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default [2016-12-11]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\rxbgig8q.default -> Yahoo®
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\rxbgig8q.default -> Yahoo®
FF Homepage: Mozilla\Firefox\Profiles\rxbgig8q.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\rxbgig8q.default -> is enabled.
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\artur.dubovoy@gmail.com [2016-11-13]
FF Extension: (Facefont) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\facefont@mc.com [2016-08-06]
FF Extension: (FaviconizeTab) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\faviconizetab@espion.just-size.jp.xpi [2016-11-17]
FF Extension: (IdentFavIcon) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\identfavicon@david.hanak.hu.xpi [2016-11-17]
FF Extension: (Big Emo For Facebook) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\jid0-3w5IeNyk2A0kYZWgtBwRAxwtyTo@jetpack.xpi [2016-07-19]
FF Extension: (Pin It button) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-07-19]
FF Extension: (Print Edit) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\printedit@DW-dev.xpi [2016-11-26]
FF Extension: (Save as PDF) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2016-08-06]
FF Extension: (pdfit) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\service@touchpdf.com.xpi [2016-08-06]
FF Extension: (FxIF) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2016-08-06]
FF Extension: (FireTray) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{9533f794-00b4-4354-aa15-c2bbda6989f8} [2016-08-06]
FF Extension: (SaveLink) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{BAFDF624-6BFC-4179-BE0A-925BC15ECFBA}.xpi [2016-08-07]
FF Extension: (Adblock Plus) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Tab Mix Plus) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-28]
FF Extension: (Web2PDF converter) - C:\Users\Ivo Brož\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2016-08-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-12-07] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Windows\system32\npdeployJava1.dll [2016-12-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-11] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [35440 2016-11-28] (Dropbox, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [931200 2016-02-17] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [104200 2016-08-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-08-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 Winstep Xtreme Service; C:\Program Files\Winstep\WsxService [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114368 2015-10-08] (Power Software Ltd)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [191200 2016-01-08] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [3105280 2012-10-04] (C-Media Electronics Inc)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 12:15 - 2016-12-11 12:15 - 00000000 ___HD C:\OneDriveTemp
2016-12-11 12:10 - 2016-12-11 12:12 - 00000000 ____D C:\AdwCleaner
2016-12-11 12:08 - 2016-12-11 12:08 - 03968464 _____ C:\Users\Ivo Brož\Desktop\adwcleaner_6.040.exe
2016-12-11 11:43 - 2016-12-11 11:43 - 00010295 _____ C:\Users\Ivo Brož\Desktop\Addition.rar
2016-12-11 11:29 - 2016-12-11 11:31 - 00042593 _____ C:\Users\Ivo Brož\Desktop\Addition.txt
2016-12-11 11:28 - 2016-12-11 15:06 - 00020240 _____ C:\Users\Ivo Brož\Desktop\FRST.txt
2016-12-11 11:28 - 2016-12-11 15:06 - 00000000 ____D C:\FRST
2016-12-11 11:25 - 2016-12-11 11:26 - 01761792 _____ (Farbar) C:\Users\Ivo Brož\Desktop\FRST.exe
2016-12-11 11:03 - 2016-12-11 11:01 - 00908352 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2016-12-11 11:03 - 2016-12-11 11:01 - 00826432 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2016-12-11 11:02 - 2016-12-11 11:02 - 00000000 ____D C:\Program Files\Common Files\Java
2016-12-11 11:01 - 2016-12-11 11:01 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-12-11 11:01 - 2016-12-11 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-11 09:56 - 2016-12-11 09:56 - 00278174 _____ C:\Users\Ivo Brož\Desktop\FN ZPS 8 - 20.pdf
2016-12-09 03:58 - 2016-12-09 03:58 - 79114461 _____ C:\Users\Ivo Brož\Desktop\Neo-Matrix_1.mp4
2016-12-09 03:33 - 2016-12-09 03:33 - 11322632 _____ C:\Users\Ivo Brož\Desktop\Neo-Matrix_2.mp4
2016-12-02 22:20 - 2016-12-02 22:20 - 01225577 _____ C:\Users\Ivo Brož\Desktop\Žicer.mp4
2016-12-02 09:50 - 2016-12-02 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-01 22:24 - 2016-12-01 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-01 03:18 - 2016-12-01 03:18 - 00000000 ____D C:\Users\Ivo Brož\Desktop\Malý motor
2016-12-01 03:17 - 2016-12-01 03:17 - 00000000 ____D C:\Users\Ivo Brož\Desktop\Ozubená tyč
2016-11-30 18:43 - 2016-12-11 14:19 - 00000000 ___RD C:\Users\Ivo Brož\OneDrive
2016-11-30 18:08 - 2016-11-30 18:08 - 00001989 _____ C:\Users\Ivo Brož\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-30 18:08 - 2016-11-30 18:08 - 00001928 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-30 18:08 - 2016-11-30 18:08 - 00001928 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-11-30 18:08 - 2016-11-30 18:08 - 00000000 ____D C:\Program Files\Microsoft OneDrive
2016-11-30 18:07 - 2016-11-30 18:07 - 00000000 ____D C:\Users\Ivo Brož\AppData\Roaming\Skype
2016-11-30 18:07 - 2016-11-30 18:07 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-11-28 15:05 - 2016-11-28 15:05 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-28 15:05 - 2016-11-28 15:05 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-28 15:05 - 2016-11-28 15:05 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-28 15:05 - 2016-11-28 15:05 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-23 01:26 - 2016-11-30 22:15 - 00000000 ____D C:\Users\Ivo Brož\Desktop\Obrázkové recepty
2016-11-22 15:55 - 2016-12-02 10:43 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-11-20 22:28 - 2016-11-20 22:28 - 74962220 _____ C:\Users\Ivo Brož\Desktop\_Symphonie pour un violon_ par ALAINJUNO (Artiste Peintre).mp4
2016-11-19 15:13 - 2016-11-19 15:14 - 00000000 ____D C:\Users\Ivo Brož\Desktop\Zuzka
2016-11-17 10:32 - 2016-12-11 15:05 - 00000000 ____D C:\Users\Ivo Brož\AppData\LocalLow\Mozilla
2016-11-16 13:19 - 2016-12-11 11:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-16 00:21 - 2016-11-16 00:23 - 00000000 ____D C:\Users\Ivo Brož\Desktop\vyprazdnovani tlusteho streva
2016-11-12 03:47 - 2016-11-12 03:47 - 00028383 _____ C:\Users\Ivo Brož\Documents\formulář-1.xlsm
2016-11-12 03:15 - 2016-11-12 03:15 - 00044032 _____ C:\Users\Ivo Brož\Documents\indikator_pro_Koju.xls
2016-11-12 03:06 - 2016-11-12 03:06 - 00129024 _____ C:\Users\Ivo Brož\Documents\excel_prvky.xls
2016-11-11 12:52 - 2016-11-11 12:53 - 00011077 _____ C:\Users\Ivo Brož\Documents\Test - třídění.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 15:03 - 2016-10-30 10:53 - 00000000 ____D C:\Users\Ivo Brož\.rainlendar2
2016-12-11 14:58 - 2015-12-09 17:18 - 00000000 ____D C:\Users\Ivo Brož\AppData\Roaming\uTorrent
2016-12-11 14:24 - 2015-12-07 20:47 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-11 14:22 - 2016-07-28 21:17 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-11 14:21 - 2015-12-16 03:11 - 00000000 ___RD C:\Users\Ivo Brož\Disk Google
2016-12-11 14:21 - 2015-12-09 15:48 - 00000000 ___RD C:\Users\Ivo Brož\Dropbox
2016-12-11 14:20 - 2016-11-05 09:02 - 00000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-11 14:18 - 2016-11-05 09:02 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-11 14:18 - 2016-07-28 21:17 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-11 14:18 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-11 14:18 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-11 14:18 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-11 12:15 - 2015-12-03 10:46 - 00000680 _____ C:\Users\Ivo Brož\AppData\Local\d3d9caps.dat
2016-12-11 12:12 - 2015-12-03 15:08 - 00002871 _____ C:\Windows\bthservsdp.dat
2016-12-11 12:12 - 2006-11-02 14:01 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-11 11:04 - 2016-01-21 12:38 - 00000000 ____D C:\ProgramData\Oracle
2016-12-11 11:01 - 2016-02-23 20:58 - 00269888 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-12-11 11:01 - 2016-01-21 12:38 - 00000000 ____D C:\Program Files\Java
2016-12-09 20:23 - 2016-02-24 21:04 - 00000000 ____D C:\Users\Ivo Brož\AppData\Local\CrashDumps
2016-12-09 05:05 - 2016-09-24 10:07 - 00000647 _____ C:\Users\Ivo Brož\Documents\Winstep.lnk
2016-12-09 05:05 - 2016-09-24 10:07 - 00000000 ____D C:\Users\Public\Documents\Winstep
2016-12-09 05:05 - 2016-09-24 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winstep
2016-12-09 05:05 - 2016-09-24 10:07 - 00000000 ____D C:\Program Files\Winstep
2016-12-03 12:24 - 2016-11-09 14:19 - 00000000 ____D C:\Users\Ivo Brož\Desktop\Roztřídit
2016-12-02 17:23 - 2015-12-10 22:50 - 00000132 _____ C:\Users\Ivo Brož\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2016-12-02 10:43 - 2015-12-07 14:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-02 09:50 - 2015-12-16 03:08 - 00000000 ____D C:\Users\Ivo Brož\AppData\Local\Google
2016-12-01 22:25 - 2015-12-09 15:43 - 00000000 ____D C:\Program Files\Dropbox
2016-12-01 22:24 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-12-01 01:41 - 2016-01-22 18:41 - 00000000 ____D C:\Users\Ivo Brož\AppData\Roaming\AIMP3
2016-12-01 01:39 - 2016-07-15 20:43 - 00000811 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-30 18:46 - 2015-12-03 10:46 - 00000000 ____D C:\Users\Ivo Brož
2016-11-30 06:05 - 2016-01-29 18:15 - 00000000 ____D C:\Users\Ivo Brož\AppData\Local\MEGAsync
2016-11-17 21:20 - 2016-11-09 01:19 - 00071680 _____ C:\Users\Ivo Brož\Documents\Výdaje.xls
2016-11-15 13:17 - 2008-04-17 13:36 - 00644548 _____ C:\Windows\system32\perfh005.dat
2016-11-15 13:17 - 2008-04-17 13:36 - 00137186 _____ C:\Windows\system32\perfc005.dat
2016-11-15 13:17 - 2006-11-02 11:33 - 01530430 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-12-10 22:50 - 2016-12-02 17:23 - 0000132 _____ () C:\Users\Ivo Brož\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2015-12-10 19:20 - 2015-12-10 19:20 - 0023888 _____ () C:\Users\Ivo Brož\AppData\Roaming\UserTile.png
2015-12-03 10:46 - 2016-12-11 12:15 - 0000680 _____ () C:\Users\Ivo Brož\AppData\Local\d3d9caps.dat
2015-12-04 03:15 - 2016-02-20 07:36 - 0109160 _____ () C:\ProgramData\nvModes.001
2015-12-04 03:15 - 2016-02-20 07:36 - 0109160 _____ () C:\ProgramData\nvModes.dat

Some files in TEMP:
====================
C:\Users\Ivo Brož\AppData\Local\Temp\libeay32.dll
C:\Users\Ivo Brož\AppData\Local\Temp\msvcr120.dll
C:\Users\Ivo Brož\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-11 14:27

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\MountPoints2: {e9e3f691-99c8-11e5-85a1-002243c6c20d} - E:\sources\SetupError.exe x64
ShortcutTarget: USB Multi-Channel Audio Device – zástupce.lnk -> (No File)
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Ivo Brož\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Zatím nepoznám, zda jsme byli úspěšní - jakmile se mi reklamní panel otevře a já ho zavřu, tak pak to nějakou hodinku nezlobí - vždy až po nějaké časové prodlevě


Fix result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016
Ran by Ivo Brož (11-12-2016 16:02:29) Run:1
Running from C:\Users\Ivo Brož\Desktop
Loaded Profiles: Ivo Brož (Available Profiles: Ivo Brož)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-698314851-3235763532-1396065412-1000\...\MountPoints2: {e9e3f691-99c8-11e5-85a1-002243c6c20d} - E:\sources\SetupError.exe x64
ShortcutTarget: USB Multi-Channel Audio Device – zástupce.lnk -> (No File)
GroupPolicy: Restriction - Windows Defender <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Ivo Brož\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
"HKU\S-1-5-21-698314851-3235763532-1396065412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9e3f691-99c8-11e5-85a1-002243c6c20d}" => key removed successfully.
HKCR\CLSID\{e9e3f691-99c8-11e5-85a1-002243c6c20d} => key not found.
ShortcutTarget: USB Multi-Channel Audio Device – zástupce.lnk -> (No File) => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully

"C:\Users\Ivo Brož\AppData\Local\Temp" folder move:

Could not move "C:\Users\Ivo Brož\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12948752 B
Java, Flash, Steam htmlcache => 1984 B
Windows/system/drivers => 2554254 B
Edge => 0 B
Chrome => 0 B
Firefox => 387362170 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82733 B
LocalService => 0 B
NetworkService => 134675888 B
Ivo Brož => 118764624 B

RecycleBin => 1199523234 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-12-2016 16:05:32)

C:\Users\Ivo Brož\AppData\Local\Temp => moved successfully

==== End of Fixlog 16:05:39 ====

Smazáno. Nastala nějaká změna?

Ještě stále se to projevuje

Udělejte tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

FF se zatím tváří, že došlo k odstranění problému, ale neumím říct, zda je to o prodlevě nebo opravdu o odstranění hajzlíka (ve smyslu poznámky v příspěvku v 4:16 pm)



ZOEK

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Ivo Bro§ on ne 11.12.2016 at 17:29:21.09.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\IVOBRO~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11.12.2016 17:30:19 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\GRETECH deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaultenginename", "Yahoo®");
user_pref("browser.search.selectedEngine", "Yahoo®");

Added to C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\prefs.js:

Deleted from C:\Users\IVOBRO~1\AppData\Roaming\Thunderbird\Profiles\c7ccurqu.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\IVOBRO~1\AppData\Roaming\Thunderbird\Profiles\c7ccurqu.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_11.12.2016_1743_.backup

ProfilePath: C:\Users\IVOBRO~1\AppData\Roaming\Thunderbird\Profiles\c7ccurqu.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_11.12.2016_1743_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\GRETECH not found
C:\found.000 deleted
C:\PROGRA~2\Kingsoft deleted
C:\Windows\system32\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\Windows\system32\GroupPolicy\Adm deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\jetpack deleted
C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\extensions\artur.dubovoy@gmail.com deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\IVOBRO~1\AppData\Roaming\Thunderbird\Profiles\c7ccurqu.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [07.12.2015 08:11]

==== Firefox Extensions ======================

ProfilePath: C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default
- Undetermined - C:\Users\Ivo BroĹľ\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\extensions\{9533f794-00b4-4354-aa15-c2bbda6989f8}
- Facefont - %ProfilePath%\extensions\facefont@mc.com
- FireTray - %ProfilePath%\extensions\{9533f794-00b4-4354-aa15-c2bbda6989f8}
- FaviconizeTab - %ProfilePath%\extensions\faviconizetab@espion.just-size.jp.xpi
- IdentFavIcon - %ProfilePath%\extensions\identfavicon@david.hanak.hu.xpi
- Undetermined - %ProfilePath%\extensions\jid0-3w5IeNyk2A0kYZWgtBwRAxwtyTo@jetpack.xpi
- Pin It button - %ProfilePath%\extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi
- Print Edit - %ProfilePath%\extensions\printedit@DW-dev.xpi
- Save as PDF - %ProfilePath%\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
- pdfit - %ProfilePath%\extensions\service@touchpdf.com.xpi
- FxIF - %ProfilePath%\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi
- SaveLink - %ProfilePath%\extensions\{BAFDF624-6BFC-4179-BE0A-925BC15ECFBA}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
- Web2PDF - %ProfilePath%\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi

ProfilePath: C:\Users\IVOBRO~1\AppData\Roaming\Thunderbird\Profiles\c7ccurqu.default
- Undetermined - C:\Users\Ivo BroĹľ\AppData\Roaming\Thunderbird\Profiles\c7ccurqu.default\extensions\{9533f794-00b4-4354-aa15-c2bbda6989f8}
- Undetermined - C:\Users\Ivo BroĹľ\AppData\Roaming\Thunderbird\Profiles\c7ccurqu.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- FireTray - %ProfilePath%\extensions\{9533f794-00b4-4354-aa15-c2bbda6989f8}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Color Folders - %ProfilePath%\extensions\colorfolders@fisheater.com.xpi
- Send Filter - %ProfilePath%\extensions\sendfilter@xzer.net.xpi
- Undetermined - %ProfilePath%\extensions\{9c21158b-2c76-4d0a-980a-c51fc9cefaa7}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID= ... 1B90716F95"
"Default_Page_URL"="http://www.asus.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.asus.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkID= ... 1B90716F95"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Users\IVOBRO~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\IVOBRO~1\AppData\Local\Mozilla\Firefox\Profiles\rxbgig8q.default\cache2 emptied successfully
C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\storage\default\https+++plus.google.com\cache emptied successfully
C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\storage\default\https+++www.bhphotovideo.com\cache emptied successfully
C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\storage\default\https+++www.dropbox.com\cache emptied successfully
C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\storage\default\https+++www.kupi.cz\cache emptied successfully
C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\storage\default\https+++www.letemsvetemapplem.eu\cache emptied successfully
C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\storage\default\https+++www.pinterest.com\cache emptied successfully
C:\Users\IVOBRO~1\AppData\Roaming\Mozilla\Firefox\Profiles\rxbgig8q.default\storage\default\https+++www.svetandroida.cz\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=155 folders=26 31323622 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\IVOBRO~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\IVOBRO~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\IVOBRO~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ne 11.12.2016 at 18:00:53.77 ======================



JRT

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows Vista (TM) Business x86
Ran by Ivo Bro§ (Administrator) on ne 11.12.2016 at 18:28:17.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10

Successfully deleted: C:\Windows\System32\wscm32.dll (File)
Successfully deleted: C:\Windows\System32\wscm64.dll (File)
Successfully deleted: C:\Users\Ivo Bro§\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBLZTKVR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ivo Bro§\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0RGQ3XY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ivo Bro§\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHTZQHR1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Ivo Bro§\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUAB95D5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBLZTKVR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0RGQ3XY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHTZQHR1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUAB95D5 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 11.12.2016 at 18:30:57.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK. Necháme tu otevřeno a až si budete jist, že je to OK, dejte vědět.

Ty poslední dva skeny mi udělali s FF dost brutální "paseku" - trochu jsem se zapotil při jeho znovu-nastavení ale nyní už je to OK.

Takže Rudy, děkuji za pomoc, přeji příjemné svátky a máš u mě pár "Plzní" (nebo žeby "Radegastů" )

Ivošisko píše:Ty poslední dva skeny mi udělali s FF dost brutální "paseku" - trochu jsem se zapotil při jeho znovu-nastavení ale nyní už je to OK.

Takže Rudy, děkuji za pomoc, přeji příjemné svátky a máš u mě pár "Plzní" (nebo žeby "Radegastů" )

Používám je, až když není jiného zbytí. Jsem rád, že to funguje a nemáte zač! Hezké svátky a šťastný nový rok. Vychlazeným Radegastem určitě nepohrdnu, ale Plzeň je Plzeň.