podezření na infekci malwarem

[wireman]

Prosím o kontrolu logu z FRST, děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by tekilla2 (administrator) on tekilla2-PC (15-12-2016 19:44:53)
Running from C:\Users\tekilla2\Desktop
Loaded Profiles: tekilla2 (Available Profiles: tekilla2)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Qualcomm) C:\Program Files (x86)\Wireless Docking\DockingService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Egis Technology Inc. ) C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\tekilla2\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16472832 2016-03-21] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe [854776 2016-03-01] (Qualcomm Atheros)
HKLM\...\Run: [Acer MotionProtect Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Token.exe [211608 2014-02-13] (STMicroelectronics)
HKLM\...\Run: [AgStdAlo] => C:\Program Files\Acer\Acer Office Manager Agent\AgStdAlo.exe [112872 2014-12-25] ()
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1847552 2015-02-03] (Acer Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2016-01-21] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-25] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134904 2016-03-01] (Qualcomm Atheros)
HKU\S-1-5-21-2330565857-125836013-1849028338-1001\...\Run: [Ubjjmedia] => regsvr32.exe C:\Users\tekilla2\AppData\Local\Ubjjmedia\sjvzyrgl.dll <===== ATTENTION
HKU\S-1-5-21-2330565857-125836013-1849028338-1001\...\Run: [Ezgltion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\tekilla2\AppData\Local\Epqtion\kdcmogfs.dll
HKU\S-1-5-21-2330565857-125836013-1849028338-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\Acer ProShield\EgisPwdFilter.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{EDB1BDD3-405C-4ACA-83A7-52F7FD4A3C95}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-2330565857-125836013-1849028338-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2330565857-125836013-1849028338-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-14] (Microsoft Corporation)
BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files\Acer ProShield\EgisPBIE.dll [2016-03-29] (Egis Technology Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-12-14] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-14] (Microsoft Corporation)
BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files\Acer ProShield\x86\EgisPBIE.dll [2016-03-29] (Egis Technology Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-14] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\tekilla2\AppData\Roaming\Mozilla\Firefox\Profiles\e5rvt1a2.default-1481701991076 [2016-12-15]
FF Homepage: Mozilla\Firefox\Profiles\e5rvt1a2.default-1481701991076 -> hxxp://www.seznam.cz/
FF Extension: (AdBlock for Firefox) - C:\Users\tekilla2\AppData\Roaming\Mozilla\Firefox\Profiles\e5rvt1a2.default-1481701991076\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2016-12-15]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files\Acer ProShield\FFExt
FF Extension: ( Online Accounts Extension ) - C:\Program Files\Acer ProShield\FFExt [2016-09-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files\Acer ProShield\FFExt20
FF Extension: ( Online Accounts Extension ) - C:\Program Files\Acer ProShield\FFExt20 [2016-09-18] [not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-14] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ladimmjldcgbeamniagencjbodhnmgen] - C:\Program Files\Acer ProShield\ChromeEx\EgisPBChromeExt.crx [2016-03-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AgSvc; C:\Program Files\Acer\Acer Office Manager Agent\AgSvc.exe [170216 2014-12-25] ()
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [324856 2016-03-01] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3019968 2016-12-04] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11127016 2016-02-12] (DisplayLink Corp.)
R2 DockingService; C:\Program Files (x86)\Wireless Docking\DockingService.exe [35840 2016-05-22] (Qualcomm) [File not signed]
R3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [197600 2016-03-29] (Egis Technology Inc. )
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2780160 2016-12-14] (ESET)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [354936 2016-03-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 IntelSSTSvc; C:\Windows\system32\IntelSSTAPO\ParameterService\ParameterService.exe [25928 2015-12-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2016-01-21] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [482560 2014-12-15] (Acer Incorporate)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-03-21] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [252008 2016-05-06] (Synaptics Incorporated)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-03-21] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [78488 2016-02-25] (Qualcomm Atheros)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2015-08-13] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263296 2016-12-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197288 2016-06-28] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153248 2016-12-14] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208552 2016-06-28] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61608 2016-06-28] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-06-28] (ESET)
R0 FPWinIo; C:\Windows\System32\DRIVERS\FPWinIo.sys [23000 2014-10-08] (Egis Technology Inc.)
R3 iaLPSS2_GPIO2; C:\Windows\System32\DRIVERS\iaLPSS2_GPIO2.sys [91944 2015-06-02] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180264 2015-12-25] (Intel Corporation)
R3 qca11adx; C:\Windows\System32\DRIVERS\qca11adx.sys [189272 2016-05-24] ()
R3 Qcamain; C:\Windows\System32\DRIVERS\Qcamain7x64.sys [2343960 2016-02-25] (Qualcomm Atheros, Inc.)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [302808 2015-08-07] (Realtek Semiconductor Corp.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [101040 2015-05-21] (STMicroelectronics)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [335024 2016-06-20] (silex technology, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-15 19:44 - 2016-12-15 19:45 - 00013668 _____ C:\Users\tekilla2\Desktop\FRST.txt
2016-12-15 19:44 - 2016-12-15 19:44 - 00000000 ____D C:\FRST
2016-12-15 19:43 - 2016-12-15 19:43 - 00112640 _____ (forum.viry.cz) C:\Users\tekilla2\Desktop\FRSTLauncher.exe
2016-12-15 19:42 - 2016-12-15 19:42 - 02420224 _____ (Farbar) C:\Users\tekilla2\Desktop\FRST64.exe
2016-12-15 19:38 - 2016-12-15 19:38 - 00003542 _____ C:\Users\tekilla2\Desktop\JRT.txt
2016-12-15 19:37 - 2016-12-15 19:37 - 01663040 _____ (Malwarebytes) C:\Users\tekilla2\Downloads\JRT.exe
2016-12-15 19:33 - 2016-12-15 19:33 - 00000000 ___RD C:\Users\tekilla2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-12-15 19:28 - 2016-12-15 19:28 - 03968464 _____ C:\Users\tekilla2\Downloads\AdwCleaner.exe
2016-12-15 18:51 - 2016-12-15 18:51 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-12-15 18:51 - 2016-12-15 18:51 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-15 18:51 - 2016-12-15 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-15 18:51 - 2016-12-15 18:51 - 00000000 ____D C:\Program Files\CCleaner
2016-12-15 18:50 - 2016-12-15 18:50 - 08803648 _____ (Piriform Ltd) C:\Users\tekilla2\Downloads\ccsetup525.exe
2016-12-15 18:33 - 2016-12-15 18:34 - 00000000 _____ C:\Windows\system32\regsvr32
2016-12-14 11:54 - 2016-12-14 11:54 - 00153248 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2016-12-14 11:45 - 2016-12-14 11:45 - 00000000 ____D C:\Users\tekilla2\AppData\Local\ESET
2016-12-14 11:44 - 2016-12-14 11:44 - 00002031 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2016-12-14 11:44 - 2016-12-14 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-12-14 11:44 - 2016-12-14 11:44 - 00000000 ____D C:\ProgramData\ESET
2016-12-14 11:44 - 2016-12-14 11:44 - 00000000 ____D C:\Program Files\ESET
2016-12-14 11:39 - 2016-12-14 11:39 - 00000000 ____D C:\ProgramData\Acer_ProDock
2016-12-14 10:55 - 2016-12-14 10:56 - 20878730 _____ C:\Users\tekilla2\Downloads\lj1010serieshb-vista64.zip
2016-12-14 10:55 - 2016-12-14 10:55 - 01544192 _____ C:\Users\tekilla2\Downloads\Dot4x64.msi
2016-12-14 10:48 - 2016-12-14 10:50 - 109105312 _____ (ESET) C:\Users\tekilla2\Downloads\ess_nt64_csy.exe
2016-12-14 10:44 - 2016-12-14 10:44 - 00000000 ____D C:\Users\tekilla2\Documents\Vlastní šablony Office
2016-12-14 09:46 - 2016-12-14 09:46 - 00000000 ___RD C:\Users\tekilla2\OneDrive
2016-12-14 09:45 - 2016-12-14 09:45 - 00000000 ___HT C:\Windows\wusa.lock
2016-12-14 09:45 - 2016-12-14 09:45 - 00000000 ____D C:\a70fe4fd4952bc5aa4aeafa4f1568702
2016-12-14 09:38 - 2016-12-14 09:38 - 00000000 ____D C:\Users\tekilla2\AppData\Roaming\CareCenter
2016-12-14 09:36 - 2016-12-14 09:36 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-12-14 09:36 - 2016-12-14 09:36 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-12-14 09:36 - 2016-12-14 09:36 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-12-14 09:36 - 2016-12-14 09:36 - 00002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-12-14 09:36 - 2016-12-14 09:36 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-12-14 09:36 - 2016-12-14 09:36 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-12-14 09:36 - 2016-12-14 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office 2016
2016-12-14 09:35 - 2016-12-14 09:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-14 09:30 - 2016-12-15 07:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-14 09:30 - 2016-12-14 09:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-12-14 09:30 - 2016-12-14 09:30 - 00000000 _____ C:\Windows\SysWOW64\wsmand.log.lock
2016-12-14 09:16 - 2016-12-14 09:16 - 04256348 _____ C:\Users\tekilla2\Downloads\MOffi20132016Install.rar
2016-12-14 08:45 - 2016-12-15 19:31 - 00000000 ____D C:\AdwCleaner
2016-12-14 08:45 - 2016-12-14 08:45 - 03968464 _____ C:\Users\tekilla2\Downloads\adwcleaner_6.040.exe
2016-12-14 08:31 - 2016-12-14 08:31 - 00000000 ____D C:\Users\tekilla2\AppData\Local\Ubjjmedia
2016-12-14 08:30 - 2016-12-15 07:29 - 00000000 ___HD C:\ProgramData\41754_43356-83926
2016-12-14 08:30 - 2016-12-15 07:16 - 00016732 _____ C:\Windows\System32\Tasks\41754_43356-83926
2016-12-14 08:30 - 2016-12-14 11:50 - 00000000 ____D C:\Users\tekilla2\AppData\Local\Epqtion
2016-12-14 08:29 - 2016-12-14 08:29 - 07310848 _____ C:\Users\tekilla2\AppData\Roaming\agent.dat
2016-12-14 08:29 - 2016-12-14 08:29 - 01907237 _____ C:\Users\tekilla2\AppData\Roaming\Kaycof.tst
2016-12-14 08:29 - 2016-12-14 08:29 - 00126464 _____ C:\Users\tekilla2\AppData\Roaming\noah.dat
2016-12-14 08:29 - 2016-12-14 08:29 - 00070704 _____ C:\Users\tekilla2\AppData\Roaming\Config.xml
2016-12-14 08:29 - 2016-12-14 08:29 - 00018432 _____ C:\Users\tekilla2\AppData\Roaming\Main.dat
2016-12-14 08:29 - 2016-12-14 08:29 - 00005568 _____ C:\Users\tekilla2\AppData\Roaming\md.xml
2016-12-14 08:28 - 2016-12-14 08:29 - 00019104 _____ C:\Users\tekilla2\AppData\Roaming\InstallationConfiguration.xml
2016-12-14 08:28 - 2016-12-14 08:28 - 00140288 _____ C:\Users\tekilla2\AppData\Roaming\Installer.dat
2016-12-14 08:27 - 2016-12-14 08:27 - 00000000 ____D C:\Users\tekilla2\AppData\Roaming\WinRAR
2016-12-14 08:27 - 2016-12-14 08:27 - 00000000 ____D C:\Users\tekilla2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-14 08:27 - 2016-12-14 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-14 08:27 - 2016-12-14 08:27 - 00000000 ____D C:\Program Files\WinRAR
2016-12-14 08:25 - 2016-12-14 08:25 - 00000000 ____D C:\Users\tekilla2\Documents\transit
2016-12-14 08:25 - 2016-12-14 08:25 - 00000000 ____D C:\Users\tekilla2\Documents\skeny
2016-12-14 08:25 - 2016-12-14 08:25 - 00000000 ____D C:\Users\tekilla2\Documents\revize zaloha
2016-12-14 08:25 - 2016-12-14 08:25 - 00000000 ____D C:\Users\tekilla2\Documents\fotky elektro
2016-12-14 08:24 - 2016-12-14 10:45 - 00000000 ____D C:\Users\tekilla2\Documents\nabídky
2016-12-14 08:24 - 2016-12-14 08:25 - 00000000 ____D C:\Users\tekilla2\Documents\revize
2016-12-14 08:24 - 2016-12-14 08:24 - 00000000 ____D C:\Users\tekilla2\Documents\odemčení pdf
2016-12-14 08:24 - 2016-12-14 08:24 - 00000000 ____D C:\Users\tekilla2\Documents\ivt
2016-12-13 16:34 - 2016-12-14 08:50 - 00000000 ____D C:\Users\tekilla2\AppData\Local\CareCenter
2016-12-13 16:33 - 2016-12-13 16:33 - 00000000 ____D C:\Users\tekilla2\Documents\Bluetooth Folder
2016-12-13 16:33 - 2016-12-13 16:33 - 00000000 ____D C:\Users\tekilla2\AppData\Local\BMExplorer
2016-12-13 16:32 - 2016-12-15 19:31 - 00000979 _____ C:\Users\tekilla2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-13 16:32 - 2016-12-13 16:32 - 00000000 ____D C:\Users\tekilla2\AppData\Roaming\Macromedia
2016-12-13 16:32 - 2016-12-13 16:32 - 00000000 ____D C:\Users\tekilla2\AppData\Roaming\Atheros
2016-12-13 16:32 - 2016-12-13 16:32 - 00000000 ____D C:\Users\tekilla2\AppData\Roaming\Adobe
2016-12-13 16:32 - 2016-12-13 16:32 - 00000000 ____D C:\Users\tekilla2\AppData\Local\VirtualStore
2016-12-13 16:30 - 2016-12-15 19:33 - 00000000 __SHD C:\Users\tekilla2\IntelGraphicsProfiles
2016-12-13 16:30 - 2016-12-14 09:46 - 00002196 _____ C:\Users\tekilla2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-12-13 16:30 - 2016-12-14 09:46 - 00000000 ____D C:\Users\tekilla2
2016-12-13 16:30 - 2016-12-13 16:30 - 00111056 _____ C:\Users\tekilla2\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-13 16:30 - 2016-12-13 16:30 - 00000020 ___SH C:\Users\tekilla2\ntuser.ini
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Šablony
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Soubory cookie
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Poslední
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Okolní tiskárny
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Okolní síť
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Nabídka Start
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Dokumenty
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Documents\Obrázky
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Documents\Hudba
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Documents\Filmy
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\Data aplikací
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 _SHDL C:\Users\tekilla2\AppData\Local\Data aplikací
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 ____D C:\Users\tekilla2\AppData\Roaming\Synaptics
2016-12-13 16:30 - 2016-12-13 16:30 - 00000000 ____D C:\Users\tekilla2\AppData\Local\EgisTec IPS
2016-12-13 16:30 - 2010-11-21 08:16 - 00000000 ____D C:\Users\tekilla2\AppData\Roaming\Media Center Programs
2016-12-13 10:44 - 2016-12-13 10:44 - 00000000 ____D C:\Users\tekilla2\AppData\Local\EgisTec
2016-12-13 10:42 - 2016-12-15 19:39 - 00000000 ____D C:\Users\tekilla2\AppData\LocalLow\Mozilla
2016-12-13 10:42 - 2016-12-15 19:31 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-13 10:42 - 2016-12-14 09:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-13 10:42 - 2016-12-14 09:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-13 10:42 - 2016-12-14 08:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-13 10:42 - 2016-12-13 10:52 - 00000000 ____D C:\Users\tekilla2\AppData\Local\Mozilla
2016-12-13 10:42 - 2016-12-13 10:42 - 00000000 ____D C:\Users\tekilla2\AppData\Roaming\Mozilla

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-15 19:40 - 2009-07-14 05:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-15 19:40 - 2009-07-14 05:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-15 19:36 - 2016-09-18 19:28 - 00668376 _____ C:\Windows\system32\perfh005.dat
2016-12-15 19:36 - 2016-09-18 19:28 - 00141004 _____ C:\Windows\system32\perfc005.dat
2016-12-15 19:36 - 2009-07-14 06:13 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-15 19:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-15 19:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-15 19:09 - 2016-09-18 22:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-15 18:53 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2016-12-15 07:16 - 2009-07-14 05:45 - 00433040 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-14 11:54 - 2016-06-28 17:30 - 00263296 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-12-14 09:35 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-12-14 01:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-12-13 16:34 - 2016-09-18 19:40 - 00000000 ___SD C:\Windows\system32\GWX
2016-12-13 16:33 - 2016-09-18 21:59 - 00000000 ____D C:\ProgramData\OEM
2016-12-13 16:33 - 2016-09-18 21:15 - 00000000 ____D C:\ProgramData\Atheros
2016-12-13 16:33 - 2011-02-12 06:23 - 00000000 ____D C:\Windows\DeployWinRE2
2016-12-13 16:33 - 2009-12-30 10:48 - 00000000 ___HD C:\OEM
2016-12-13 16:27 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-13 10:43 - 2016-06-16 10:13 - 00000000 ____D C:\ProgramData\McAfee
2016-12-13 10:40 - 2016-06-16 10:15 - 00000000 ____D C:\Windows\System32\Tasks\McAfee

==================== Files in the root of some directories =======

2016-12-14 08:29 - 2016-12-14 08:29 - 7310848 _____ () C:\Users\tekilla2\AppData\Roaming\agent.dat
2016-12-14 08:29 - 2016-12-14 08:29 - 0070704 _____ () C:\Users\tekilla2\AppData\Roaming\Config.xml
2016-12-14 08:28 - 2016-12-14 08:29 - 0019104 _____ () C:\Users\tekilla2\AppData\Roaming\InstallationConfiguration.xml
2016-12-14 08:28 - 2016-12-14 08:28 - 0140288 _____ () C:\Users\tekilla2\AppData\Roaming\Installer.dat
2016-12-14 08:29 - 2016-12-14 08:29 - 1907237 _____ () C:\Users\tekilla2\AppData\Roaming\Kaycof.tst
2016-12-14 08:29 - 2016-12-14 08:29 - 0018432 _____ () C:\Users\tekilla2\AppData\Roaming\Main.dat
2016-12-14 08:29 - 2016-12-14 08:29 - 0005568 _____ () C:\Users\tekilla2\AppData\Roaming\md.xml
2016-12-14 08:29 - 2016-12-14 08:29 - 0126464 _____ () C:\Users\tekilla2\AppData\Roaming\noah.dat
2016-12-14 08:29 - 2016-12-14 08:29 - 0001150 _____ () C:\Users\tekilla2\AppData\Roaming\uninstall_temp.ico
2016-09-18 21:02 - 2016-09-18 21:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\tekilla2\AppData\Local\Temp\libeay32.dll
C:\Users\tekilla2\AppData\Local\Temp\msvcr120.dll
C:\Users\tekilla2\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-16 09:34

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Acer) (Fixed) (Total:99.12 GB) (Free:44.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:99.12 GB) (Free:99.02 GB) NTFS

Available physical RAM: 5502.12 MB
Total physical RAM: 8049.92 MB
Percentage of memory in use: 31%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 238.5 GB) (Disk ID: 9AAA19D6)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 9.0.401.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.401.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\tekilla2\Desktop" je 2 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[wireman]

adwcleaner nic nenašel, log mi připadá čistý, ale po zapnutí počítače se pokaždé objeví tyto dvě chyby...

[wireman]

pardon zapomněl jsem zkopírovat ten log...

# AdwCleaner v6.040 - Log vytvořen 15/12/2016 v 20:27:57
# Aktualizováno dne 02/12/2016 z Malwarebytes
# Databáze : 2016-12-15.1 [Místní]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : tekilla2 - tekilla2-PC
# Spuštěno z : C:\Users\tekilla2\Downloads\adwcleaner_6.040(1).exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5363 Bajty] - [14/12/2016 08:46:20]
C:\AdwCleaner\AdwCleaner[C2].txt - [3683 Bajty] - [15/12/2016 19:31:15]
C:\AdwCleaner\AdwCleaner[C3].txt - [975 Bajty] - [15/12/2016 20:27:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [5191 Bajty] - [14/12/2016 08:45:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [6200 Bajty] - [15/12/2016 19:29:35]
C:\AdwCleaner\AdwCleaner[S2].txt - [1692 Bajty] - [15/12/2016 20:24:29]
C:\AdwCleaner\AdwCleaner[S3].txt - [1765 Bajty] - [15/12/2016 20:27:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1339 Bajty] ##########

[Rudy]

Jj., to jsou šmejdíky, přesněji řečeno už jen pozůstatky. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-2330565857-125836013-1849028338-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
C:\ProgramData\DP45977C.lfl
C:\Users\tekilla2\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[wireman]

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by tekilla2 (15-12-2016 21:23:34) Run:1
Running from C:\Users\tekilla2\Desktop
Loaded Profiles: tekilla2 (Available Profiles: tekilla2)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-2330565857-125836013-1849028338-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
C:\ProgramData\DP45977C.lfl
C:\Users\tekilla2\AppData\Local\Temp

EmptyTemp:
End
*****************

HKU\S-1-5-21-2330565857-125836013-1849028338-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\tekilla2\AppData\Local\Temp" folder move:

Could not move "C:\Users\tekilla2\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6135028 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 290098709 B
Edge => 0 B
Chrome => 0 B
Firefox => 64207786 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 66088 B
LocalService => 0 B
NetworkService => 0 B
tekilla2 => 5783307 B

RecycleBin => 4955540 B
EmptyTemp: => 362.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-12-2016 21:26:08)

C:\Users\tekilla2\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:26:08 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[wireman]

už po restartu po smazání FRSTem se chybové hlášky neobjevily,takže je to asi OK. Děkuji mnohokrát.

[Rudy]

Rádo se stalo!