VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola FRST logu

https://forum.viry.cz:443/viewtopic.php?t=150877

Stránka 1 z 1

Kontrola FRST logu

Napsal: 16 pro 2016 22:37
od Endru-x
Dobrý den, prosím o kontrolu logu
cca týden mi svchost.exe zatěžuje cpu na 25%. Již delší dobu jsem neaktualizoval Win7 pravidelnými aktualizacemi

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by OK (administrator) on OK-PC (16-12-2016 22:27:34)
Running from C:\Users\OK\Desktop
Loaded Profiles: OK (Available Profiles: OK)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Users\OK\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmW.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
() C:\Program Files (x86)\ESRI\License\arcgis9x\ARCGIS.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\OK\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879264 2015-06-12] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LauncherM200DN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2587056 2012-09-13] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [M200DN RUN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [362928 2012-09-13] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAutoRunM200DN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe [4277680 2012-09-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\OK\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\OK\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d19f54-142c-11e6-a716-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d1a02d-142c-11e6-a716-d4bed97a6f29} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {39c28af6-5bbf-11e5-9efb-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {9a5f6242-c861-11e3-90da-d4bed97a6f29} - F:\AutoRun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} - F:\Startme.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {bd26fea1-5bce-11e5-a013-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {edb1d45c-9758-11e4-8e50-d4bed97a6f29} - F:\autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [HubicBackupRootOverlayHandler] -> {2DF0C6DB-1E85-4894-9D4F-63CB0EAB17EA} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\OK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0CD86CF3-0731-4622-94A0-61643C7E7232}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{6F27A656-B3C0-4291-9D6B-45BF6A3A8319}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B40E6728-1BED-4D74-98BE-0E0FC1363BDF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C757C2EE-8B36-481F-9C05-5A5B9EC29591}: [NameServer] 93.153.117.33 93.153.117.1

Internet Explorer:
==================
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580811761-2930735587-3654941813-1000 -> {D928159A-287C-492F-AA0C-4E13E2ECDE4B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default [2016-12-16]
FF Homepage: Mozilla\Firefox\Profiles\46vdldxe.default -> http://www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ftp", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.socks", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ssl", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ftp", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> http", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> socks", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ssl", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> type", 0
FF Extension: (Adblock Plus) - C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Seznam lištička) - C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-12-06]
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1580811761-2930735587-3654941813-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., Ltd.)
R2 ArcGIS License Manager; C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe [1431440 2013-01-30] (Acresso Software Inc.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-12-01] (Broadcom Corporation) [File not signed]
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1246112 2015-06-03] (Intel® Corporation)
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-12-10] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-06-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 SENADB; C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [137648 2012-09-13] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-11-25] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-09] () [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2014-01-19] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-09-15] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-12-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-12-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-12-10] (ESET)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [32768 2010-10-08] (Huawei Tech. Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-09-30] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-08-04] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2015-09-15] (Duplex Secure Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
U3 al2uaci6; C:\Windows\System32\Drivers\al2uaci6.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-16 22:27 - 2016-12-16 22:28 - 00028091 _____ C:\Users\OK\Desktop\FRST.txt
2016-12-16 22:27 - 2016-12-16 22:27 - 00000000 ____D C:\FRST
2016-12-16 22:25 - 2016-12-16 22:26 - 00112640 _____ (forum.viry.cz) C:\Users\OK\Desktop\FRSTLauncher.exe
2016-12-16 22:25 - 2016-12-16 22:25 - 02420224 _____ (Farbar) C:\Users\OK\Desktop\FRST64.exe
2016-12-16 08:09 - 2016-12-16 08:09 - 00000000 ___HT C:\Windows\wusa.lock
2016-12-16 08:09 - 2016-12-16 08:09 - 00000000 ____D C:\10db5ab6dfac70bf62
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\Users\OK\AppData\Roaming\Jpeg Resampler
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jpeg Resampler 2010
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\Program Files (x86)\JpegResampler2010
2016-12-08 20:25 - 2016-12-08 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-12-06 08:08 - 2016-12-16 07:43 - 00000000 ____D C:\Users\OK\AppData\Roaming\Seznam.cz
2016-12-06 08:08 - 2016-12-06 08:08 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-12-06 08:07 - 2016-12-06 08:07 - 00001094 _____ C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
2016-12-06 08:07 - 2016-12-06 08:07 - 00001064 _____ C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\Users\OK\Documents\My PDFill
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\ProgramData\PlotSoft
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-11-27 20:12 - 2016-12-13 05:45 - 00000000 ____D C:\Users\OK\AppData\Roaming\hubiC
2016-11-27 20:11 - 2016-11-27 20:11 - 00000973 _____ C:\Users\Public\Desktop\hubiC.lnk
2016-11-27 20:11 - 2016-11-27 20:11 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hubiC.lnk
2016-11-27 20:11 - 2016-11-27 20:11 - 00000000 ____D C:\Program Files\OVH
2016-11-24 06:00 - 2016-12-03 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-11-22 15:07 - 2016-11-22 15:07 - 11556027 _____ C:\Users\OK\Desktop\TL-WR740N_V6_EasySetupAssistant.zip
2016-11-22 15:07 - 2016-11-22 15:07 - 00000000 ____D C:\Users\OK\Desktop\TL-WR740N_V6_EasySetupAssistant

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-16 22:19 - 2016-11-15 20:42 - 00000000 ____D C:\Users\OK\AppData\LocalLow\Mozilla
2016-12-16 22:14 - 2012-11-03 07:51 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-16 08:01 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-16 08:01 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-16 07:47 - 2016-10-06 18:53 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-16 07:39 - 2015-01-20 19:16 - 00000000 __SHD C:\Users\OK\IntelGraphicsProfiles
2016-12-16 07:39 - 2014-09-23 05:04 - 00002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2016-12-16 07:39 - 2014-06-17 20:10 - 00078848 _____ C:\Windows\KMSEmulator.exe
2016-12-16 07:39 - 2014-06-17 20:10 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2016-12-16 07:39 - 2014-06-17 20:10 - 00000194 _____ C:\Windows\Tasks\AutoKMS.job
2016-12-16 07:37 - 2016-11-15 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 07:37 - 2013-01-13 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-16 07:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-14 07:14 - 2012-11-03 07:51 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 07:14 - 2012-11-03 07:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 07:14 - 2012-11-03 07:51 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 07:14 - 2012-11-03 07:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 07:14 - 2012-11-03 07:51 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 07:09 - 2014-09-21 09:01 - 00000000 ____D C:\Users\OK\AppData\Local\ElevatedDiagnostics
2016-12-11 13:20 - 2012-11-03 08:17 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-12-10 08:32 - 2010-11-21 10:27 - 00670170 _____ C:\Windows\system32\perfh005.dat
2016-12-10 08:32 - 2010-11-21 10:27 - 00142296 _____ C:\Windows\system32\perfc005.dat
2016-12-10 08:32 - 2009-07-14 06:13 - 01588048 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-10 08:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-10 08:27 - 2015-07-14 14:29 - 00262792 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-12-10 08:27 - 2015-07-14 14:29 - 00197248 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-12-10 08:27 - 2015-07-14 14:29 - 00181384 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2016-12-08 20:22 - 2013-11-06 18:12 - 00003806 _____ C:\Windows\SysWOW64\CommonSetting.ini
2016-12-08 20:22 - 2013-11-06 18:12 - 00003806 _____ C:\Windows\CommonSetting.ini
2016-12-08 05:46 - 2009-07-14 05:45 - 00476912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-07 05:56 - 2012-11-13 17:27 - 00150336 _____ C:\Users\OK\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-04 18:38 - 2012-12-01 19:50 - 00000000 ____D C:\Users\SHARE
2016-11-30 06:39 - 2013-01-20 10:57 - 00000000 ____D C:\Users\OK\KBCertifikat
2016-11-27 20:11 - 2014-03-19 06:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-22 19:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-22 18:43 - 2016-11-11 07:08 - 00000442 _____ C:\Users\OK\Desktop\Router Settings.txt
2016-11-20 13:43 - 2012-11-13 17:27 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-11-17 11:25 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======

2015-01-13 16:42 - 2015-01-13 16:38 - 0524288 _____ (Simon Tatham) C:\Program Files (x86)\putty.exe
2012-12-14 19:58 - 2014-05-08 22:48 - 0006144 _____ () C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-14 18:06 - 2016-09-14 18:06 - 0004096 ____H () C:\Users\OK\AppData\Local\keyfile3.drm
2015-01-13 16:48 - 2015-01-13 16:48 - 0000600 _____ () C:\Users\OK\AppData\Local\PUTTY.RND
2013-01-22 20:02 - 2013-01-22 20:02 - 10485760 _____ () C:\ProgramData\WV5DataStore

Some files in TEMP:
====================
C:\Users\OK\AppData\Local\Temp\AcDeltree.exe
C:\Users\OK\AppData\Local\Temp\akt_prog_stavitel_2014.exe
C:\Users\OK\AppData\Local\Temp\cygiconv-2.dll
C:\Users\OK\AppData\Local\Temp\cygintl-8.dll
C:\Users\OK\AppData\Local\Temp\cygwin1.dll
C:\Users\OK\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\OK\AppData\Local\Temp\Deldevice.dll
C:\Users\OK\AppData\Local\Temp\esri32.exe
C:\Users\OK\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\OK\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\OK\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\OK\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\OK\AppData\Local\Temp\md5sum.exe
C:\Users\OK\AppData\Local\Temp\ResetDevice.exe
C:\Users\OK\AppData\Local\Temp\sfamcc00001.dll
C:\Users\OK\AppData\Local\Temp\sfextra.dll
C:\Users\OK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\OK\AppData\Local\Temp\un29425.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\OK\Desktop" je 55 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive
"C:\Users\OK\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusAutoRunM200DN
"C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON WorkForce AL-M200DN,hide,\S [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TdmNotify
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (OS) (Fixed) (Total:76.13 GB) (Free:3.17 GB) NTFS
Drive d: (Data) (Fixed) (Total:196.77 GB) (Free:154.63 GB) NTFS

Available physical RAM: 1275.28 MB
Total physical RAM: 4000.88 MB
Percentage of memory in use: 68%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 298.1 GB) (Disk ID: FC6B4BA0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=76.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=221.2 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\OK\Desktop" je 55 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive
"C:\Users\OK\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusAutoRunM200DN
"C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON WorkForce AL-M200DN,hide,\S [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TdmNotify
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Kontrola FRST logu

Napsal: 16 pro 2016 22:51
od Endru-x
Log z AdwCleaner

# AdwCleaner v6.041 - Log vytvořen 16/12/2016 v 22:46:16
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-15.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : OK - OK-PC
# Spuštěno z : C:\Users\OK\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1442 Bajty] - [16/12/2016 22:46:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [1909 Bajty] - [16/12/2016 22:45:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1588 Bajty] ##########

Re: Kontrola FRST logu

Napsal: 17 pro 2016 11:20
od Rudy
Zdravím!
Log FRST je již po skenu ADW, nebo před ním? Pokud je před, musíte dát nový log FRST:

Re: Kontrola FRST logu

Napsal: 17 pro 2016 15:33
od Endru-x
Ano bylo to -> nový FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by OK (administrator) on OK-PC (17-12-2016 15:28:54)
Running from C:\Users\OK\Desktop
Loaded Profiles: OK (Available Profiles: OK)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Users\OK\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files (x86)\ESRI\License\arcgis9x\ARCGIS.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(forum.viry.cz) C:\Users\OK\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879264 2015-06-12] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LauncherM200DN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2587056 2012-09-13] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [M200DN RUN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [362928 2012-09-13] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAutoRunM200DN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe [4277680 2012-09-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\OK\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\OK\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d19f54-142c-11e6-a716-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d1a02d-142c-11e6-a716-d4bed97a6f29} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {39c28af6-5bbf-11e5-9efb-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {9a5f6242-c861-11e3-90da-d4bed97a6f29} - F:\AutoRun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} - F:\Startme.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {bd26fea1-5bce-11e5-a013-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {edb1d45c-9758-11e4-8e50-d4bed97a6f29} - F:\autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [HubicBackupRootOverlayHandler] -> {2DF0C6DB-1E85-4894-9D4F-63CB0EAB17EA} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\OK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0CD86CF3-0731-4622-94A0-61643C7E7232}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{6F27A656-B3C0-4291-9D6B-45BF6A3A8319}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B40E6728-1BED-4D74-98BE-0E0FC1363BDF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C757C2EE-8B36-481F-9C05-5A5B9EC29591}: [NameServer] 93.153.117.33 93.153.117.1

Internet Explorer:
==================
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580811761-2930735587-3654941813-1000 -> {D928159A-287C-492F-AA0C-4E13E2ECDE4B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default [2016-12-17]
FF Homepage: Mozilla\Firefox\Profiles\46vdldxe.default -> www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ftp", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.socks", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ssl", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ftp", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> http", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> socks", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ssl", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> type", 0
FF Extension: (Adblock Plus) - C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Seznam lištička) - C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-12-06]
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1580811761-2930735587-3654941813-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., Ltd.)
R2 ArcGIS License Manager; C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe [1431440 2013-01-30] (Acresso Software Inc.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-12-01] (Broadcom Corporation) [File not signed]
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1246112 2015-06-03] (Intel® Corporation)
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-12-10] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-06-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 SENADB; C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [137648 2012-09-13] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-11-25] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-09] () [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2014-01-19] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-09-15] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-12-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-12-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-12-10] (ESET)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [32768 2010-10-08] (Huawei Tech. Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-09-30] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-08-04] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2015-09-15] (Duplex Secure Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
U3 aaevbjd3; C:\Windows\System32\Drivers\aaevbjd3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-17 15:28 - 2016-12-17 15:28 - 00000000 ____D C:\Users\OK\Desktop\FRST-OlderVersion
2016-12-16 22:44 - 2016-12-16 22:46 - 00000000 ____D C:\AdwCleaner
2016-12-16 22:43 - 2016-12-16 22:43 - 03977168 _____ C:\Users\OK\Desktop\adwcleaner_6.041.exe
2016-12-16 22:37 - 2016-12-16 22:37 - 00000498 _____ C:\Users\OK\Desktop\Addition.rar
2016-12-16 22:29 - 2016-12-17 15:29 - 00027977 _____ C:\Users\OK\Desktop\FRST.txt
2016-12-16 22:27 - 2016-12-17 15:28 - 00000000 ____D C:\FRST
2016-12-16 22:25 - 2016-12-17 15:28 - 02420224 _____ (Farbar) C:\Users\OK\Desktop\FRST64.exe
2016-12-16 08:09 - 2016-12-16 08:09 - 00000000 ____D C:\10db5ab6dfac70bf62
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\Users\OK\AppData\Roaming\Jpeg Resampler
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jpeg Resampler 2010
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\Program Files (x86)\JpegResampler2010
2016-12-08 20:25 - 2016-12-08 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-12-06 08:08 - 2016-12-17 14:58 - 00000000 ____D C:\Users\OK\AppData\Roaming\Seznam.cz
2016-12-06 08:08 - 2016-12-06 08:08 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-12-06 08:07 - 2016-12-06 08:07 - 00001094 _____ C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
2016-12-06 08:07 - 2016-12-06 08:07 - 00001064 _____ C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\Users\OK\Documents\My PDFill
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\ProgramData\PlotSoft
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-11-27 20:12 - 2016-12-13 05:45 - 00000000 ____D C:\Users\OK\AppData\Roaming\hubiC
2016-11-27 20:11 - 2016-11-27 20:11 - 00000973 _____ C:\Users\Public\Desktop\hubiC.lnk
2016-11-27 20:11 - 2016-11-27 20:11 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hubiC.lnk
2016-11-27 20:11 - 2016-11-27 20:11 - 00000000 ____D C:\Program Files\OVH
2016-11-24 06:00 - 2016-12-03 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-11-22 15:07 - 2016-11-22 15:07 - 11556027 _____ C:\Users\OK\Desktop\TL-WR740N_V6_EasySetupAssistant.zip
2016-11-22 15:07 - 2016-11-22 15:07 - 00000000 ____D C:\Users\OK\Desktop\TL-WR740N_V6_EasySetupAssistant

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-17 15:14 - 2012-11-03 07:51 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-17 15:11 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-17 15:11 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-17 14:59 - 2016-10-06 18:53 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-17 14:55 - 2016-11-15 20:42 - 00000000 ____D C:\Users\OK\AppData\LocalLow\Mozilla
2016-12-17 14:54 - 2015-01-20 19:16 - 00000000 __SHD C:\Users\OK\IntelGraphicsProfiles
2016-12-17 14:54 - 2014-09-23 05:04 - 00002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2016-12-17 14:54 - 2014-06-17 20:10 - 00078848 _____ C:\Windows\KMSEmulator.exe
2016-12-17 14:54 - 2014-06-17 20:10 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2016-12-17 14:54 - 2014-06-17 20:10 - 00000194 _____ C:\Windows\Tasks\AutoKMS.job
2016-12-17 14:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-17 00:13 - 2009-07-14 06:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-16 07:37 - 2016-11-15 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 07:37 - 2013-01-13 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 07:14 - 2012-11-03 07:51 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 07:14 - 2012-11-03 07:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 07:14 - 2012-11-03 07:51 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 07:14 - 2012-11-03 07:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 07:14 - 2012-11-03 07:51 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 07:09 - 2014-09-21 09:01 - 00000000 ____D C:\Users\OK\AppData\Local\ElevatedDiagnostics
2016-12-11 13:20 - 2012-11-03 08:17 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-12-10 08:32 - 2010-11-21 10:27 - 00670170 _____ C:\Windows\system32\perfh005.dat
2016-12-10 08:32 - 2010-11-21 10:27 - 00142296 _____ C:\Windows\system32\perfc005.dat
2016-12-10 08:32 - 2009-07-14 06:13 - 01588048 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-10 08:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-10 08:27 - 2015-07-14 14:29 - 00262792 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-12-10 08:27 - 2015-07-14 14:29 - 00197248 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-12-10 08:27 - 2015-07-14 14:29 - 00181384 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2016-12-08 20:22 - 2013-11-06 18:12 - 00003806 _____ C:\Windows\SysWOW64\CommonSetting.ini
2016-12-08 20:22 - 2013-11-06 18:12 - 00003806 _____ C:\Windows\CommonSetting.ini
2016-12-08 05:46 - 2009-07-14 05:45 - 00476912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-07 05:56 - 2012-11-13 17:27 - 00150336 _____ C:\Users\OK\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-04 18:38 - 2012-12-01 19:50 - 00000000 ____D C:\Users\SHARE
2016-11-30 06:39 - 2013-01-20 10:57 - 00000000 ____D C:\Users\OK\KBCertifikat
2016-11-27 20:11 - 2014-03-19 06:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-22 19:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-22 18:43 - 2016-11-11 07:08 - 00000442 _____ C:\Users\OK\Desktop\Router Settings.txt
2016-11-20 13:43 - 2012-11-13 17:27 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-11-17 11:25 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======

2015-01-13 16:42 - 2015-01-13 16:38 - 0524288 _____ (Simon Tatham) C:\Program Files (x86)\putty.exe
2012-12-14 19:58 - 2014-05-08 22:48 - 0006144 _____ () C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-14 18:06 - 2016-09-14 18:06 - 0004096 ____H () C:\Users\OK\AppData\Local\keyfile3.drm
2015-01-13 16:48 - 2015-01-13 16:48 - 0000600 _____ () C:\Users\OK\AppData\Local\PUTTY.RND
2013-01-22 20:02 - 2013-01-22 20:02 - 10485760 _____ () C:\ProgramData\WV5DataStore

Some files in TEMP:
====================
C:\Users\OK\AppData\Local\Temp\AcDeltree.exe
C:\Users\OK\AppData\Local\Temp\akt_prog_stavitel_2014.exe
C:\Users\OK\AppData\Local\Temp\cygiconv-2.dll
C:\Users\OK\AppData\Local\Temp\cygintl-8.dll
C:\Users\OK\AppData\Local\Temp\cygwin1.dll
C:\Users\OK\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\OK\AppData\Local\Temp\Deldevice.dll
C:\Users\OK\AppData\Local\Temp\esri32.exe
C:\Users\OK\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\OK\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\OK\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\OK\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\OK\AppData\Local\Temp\libeay32.dll
C:\Users\OK\AppData\Local\Temp\md5sum.exe
C:\Users\OK\AppData\Local\Temp\msvcr120.dll
C:\Users\OK\AppData\Local\Temp\ResetDevice.exe
C:\Users\OK\AppData\Local\Temp\sfamcc00001.dll
C:\Users\OK\AppData\Local\Temp\sfextra.dll
C:\Users\OK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\OK\AppData\Local\Temp\sqlite3.dll
C:\Users\OK\AppData\Local\Temp\un29425.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\OK\Desktop" je 61 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive
"C:\Users\OK\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusAutoRunM200DN
"C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON WorkForce AL-M200DN,hide,\S [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TdmNotify
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Kontrola FRST logu

Napsal: 17 pro 2016 18:28
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d19f54-142c-11e6-a716-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d1a02d-142c-11e6-a716-d4bed97a6f29} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {39c28af6-5bbf-11e5-9efb-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {9a5f6242-c861-11e3-90da-d4bed97a6f29} - F:\AutoRun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} - F:\Startme.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {bd26fea1-5bce-11e5-a013-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {edb1d45c-9758-11e4-8e50-d4bed97a6f29} - F:\autorun.exe
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580811761-2930735587-3654941813-1000 -> {D928159A-287C-492F-AA0C-4E13E2ECDE4B} URL =
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 aaevbjd3; C:\Windows\System32\Drivers\aaevbjd3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\KMSEmulator.exe
C:\Windows\System32\Tasks\AutoKMSDaily
C:\Windows\Tasks\AutoKMSDaily.job
C:\Windows\Tasks\AutoKMS.job
C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\OK\AppData\Local\Temp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe
Task: {76AEB6F2-97DE-4F30-BB8C-086FA175FAA9} - System32\Tasks\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B} => pcalua.exe -a "C:\Users\OK\AppData\Local\Temp\Temp1_W.R3.70Fulllll.zip\WR370F\WinRAR 3.70 CZ.exe" <==== ATTENTION
Task: {BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C} - System32\Tasks\{AD9BE76F-358B-4873-B808-7FF70B3906B3} => pcalua.exe -a "C:\Program Files\rts_stavitel\Rozp.exe" -d "C:\Program Files\rts_stavitel\"
Task: {C223A0DE-2672-4526-A225-C23FA24EB677} - System32\Tasks\{D77159B5-5297-445A-962E-D65ACF747D85} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -c -remove -removeonly

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Kontrola FRST logu

Napsal: 18 pro 2016 11:18
od Endru-x
Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by OK (18-12-2016 11:08:33) Run:1
Running from C:\Users\OK\Desktop
Loaded Profiles: OK (Available Profiles: OK)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d19f54-142c-11e6-a716-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d1a02d-142c-11e6-a716-d4bed97a6f29} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {39c28af6-5bbf-11e5-9efb-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {9a5f6242-c861-11e3-90da-d4bed97a6f29} - F:\AutoRun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} - F:\Startme.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {bd26fea1-5bce-11e5-a013-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {edb1d45c-9758-11e4-8e50-d4bed97a6f29} - F:\autorun.exe
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580811761-2930735587-3654941813-1000 -> {D928159A-287C-492F-AA0C-4E13E2ECDE4B} URL =
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 aaevbjd3; C:\Windows\System32\Drivers\aaevbjd3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\KMSEmulator.exe
C:\Windows\System32\Tasks\AutoKMSDaily
C:\Windows\Tasks\AutoKMSDaily.job
C:\Windows\Tasks\AutoKMS.job
C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\OK\AppData\Local\Temp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe
Task: {76AEB6F2-97DE-4F30-BB8C-086FA175FAA9} - System32\Tasks\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B} => pcalua.exe -a "C:\Users\OK\AppData\Local\Temp\Temp1_W.R3.70Fulllll.zip\WR370F\WinRAR 3.70 CZ.exe" <==== ATTENTION
Task: {BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C} - System32\Tasks\{AD9BE76F-358B-4873-B808-7FF70B3906B3} => pcalua.exe -a "C:\Program Files\rts_stavitel\Rozp.exe" -d "C:\Program Files\rts_stavitel\"
Task: {C223A0DE-2672-4526-A225-C23FA24EB677} - System32\Tasks\{D77159B5-5297-445A-962E-D65ACF747D85} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -c -remove -removeonly

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d19f54-142c-11e6-a716-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{13d19f54-142c-11e6-a716-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d1a02d-142c-11e6-a716-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{13d1a02d-142c-11e6-a716-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39c28af6-5bbf-11e5-9efb-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{39c28af6-5bbf-11e5-9efb-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a5f6242-c861-11e3-90da-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{9a5f6242-c861-11e3-90da-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd26fea1-5bce-11e5-a013-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{bd26fea1-5bce-11e5-a013-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edb1d45c-9758-11e4-8e50-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{edb1d45c-9758-11e4-8e50-d4bed97a6f29} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D928159A-287C-492F-AA0C-4E13E2ECDE4B}" => key removed successfully
HKCR\CLSID\{D928159A-287C-492F-AA0C-4E13E2ECDE4B} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
aaevbjd3 => service removed successfully
C:\Windows\KMSEmulator.exe => moved successfully
C:\Windows\System32\Tasks\AutoKMSDaily => moved successfully
C:\Windows\Tasks\AutoKMSDaily.job => moved successfully
C:\Windows\Tasks\AutoKMS.job => moved successfully
C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\OK\AppData\Local\Temp" folder move:

Could not move "C:\Users\OK\AppData\Local\Temp" => Scheduled to move on reboot.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS => Error: No automatic fix found for this entry.
C:\Windows\AutoKMS.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76AEB6F2-97DE-4F30-BB8C-086FA175FAA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76AEB6F2-97DE-4F30-BB8C-086FA175FAA9}" => key removed successfully
C:\Windows\System32\Tasks\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C}" => key removed successfully
C:\Windows\System32\Tasks\{AD9BE76F-358B-4873-B808-7FF70B3906B3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD9BE76F-358B-4873-B808-7FF70B3906B3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C223A0DE-2672-4526-A225-C23FA24EB677}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C223A0DE-2672-4526-A225-C23FA24EB677}" => key removed successfully
C:\Windows\System32\Tasks\{D77159B5-5297-445A-962E-D65ACF747D85} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D77159B5-5297-445A-962E-D65ACF747D85}" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80872485 B
Java, Flash, Steam htmlcache => 96211 B
Windows/system/drivers => 4458583598 B
Edge => 0 B
Chrome => 0 B
Firefox => 357173567 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66338 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83565 B
systemprofile32 => 77284 B
LocalService => 16384 B
NetworkService => 539456 B
OK => 1352237363 B

RecycleBin => 4273836290 B
EmptyTemp: => 9.8 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-12-2016 11:16:13)

C:\Users\OK\AppData\Local\Temp => moved successfully

==== End of Fixlog 11:16:14 ====

Re: Kontrola FRST logu

Napsal: 18 pro 2016 22:53
od Endru-x
chvíli to vypadalo že je vše ok, ale nyní se stále projevuje stejný problém jako na začátku svchost -> cpu 25 %

Re: Kontrola FRST logu

Napsal: 19 pro 2016 18:52
od Rudy
Pokud máte aktualizace zapmuté, na zkoušku je vypněte. Zkuste přeinstalovat antivir.

Re: Kontrola FRST logu

Napsal: 19 pro 2016 21:59
od Endru-x
Provedeno bohužel stále beze změny, aktualizace trvale vypnuty

Re: Kontrola FRST logu

Napsal: 19 pro 2016 22:09
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Kontrola FRST logu

Napsal: 19 pro 2016 22:38
od Endru-x
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 19.12.16
Čas skenování: 22:30
Logovací soubor: MBAM.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.791
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: OK-PC\OK

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 441407
Uplynulý čas: 6 min, 10 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Re: Kontrola FRST logu

Napsal: 20 pro 2016 18:17
od Rudy
Log je OK, váš PC je zcela bez malware. Problém musí způsobovat některá regulérní aplikace, která má přístup na internet. Svchost je totiž proces hostování služeb.

Re: Kontrola FRST logu

Napsal: 20 pro 2016 23:41
od Endru-x
Mnohokrát díky za pomoc, řešení mého problému bude zřejmě zde http://kverulant.s.cz/win-update.html

Re: Kontrola FRST logu

Napsal: 21 pro 2016 18:05
od Rudy
Vždyť jsem se vás na ty aktualizace ptal a vy jste tvrdil, že jsou vypnuté. No nic, je jen na vašem rozhodnutí, kde si necháte pomoci. Nemáte zač.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz