VIRY.CZ

Ahoj,

když zapnu počítač skočí mi tam vždy varování na trojského koně dllhost.exe

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Ĺ Ăˇrka (administrator) on LENOVO (26-12-2016 14:42:29)
Running from C:\Users\Ĺ Ăˇrka\Desktop
Loaded Profiles: Ĺ Ăˇrka (Available Profiles: Ĺ Ăˇrka)
Platform: Windows 8.1 Pro (X64) Language: ÄŚeĹˇtina (ÄŚeskĂˇ republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\Ĺ Ăˇrka\Desktop\FRSTLauncher (2).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9108184 2016-11-07] (Piriform Ltd)
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {3e560a3c-5165-11e6-8255-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {64a9416e-b7d5-11e6-825d-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {75c3aed4-8cf2-11e6-8258-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe2294dd-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe2294f2-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe229648-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{599E26F3-9662-48DC-B6E7-8221A5B2C582}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.cz/"
CHR Profile: C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (Prezentace Google) - C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-11]
CHR Extension: (Dokumenty Google) - C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-11]
CHR Extension: (Disk Google) - C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-11]
CHR Extension: (YouTube) - C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11]
CHR Extension: (VyhledĂˇvĂˇnĂ Google) - C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11]
CHR Extension: (Tabulky Google) - C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Platby InternetovĂ©ho obchodu Chrome) - C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-11]
CHR Extension: (Chrome Media Router) - C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-11-02] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337696 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4295680 2016-02-09] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-10-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [267520 2016-10-19] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-09] (REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 14:42 - 2016-12-26 14:42 - 00010153 _____ C:\Users\Ĺ Ăˇrka\Desktop\FRST.txt
2016-12-26 14:42 - 2016-12-26 14:42 - 00000000 ____D C:\FRST
2016-12-26 14:39 - 2016-12-26 14:39 - 00112640 _____ (forum.viry.cz) C:\Users\Ĺ Ăˇrka\Desktop\FRSTLauncher (2).exe
2016-12-26 14:38 - 2016-12-26 14:38 - 00000000 _____ C:\Users\Ĺ Ăˇrka\Downloads\FRSTLauncher (1).exe.bu07q7p.partial
2016-12-26 14:37 - 2016-12-26 14:37 - 00000000 _____ C:\Users\Ĺ Ăˇrka\Downloads\FRSTLauncher.exe.8ra7o19.partial
2016-12-26 14:28 - 2016-12-26 14:28 - 02420736 _____ (Farbar) C:\Users\Ĺ Ăˇrka\Desktop\FRST64.exe
2016-12-26 13:28 - 2016-12-26 13:39 - 00000000 ____D C:\AdwCleaner
2016-12-26 13:26 - 2016-12-26 13:26 - 00001308 _____ C:\Users\Ĺ Ăˇrka\Desktop\cc_20161226_132616.reg
2016-12-26 13:25 - 2016-12-26 13:25 - 00039212 _____ C:\Users\Ĺ Ăˇrka\Desktop\cc_20161226_132533.reg
2016-12-26 13:18 - 2016-12-26 13:21 - 03977168 _____ C:\Users\Ĺ Ăˇrka\Desktop\adwcleaner_6.041.exe
2016-12-22 16:13 - 2016-12-22 16:13 - 12262509 _____ C:\Users\Ĺ Ăˇrka\Downloads\2016_12_20__VR_Buzice_stavba_ZD_V1_1.pdf
2016-12-22 16:09 - 2016-12-22 16:09 - 00828896 _____ C:\Users\Ĺ Ăˇrka\Downloads\OznĂˇmenĂ VĹ.pdf
2016-12-22 16:07 - 2016-12-22 16:07 - 00632929 _____ C:\Users\Ĺ Ăˇrka\Downloads\01 ZadĂˇvacĂ podmĂnky Modernizace Ĺ˝V 2016.pdf
2016-12-22 15:33 - 2016-12-22 16:37 - 01089024 _____ C:\Users\Ĺ Ăˇrka\Downloads\PĹ™ehled zakĂˇzek 2016.xls
2016-12-09 16:47 - 2016-12-09 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-12-09 16:40 - 2016-12-09 16:40 - 00001004 _____ C:\Users\Public\Desktop\AVG.lnk
2016-12-09 16:40 - 2016-12-09 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-12-09 16:36 - 2016-12-26 12:50 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-12-09 16:36 - 2016-12-09 16:47 - 00000000 ____D C:\Program Files (x86)\AVG
2016-12-09 16:30 - 2016-12-09 16:31 - 02895464 _____ (AVG Technologies) C:\Users\Ĺ Ăˇrka\Downloads\AVG_Protection_Free_1143 (1).exe
2016-11-27 21:07 - 2016-11-27 21:07 - 00720429 _____ C:\Users\Ĺ Ăˇrka\Downloads\voucher-NAK00220ysksgzug (7).pdf
2016-11-27 21:06 - 2016-11-27 21:06 - 00733116 _____ C:\Users\Ĺ Ăˇrka\Downloads\voucher-NAK00220ysksgzug (6).pdf
2016-11-27 21:06 - 2016-11-27 21:06 - 00603792 _____ C:\Users\Ĺ Ăˇrka\Downloads\voucher-NAK00220ysksgzug (5).pdf
2016-11-27 21:05 - 2016-11-27 21:05 - 00686665 _____ C:\Users\Ĺ Ăˇrka\Downloads\voucher-NAK00220ysksgzug (3).pdf
2016-11-27 21:05 - 2016-11-27 21:05 - 00664058 _____ C:\Users\Ĺ Ăˇrka\Downloads\voucher-NAK00220ysksgzug (4).pdf
2016-11-27 21:04 - 2016-11-27 21:04 - 00686741 _____ C:\Users\Ĺ Ăˇrka\Downloads\voucher-NAK00220ysksgzug (2).pdf
2016-11-27 21:03 - 2016-11-27 21:03 - 00686737 _____ C:\Users\Ĺ Ăˇrka\Downloads\voucher-NAK00220ysksgzug.pdf
2016-11-27 21:03 - 2016-11-27 21:03 - 00686662 _____ C:\Users\Ĺ Ăˇrka\Downloads\voucher-NAK00220ysksgzug (1).pdf
2016-11-27 20:40 - 2016-11-27 20:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 14:35 - 2016-11-15 19:06 - 00000000 ____D C:\ProgramData\MFAData
2016-12-26 14:29 - 2016-02-11 16:16 - 00000000 ___RD C:\Users\Ĺ Ăˇrka\SkyDrive
2016-12-26 14:23 - 2016-02-09 18:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3662250802-3067521792-2655457148-1001
2016-12-26 14:23 - 2013-09-30 05:20 - 01658450 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-26 14:23 - 2013-09-30 04:57 - 00705506 _____ C:\Windows\system32\perfh005.dat
2016-12-26 14:23 - 2013-09-30 04:57 - 00143830 _____ C:\Windows\system32\perfc005.dat
2016-12-26 14:23 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-12-26 14:18 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-26 14:17 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-26 14:15 - 2016-03-07 19:23 - 00000000 ____D C:\Users\Ĺ Ăˇrka\Desktop\Muse - Drones (2015)
2016-12-26 13:37 - 2016-02-09 18:27 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D1049032-3159-43B5-8A08-F814CB4BE79D}
2016-12-26 13:23 - 2016-06-15 06:37 - 00000000 ____D C:\Windows\Minidump
2016-12-26 13:08 - 2016-11-14 19:45 - 00000000 ____D C:\Users\Ĺ Ăˇrka\AppData\Local\Hisuite
2016-12-26 12:48 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-12-24 14:22 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-12-23 20:53 - 2016-02-09 19:22 - 00000000 ____D C:\Users\Ĺ Ăˇrka\AppData\Roaming\vlc
2016-12-23 19:21 - 2016-02-09 19:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-23 19:21 - 2016-02-09 18:21 - 00000000 ____D C:\Users\Ĺ Ăˇrka
2016-12-22 20:25 - 2016-07-17 07:28 - 00003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1468736873
2016-12-22 20:25 - 2016-07-17 07:27 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-22 20:25 - 2016-07-17 07:27 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-18 19:27 - 2016-11-14 19:46 - 00000000 ____D C:\Users\Ĺ Ăˇrka\Documents\HiSuite
2016-12-17 14:59 - 2016-02-11 16:34 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-17 14:59 - 2016-02-11 16:34 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-17 09:51 - 2016-02-11 16:30 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 09:51 - 2016-02-11 16:30 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-09 16:48 - 2016-11-15 18:56 - 00000000 ____D C:\Users\Ĺ Ăˇrka\AppData\Local\Avg
2016-12-09 16:48 - 2016-02-09 19:24 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-09 16:47 - 2016-11-15 19:06 - 00000000 ___HD C:\$AVG
2016-12-09 16:47 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-12-09 16:45 - 2016-11-15 18:56 - 00000000 ____D C:\Users\Ĺ Ăˇrka\AppData\Local\AvgSetupLog
2016-12-09 16:40 - 2016-11-15 18:57 - 00000000 ____D C:\ProgramData\Avg
2016-12-06 21:23 - 2016-02-09 19:51 - 00000000 ____D C:\Users\Ĺ Ăˇrka\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

Some files in TEMP:
====================
C:\Users\Ĺ Ăˇrka\AppData\Local\Temp\libeay32.dll
C:\Users\Ĺ Ăˇrka\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Ĺ Ăˇrka\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-14 18:53

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:100 GB) (Free:70.16 GB) NTFS
Drive d: () (Fixed) (Total:365.42 GB) (Free:364.83 GB) NTFS

Available physical RAM: 2772.89 MB
Total physical RAM: 3979.49 MB
Percentage of memory in use: 30%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 010837EE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365.4 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ć rka\Desktop" je 131 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Zkoušela jsem odpoledne:

# AdwCleaner v6.041 - Log vytvoĹ™en 26/12/2016 v 13:31:06
# AktualizovĂˇno dne 16/12/2016 z Malwarebytes
# DatabĂˇze : 2016-12-25.1 [Server]
# OperaÄŤnĂ systĂ©m : Windows 8.1 Pro (X64)
# UĹľivatelskĂ© jmĂ©no : Ĺ Ăˇrka - LENOVO
# SpuĹˇtÄ›no z : C:\Users\Ĺ Ăˇrka\Desktop\adwcleaner_6.041.exe
# Mod: SkenovĂˇnĂ
# Podpora : https://www.malwarebytes.com/support

***** [ SluĹľby ] *****

SluĹľba nalezena: vToolbarUpdater40.3.6
SluĹľba nalezena: ReimageRealTimeProtector
SluĹľba nalezena: WtuSystemSupport

***** [ SloĹľky ] *****

SloĹľka nalezena: C:\Users\Ĺ Ăˇrka\AppData\Local\avg web tuneup
SloĹľka nalezena: C:\Program Files\Reimage
SloĹľka nalezena: C:\Program Files\avg web tuneup
SloĹľka nalezena: C:\Program Files\reimage
SloĹľka nalezena: C:\Program Files\Common Files\AVG Secure Search
SloĹľka nalezena: C:\ProgramData\Reimage Protector
SloĹľka nalezena: C:\ProgramData\avg web tuneup
SloĹľka nalezena: C:\ProgramData\Application Data\Reimage Protector
SloĹľka nalezena: C:\ProgramData\Application Data\avg web tuneup
SloĹľka nalezena: C:\Program Files (x86)\avg web tuneup
SloĹľka nalezena: C:\Program Files (x86)\Common Files\AVG Secure Search
SloĹľka nalezena: C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn

***** [ Soubory ] *****

Soubor nalezen: C:\Windows\Reimage.ini

***** [ DLL ] *****

Nebyly nalezeny ĹľĂˇdnĂ© ĹˇkodlivĂ© DLL.

***** [ WMI ] *****

Nebyly nalezeny ĹľĂˇdnĂ© ĹˇkodlivĂ© klĂÄŤe.

***** [ ZĂˇstupci ] *****

Ĺ˝ĂˇdnĂ˝ infikovanĂ˝ zĂˇstupce nenalezen.

***** [ NaplĂˇnovanĂ© Ăşlohy ] *****

NaplĂˇnovanĂˇ Ăşloha nalezena: ReimageUpdater
NaplĂˇnovanĂˇ Ăşloha nalezena: ReimageUpdater
NaplĂˇnovanĂˇ Ăşloha nalezena: reimageupdater

***** [ Registry ] *****

KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
KlĂÄŤ nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
KlĂÄŤ nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
KlĂÄŤ nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
KlĂÄŤ nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
KlĂÄŤ nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
KlĂÄŤ nalezen: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
KlĂÄŤ nalezen: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
KlĂÄŤ nalezen: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
KlĂÄŤ nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
KlĂÄŤ nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
KlĂÄŤ nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
KlĂÄŤ nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
KlĂÄŤ nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
KlĂÄŤ nalezen: HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\Software\Reimage
KlĂÄŤ nalezen: HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
KlĂÄŤ nalezen: HKCU\Software\Reimage
KlĂÄŤ nalezen: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
KlĂÄŤ nalezen: HKLM\SOFTWARE\AVG Tuneup
KlĂÄŤ nalezen: [x64] HKCU\Software\Reimage
KlĂÄŤ nalezen: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
KlĂÄŤ nalezen: [x64] HKLM\SOFTWARE\Reimage
KlĂÄŤ nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector
Data nalezena: HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={0E2329EC-0210-41AD-B741-37598DFBC82C}&mid=3b5154999d6747cfa1e
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={0E2329EC-0210-41AD-B741-37598DFBC82C}&mid=3b5154999d6747cfa1e3e159f5f2b03d-70b3cd8c4c479cb5f13a7f7d46c0adc5
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={0E2329EC-0210-41AD-B741-37598DFBC82C}&mid=3b5154999d6747cfa1e3e159f5f2b03d-70b3cd8c4c479cb5f13a7f7d46c0ad
KlĂÄŤ nalezen: HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
KlĂÄŤ nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
KlĂÄŤ nalezen: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
KlĂÄŤ nalezen: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
KlĂÄŤ nalezen: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
KlĂÄŤ nalezen: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
KlĂÄŤ nalezen: HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
KlĂÄŤ nalezen: [x64] HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn

***** [ InternetovĂ© prohlĂĹľeÄŤe ] *****

Nebyly nalezeny ĹľĂˇdnĂ© ĹˇkodlivĂ© poloĹľky prohlĂĹľeÄŤe Firefox.
Chromium nastavenĂ nalezeno: [C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Web data] - slirsredirect.search.aol.com
Chromium nastavenĂ nalezeno: [C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - chfdnecihphmhljaaejmgoiahnihplgn

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [7537 Bajty] - [26/12/2016 13:31:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7610 Bajty] ##########

A tady je teď aktuální:

# AdwCleaner v6.041 - Log vytvoĹ™en 26/12/2016 v 19:21:25
# AktualizovĂˇno dne 16/12/2016 z Malwarebytes
# DatabĂˇze : 2016-12-26.3 [Server]
# OperaÄŤnĂ systĂ©m : Windows 8.1 Pro (X64)
# UĹľivatelskĂ© jmĂ©no : Ĺ Ăˇrka - LENOVO
# SpuĹˇtÄ›no z : C:\Users\Ĺ Ăˇrka\Desktop\adwcleaner_6.041.exe
# Mod: SkenovĂˇnĂ
# Podpora : https://www.malwarebytes.com/support

***** [ SluĹľby ] *****

Nebyly nalezeny ĹľĂˇdnĂ© ĹˇkodlivĂ© sluĹľby.

***** [ SloĹľky ] *****

Nebyly nalezeny ĹľĂˇdnĂ© ĹˇkodlivĂ© sloĹľky.

***** [ Soubory ] *****

Nebyly nalezeny ĹľĂˇdnĂ© ĹˇkodlivĂ© soubory.

***** [ DLL ] *****

Nebyly nalezeny ĹľĂˇdnĂ© ĹˇkodlivĂ© DLL.

***** [ WMI ] *****

Nebyly nalezeny ĹľĂˇdnĂ© ĹˇkodlivĂ© klĂÄŤe.

***** [ ZĂˇstupci ] *****

Ĺ˝ĂˇdnĂ˝ infikovanĂ˝ zĂˇstupce nenalezen.

***** [ NaplĂˇnovanĂ© Ăşlohy ] *****

Ĺ˝ĂˇdnĂˇ nebezpeÄŤnĂˇ Ăşloha nenalezena.

***** [ Registry ] *****

KlĂÄŤ nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ InternetovĂ© prohlĂĹľeÄŤe ] *****

Nebyly nalezeny ĹľĂˇdnĂ© ĹˇkodlivĂ© poloĹľky prohlĂĹľeÄŤe Firefox.
Chromium nastavenĂ nalezeno: [C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Web data] - slirsredirect.search.aol.com
Chromium nastavenĂ nalezeno: [C:\Users\Ĺ Ăˇrka\AppData\Local\Google\Chrome\User Data\Default\Web data] - synaptics-touchpad-driver.en.softonic.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7901 Bajty] - [26/12/2016 13:31:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [7753 Bajty] - [26/12/2016 13:31:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [1634 Bajty] - [26/12/2016 19:21:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1707 Bajty] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Šárka (administrator) on LENOVO (26-12-2016 20:44:14)
Running from C:\Users\Šárka\Desktop
Loaded Profiles: Šárka (Available Profiles: Šárka)
Platform: Windows 8.1 Pro (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9108184 2016-11-07] (Piriform Ltd)
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {3e560a3c-5165-11e6-8255-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {64a9416e-b7d5-11e6-825d-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {75c3aed4-8cf2-11e6-8258-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe2294dd-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe2294f2-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe229648-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{599E26F3-9662-48DC-B6E7-8221A5B2C582}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.cz/"
CHR Profile: C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (Prezentace Google) - C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-11]
CHR Extension: (Dokumenty Google) - C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-11]
CHR Extension: (Disk Google) - C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-11]
CHR Extension: (YouTube) - C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11]
CHR Extension: (Vyhledávání Google) - C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11]
CHR Extension: (Tabulky Google) - C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-11]
CHR Extension: (Chrome Media Router) - C:\Users\Šárka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337696 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4295680 2016-02-09] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-10-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [267520 2016-10-19] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2016-02-09] (REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 14:43 - 2016-12-26 14:43 - 00024533 _____ C:\Users\Šárka\Desktop\Addition.txt
2016-12-26 14:42 - 2016-12-26 20:44 - 00010330 _____ C:\Users\Šárka\Desktop\FRST.txt
2016-12-26 14:42 - 2016-12-26 20:44 - 00000000 ____D C:\FRST
2016-12-26 14:38 - 2016-12-26 14:38 - 00000000 _____ C:\Users\Šárka\Downloads\FRSTLauncher (1).exe.bu07q7p.partial
2016-12-26 14:37 - 2016-12-26 14:37 - 00000000 _____ C:\Users\Šárka\Downloads\FRSTLauncher.exe.8ra7o19.partial
2016-12-26 14:28 - 2016-12-26 14:28 - 02420736 _____ (Farbar) C:\Users\Šárka\Desktop\FRST64.exe
2016-12-26 13:28 - 2016-12-26 20:43 - 00000000 ____D C:\AdwCleaner
2016-12-26 13:26 - 2016-12-26 13:26 - 00001308 _____ C:\Users\Šárka\Desktop\cc_20161226_132616.reg
2016-12-26 13:25 - 2016-12-26 13:25 - 00039212 _____ C:\Users\Šárka\Desktop\cc_20161226_132533.reg
2016-12-26 13:18 - 2016-12-26 13:21 - 03977168 _____ C:\Users\Šárka\Desktop\adwcleaner_6.041.exe
2016-12-22 16:13 - 2016-12-22 16:13 - 12262509 _____ C:\Users\Šárka\Downloads\2016_12_20__VR_Buzice_stavba_ZD_V1_1.pdf
2016-12-22 16:09 - 2016-12-22 16:09 - 00828896 _____ C:\Users\Šárka\Downloads\Oznámení VŘ.pdf
2016-12-22 16:07 - 2016-12-22 16:07 - 00632929 _____ C:\Users\Šárka\Downloads\01 Zadávací podmínky Modernizace ŽV 2016.pdf
2016-12-22 15:33 - 2016-12-22 16:37 - 01089024 _____ C:\Users\Šárka\Downloads\Přehled zakázek 2016.xls
2016-12-09 16:47 - 2016-12-09 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-12-09 16:40 - 2016-12-09 16:40 - 00001004 _____ C:\Users\Public\Desktop\AVG.lnk
2016-12-09 16:40 - 2016-12-09 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-12-09 16:36 - 2016-12-26 12:50 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-12-09 16:36 - 2016-12-09 16:47 - 00000000 ____D C:\Program Files (x86)\AVG
2016-12-09 16:30 - 2016-12-09 16:31 - 02895464 _____ (AVG Technologies) C:\Users\Šárka\Downloads\AVG_Protection_Free_1143 (1).exe
2016-11-27 21:07 - 2016-11-27 21:07 - 00720429 _____ C:\Users\Šárka\Downloads\voucher-NAK00220ysksgzug (7).pdf
2016-11-27 21:06 - 2016-11-27 21:06 - 00733116 _____ C:\Users\Šárka\Downloads\voucher-NAK00220ysksgzug (6).pdf
2016-11-27 21:06 - 2016-11-27 21:06 - 00603792 _____ C:\Users\Šárka\Downloads\voucher-NAK00220ysksgzug (5).pdf
2016-11-27 21:05 - 2016-11-27 21:05 - 00686665 _____ C:\Users\Šárka\Downloads\voucher-NAK00220ysksgzug (3).pdf
2016-11-27 21:05 - 2016-11-27 21:05 - 00664058 _____ C:\Users\Šárka\Downloads\voucher-NAK00220ysksgzug (4).pdf
2016-11-27 21:04 - 2016-11-27 21:04 - 00686741 _____ C:\Users\Šárka\Downloads\voucher-NAK00220ysksgzug (2).pdf
2016-11-27 21:03 - 2016-11-27 21:03 - 00686737 _____ C:\Users\Šárka\Downloads\voucher-NAK00220ysksgzug.pdf
2016-11-27 21:03 - 2016-11-27 21:03 - 00686662 _____ C:\Users\Šárka\Downloads\voucher-NAK00220ysksgzug (1).pdf
2016-11-27 20:40 - 2016-11-27 20:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-26 19:28 - 2013-09-30 05:20 - 01658450 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-26 19:28 - 2013-09-30 04:57 - 00705506 _____ C:\Windows\system32\perfh005.dat
2016-12-26 19:28 - 2013-09-30 04:57 - 00143830 _____ C:\Windows\system32\perfc005.dat
2016-12-26 19:28 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2016-12-26 19:24 - 2016-11-15 19:06 - 00000000 ____D C:\ProgramData\MFAData
2016-12-26 19:24 - 2016-02-11 16:16 - 00000000 ___RD C:\Users\Šárka\SkyDrive
2016-12-26 19:23 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-26 15:33 - 2016-02-09 18:26 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3662250802-3067521792-2655457148-1001
2016-12-26 14:17 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-26 14:15 - 2016-03-07 19:23 - 00000000 ____D C:\Users\Šárka\Desktop\Muse - Drones (2015)
2016-12-26 13:37 - 2016-02-09 18:27 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D1049032-3159-43B5-8A08-F814CB4BE79D}
2016-12-26 13:23 - 2016-06-15 06:37 - 00000000 ____D C:\Windows\Minidump
2016-12-26 13:08 - 2016-11-14 19:45 - 00000000 ____D C:\Users\Šárka\AppData\Local\Hisuite
2016-12-26 12:48 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2016-12-24 14:22 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-12-23 20:53 - 2016-02-09 19:22 - 00000000 ____D C:\Users\Šárka\AppData\Roaming\vlc
2016-12-23 19:21 - 2016-02-09 19:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-23 19:21 - 2016-02-09 18:21 - 00000000 ____D C:\Users\Šárka
2016-12-22 20:25 - 2016-07-17 07:28 - 00003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1468736873
2016-12-22 20:25 - 2016-07-17 07:27 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-22 20:25 - 2016-07-17 07:27 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-18 19:27 - 2016-11-14 19:46 - 00000000 ____D C:\Users\Šárka\Documents\HiSuite
2016-12-17 14:59 - 2016-02-11 16:34 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-17 14:59 - 2016-02-11 16:34 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-17 09:51 - 2016-02-11 16:30 - 00003384 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 09:51 - 2016-02-11 16:30 - 00003256 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-09 16:48 - 2016-11-15 18:56 - 00000000 ____D C:\Users\Šárka\AppData\Local\Avg
2016-12-09 16:48 - 2016-02-09 19:24 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-09 16:47 - 2016-11-15 19:06 - 00000000 ___HD C:\$AVG
2016-12-09 16:47 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-12-09 16:45 - 2016-11-15 18:56 - 00000000 ____D C:\Users\Šárka\AppData\Local\AvgSetupLog
2016-12-09 16:40 - 2016-11-15 18:57 - 00000000 ____D C:\ProgramData\Avg
2016-12-06 21:23 - 2016-02-09 19:51 - 00000000 ____D C:\Users\Šárka\AppData\Local\Microsoft Help

Some files in TEMP:
====================
C:\Users\Šárka\AppData\Local\Temp\ReimagePackage.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-26 15:33

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {3e560a3c-5165-11e6-8255-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {64a9416e-b7d5-11e6-825d-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {75c3aed4-8cf2-11e6-8258-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe2294dd-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe2294f2-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe229648-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
U0 aswVmm; no ImagePath
C:\Users\Šárka\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Šárka (26-12-2016 21:21:38) Run:1
Running from C:\Users\Šárka\Desktop
Loaded Profiles: Šárka (Available Profiles: Šárka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {3e560a3c-5165-11e6-8255-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {64a9416e-b7d5-11e6-825d-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {75c3aed4-8cf2-11e6-8258-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe2294dd-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe2294f2-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\...\MountPoints2: {fe229648-a5b4-11e6-8259-3010b31659ce} - "E:\HiSuiteDownLoader.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
U0 aswVmm; no ImagePath
C:\Users\Šárka\AppData\Local\Temp

EmptyTemp:
End
*****************

"HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e560a3c-5165-11e6-8255-3010b31659ce}" => key removed successfully
HKCR\CLSID\{3e560a3c-5165-11e6-8255-3010b31659ce} => key not found.
"HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64a9416e-b7d5-11e6-825d-3010b31659ce}" => key removed successfully
HKCR\CLSID\{64a9416e-b7d5-11e6-825d-3010b31659ce} => key not found.
"HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75c3aed4-8cf2-11e6-8258-3010b31659ce}" => key removed successfully
HKCR\CLSID\{75c3aed4-8cf2-11e6-8258-3010b31659ce} => key not found.
"HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe2294dd-a5b4-11e6-8259-3010b31659ce}" => key removed successfully
HKCR\CLSID\{fe2294dd-a5b4-11e6-8259-3010b31659ce} => key not found.
"HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe2294f2-a5b4-11e6-8259-3010b31659ce}" => key removed successfully
HKCR\CLSID\{fe2294f2-a5b4-11e6-8259-3010b31659ce} => key not found.
"HKU\S-1-5-21-3662250802-3067521792-2655457148-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe229648-a5b4-11e6-8259-3010b31659ce}" => key removed successfully
HKCR\CLSID\{fe229648-a5b4-11e6-8259-3010b31659ce} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
aswVmm => service removed successfully

"C:\Users\Šárka\AppData\Local\Temp" folder move:

Could not move "C:\Users\Šárka\AppData\Local\Temp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31903942 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 1772364 B
Edge => 0 B
Chrome => 455483066 B
Firefox => 0 B
Opera => 5816320 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 13351 B
NetworkService => 0 B
Šárka => 35332775 B

RecycleBin => 11321078 B
EmptyTemp: => 524.6 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-12-2016 21:22:55)

C:\Users\Šárka\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:22:56 ====

Smazáno. Nastala nějaká změna?

Dobré ráno,

teď jsem to zapla a naskočilo to tam znovu

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dfejte log. Předem nic nemažte.

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 28.12.16
Čas skenování: 13:27
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.876
Licence: Zkušební

-Systémová informace-
OS: Windows 8.1
CPU: x64
Systém souborů: NTFS
Uživatel: LENOVO\\u00c5\u00a0\u00c3\u00a1rka

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 334540
Uplynulý čas: 2 min, 28 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

Podle toho skenu tam nic není. V jakém adresáři se ten dllhost.exe nachází? Pokud je ve windovs\system32, virus to není.

Tak to je dobrá zpráva. Jen tedy nevím proč mi to tam skáče jako varování na Trojského koně. Je to ve windows/service profiles

Pokud je ve windows\service profiles, smažte. Může být jen v windows\system32

Moc vám děkuji za pomoc

A přeji vše nejlepší do nového roku

VIRY.CZ

Prosím o pomoc

Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc