Přiznám se, že vaše nástavba FRST ve mě moc důvěry nevzbuzovala. Vlastně mi to kvůli ochraně nešlo ani stáhnout. Pokud postačí log z FRST bez nástavby, tak tady je výpis z FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by Zuzka (administrator) on ZUZIK (24-02-2017 20:06:27)
Running from C:\Users\Zuzka\Desktop
Loaded Profiles: Zuzka (Available Profiles: Zuzka)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMTray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-11-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-09] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-03] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-49040800-1362075375-424372385-1001\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-49040800-1362075375-424372385-1001\...\MountPoints2: {45690044-b7f1-11e6-bf22-a4db304fb96f} - "E:\Autorun.exe"
HKU\S-1-5-21-49040800-1362075375-424372385-1001\...\MountPoints2: {45690072-b7f1-11e6-bf22-a4db304fb96f} - "E:\Autorun.exe"
HKU\S-1-5-21-49040800-1362075375-424372385-1001\...\MountPoints2: {95ce53c7-b35d-11e6-bf22-a4db304fb96f} - "E:\HiSuiteDownLoader.exe"
IFEO\rlvknlg.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-03] (AVAST Software)
Startup: C:\Users\Zuzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP DeskJet 2130 series.lnk [2017-02-24]
ShortcutTarget: Sledovat výstrahy inkoustu - HP DeskJet 2130 series.lnk -> C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\Zuzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2013-11-25]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{72d88a6a-ff2c-4d8a-b3f8-8e9dba0db5da}: [DhcpNameServer] 193.84.209.5
Tcpip\..\Interfaces\{87d8b971-7785-4a5c-bd3f-e4e37beda207}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131208256863120559&GUID=AA8C0EC0-1A24-45C4-BE0F-8EEBB0E1A9D5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
www.google.com
HKU\S-1-5-21-49040800-1362075375-424372385-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-49040800-1362075375-424372385-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131208256863361719&GUID=AA8C0EC0-1A24-45C4-BE0F-8EEBB0E1A9D5
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://
www.bing.com/search?q={searchTerms}&for ... &pc=MSERT1
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://
www.bing.com/search?q={searchTerms}&for ... &pc=MSERT1
SearchScopes: HKU\S-1-5-21-49040800-1362075375-424372385-1001 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://
www.bing.com/search?q={searchTerms}&for ... &pc=MSERT1
SearchScopes: HKU\S-1-5-21-49040800-1362075375-424372385-1001 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://
www.bing.com/search?q={searchTerms}&for ... &pc=MSERT1
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-04-15] (Qualcomm Atheros Commnucations)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-49040800-1362075375-424372385-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
FireFox:
========
FF HKLM\...\Firefox\Extensions: [
wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-09]
FF HKLM\...\Firefox\Extensions: [
sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-09]
FF HKLM-x32\...\Firefox\Extensions: [
wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [
sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-23] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://
www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxps://
www.google.cz/"
CHR Profile: C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Prezentace Google) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-25]
CHR Extension: (Dokumenty Google) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26]
CHR Extension: (Disk Google) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Vyhledávání Google) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Tabulky Google) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-19]
CHR Extension: (Avast Online Security) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-31]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
Opera:
=======
OPR StartupUrls: "hxxp://
www.google.com/"
OPR Session Restore: -> is enabled.
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-03] (AVAST Software)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-11-07] (ELAN Microelectronics Corp.)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [153296 2016-04-26] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [478416 2016-04-26] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 LMSvc; C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2017-01-03] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2017-01-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2017-01-03] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2017-01-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-03] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2017-01-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2017-01-03] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2017-01-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-03] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-24] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-24] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-24] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-24] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-24] (Malwarebytes)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [50448 2015-07-28] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NetTap630; C:\WINDOWS\system32\DRIVERS\nettap630.sys [76560 2015-07-29] (Intel Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwusb_cdcacm; \SystemRoot\system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; \SystemRoot\System32\drivers\ew_wwanecm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-24 20:06 - 2017-02-24 20:08 - 00019595 _____ C:\Users\Zuzka\Desktop\FRST.txt
2017-02-24 20:05 - 2017-02-24 20:06 - 00000000 ____D C:\FRST
2017-02-24 19:24 - 2017-02-24 20:05 - 02423296 _____ (Farbar) C:\Users\Zuzka\Desktop\FRST64.exe
2017-02-24 19:02 - 2017-02-24 19:02 - 00614095 _____ C:\Users\Zuzka\Desktop\zpravaMBAM.txt
2017-02-24 18:59 - 2017-02-24 19:13 - 00000270 __RSH C:\ProgramData\ntuser.pol
2017-02-24 16:50 - 2017-02-24 16:50 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\109A4F8D.sys
2017-02-24 16:48 - 2017-02-24 19:27 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-24 16:48 - 2017-02-24 19:12 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-24 16:48 - 2017-02-24 16:48 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-24 16:47 - 2017-02-24 19:12 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-24 16:47 - 2017-02-24 19:12 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-24 16:47 - 2017-02-24 16:47 - 00001924 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-24 16:47 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-24 16:46 - 2017-02-24 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-24 16:46 - 2017-02-24 16:46 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-24 16:45 - 2017-02-24 16:45 - 55566792 _____ (Malwarebytes ) C:\Users\Zuzka\Downloads\mb3-setup-consumer-3.0.6.1469 (1).exe
2017-02-24 16:44 - 2017-02-24 16:44 - 55566792 _____ (Malwarebytes ) C:\Users\Zuzka\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-23 21:32 - 2017-02-23 21:32 - 00000000 ____D C:\Users\Zuzka\AppData\Local\ESET
2017-02-23 21:31 - 2017-02-23 21:32 - 06751360 _____ (ESET spol. s r.o.) C:\Users\Zuzka\Downloads\esetonlinescanner_enu.exe
2017-02-23 21:25 - 2017-02-23 21:25 - 00001147 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-02-23 21:06 - 2017-02-23 21:06 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-23 13:09 - 2017-02-23 13:09 - 00139264 _____ C:\Users\Zuzka\Downloads\1_Uvod_do_predmetu_2017.ppt
2017-02-23 08:12 - 2017-02-23 08:12 - 07292497 _____ C:\Users\Zuzka\Downloads\vitaminátor.pptx
2017-01-26 08:48 - 2017-01-26 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-01-25 10:58 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:58 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 01:29 - 2017-01-25 01:29 - 09405464 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 07589400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 02463256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 02150928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 01015832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 01015832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00768024 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00643096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00476696 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00420376 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-01-25 01:29 - 2017-01-25 01:29 - 00310808 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-01-25 01:29 - 2017-01-25 01:29 - 00293400 _____ C:\WINDOWS\system32\GameManager64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00287248 _____ C:\WINDOWS\system32\clinfo.exe
2017-01-25 01:29 - 2017-01-25 01:29 - 00285720 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00266256 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00258072 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00251416 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00248344 _____ C:\WINDOWS\system32\atieah64.exe
2017-01-25 01:29 - 2017-01-25 01:29 - 00239128 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00226328 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-01-25 01:29 - 2017-01-25 01:29 - 00219672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00193560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00178200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00158336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00154648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00153112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00147480 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00145952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00135704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00130584 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00128536 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00126488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00121368 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00118800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00107544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00100888 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00084504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00077848 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00038424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-01-25 01:29 - 2017-01-25 01:29 - 00038416 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-01-25 01:28 - 2017-01-25 01:28 - 00488496 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-01-25 01:28 - 2017-01-25 01:28 - 00166408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-01-25 01:28 - 2017-01-25 01:28 - 00162216 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-01-25 01:28 - 2017-01-25 01:28 - 00145872 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-01-25 01:28 - 2017-01-25 01:28 - 00145360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-01-25 01:28 - 2017-01-25 01:28 - 00130224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-01-25 01:28 - 2017-01-25 01:28 - 00130216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-01-25 01:28 - 2017-01-25 01:28 - 00112336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-01-25 01:28 - 2017-01-25 01:28 - 00112328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-24 19:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-24 19:18 - 2016-07-16 23:25 - 00772344 _____ C:\WINDOWS\system32\perfh005.dat
2017-02-24 19:18 - 2016-07-16 23:25 - 00179346 _____ C:\WINDOWS\system32\perfc005.dat
2017-02-24 19:18 - 2015-11-07 17:03 - 02072196 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-24 19:11 - 2016-10-09 09:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-24 19:11 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-24 19:10 - 2016-10-09 09:00 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-24 19:01 - 2016-10-09 08:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-24 18:11 - 2016-10-09 09:07 - 00000000 ____D C:\Users\Zuzka
2017-02-24 18:11 - 2015-05-17 21:54 - 00000000 ____D C:\Users\Zuzka\AppData\Roaming\Nico Mak Computing
2017-02-24 16:42 - 2016-12-15 15:15 - 00003470 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-24 16:42 - 2016-12-15 15:15 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-24 16:36 - 2014-01-23 20:16 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-24 08:36 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 02:12 - 2013-11-25 18:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 02:01 - 2013-11-25 18:19 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 01:38 - 2013-11-19 19:17 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-24 00:32 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-23 22:11 - 2014-12-14 13:07 - 00000000 ____D C:\Program Files (x86)\ea3f50d8-2a17-47e8-aec4-6c872f508b91
2017-02-23 22:08 - 2013-09-29 12:15 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2017-02-23 21:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-23 21:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-23 21:16 - 2016-11-25 23:22 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-23 08:12 - 2014-10-14 14:08 - 00000000 ____D C:\ProgramData\Skype
2017-02-22 15:05 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 14:58 - 2014-01-03 15:39 - 00000000 ___RD C:\Users\Zuzka\Desktop\Zuzka
2017-02-22 08:57 - 2013-11-17 12:34 - 00000000 ____D C:\Users\Zuzka\AppData\Local\Packages
2017-02-21 08:04 - 2015-09-29 08:47 - 00000000 ____D C:\Users\Zuzka\Desktop\VŠ
2017-02-15 21:36 - 2014-01-18 14:30 - 00000000 ____D C:\Users\Zuzka\Desktop\Rodinné fotky
2017-02-13 12:46 - 2013-11-19 16:01 - 00000000 ____D C:\Users\Zuzka\AppData\Roaming\vlc
2017-02-13 12:06 - 2016-09-06 12:55 - 00000000 ____D C:\Users\Zuzka\Desktop\Čertíci
2017-02-09 22:08 - 2016-01-03 14:59 - 00000000 ____D C:\Users\Zuzka\Desktop\ČD
2017-02-07 13:44 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 12:27 - 2016-10-09 09:49 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-02 21:10 - 2014-10-14 14:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-02 11:39 - 2016-12-15 15:16 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 22:01 - 2016-03-05 15:14 - 00000000 ____D C:\ProgramData\AMD
2017-01-26 08:47 - 2016-10-09 09:00 - 00000000 ____D C:\Program Files\AMD
2017-01-25 13:22 - 2014-11-29 19:43 - 00000000 ____D C:\AMD
2017-01-25 10:41 - 2016-10-09 09:49 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-25 01:29 - 2016-10-26 00:04 - 00909336 _____ (AMD) C:\WINDOWS\system32\coinst_16.40.dll
2017-01-25 01:29 - 2016-09-13 21:08 - 01351192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-01-25 01:29 - 2016-09-13 21:08 - 00541208 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-01-25 01:29 - 2016-09-13 21:08 - 00305176 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
==================== Files in the root of some directories =======
2016-12-08 13:58 - 2016-12-08 13:58 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-09 15:41
==================== End of FRST.txt ============================
Dobrou noc.