VIRY.CZ

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017
Ran by Gerard (administrator) on GERARD-OSOBNÍ (14-03-2017 18:00:28)
Running from C:\Users\Gerard\Desktop
Loaded Profiles: Gerard (Available Profiles: Gerard)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: "C:\Program Files (x86)\Firefox\Firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\ASUSTek Computer Inc\ASUS U3100MINI PLUS V2 Utilities\RTLRCtl.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(hxxp://www.amuleall.org/) C:\Config.Msi\19937a.rbf
() C:\Program Files (x86)\Explorer\iedvutils.exe
() C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Explorer\iexplore.exe
(forum.viry.cz) C:\Users\Gerard\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Driver Genius] => [X]
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [RealtekHDAUpgrade] => RealtekHDAUpgrade
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\...\MountPoints2: {6ca2659c-6527-11e5-9b2e-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk [2015-09-27]
ShortcutTarget: Remote Control.lnk -> C:\Program Files (x86)\ASUSTek Computer Inc\ASUS U3100MINI PLUS V2 Utilities\RTLRCtl.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2016-01-09]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-03-14]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0ED6F968-6050-48DF-B7B8-4092160D0869}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... J90Z105457
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=148 ... J90Z105457
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1443 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1443 ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... J90Z105457
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... J90Z105457
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1443 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1443 ... earchTerms}
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=148 ... J90Z105457
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds ... earchTerms}
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001 -> {2313AC38-BA14-4797-8175-B74E8B13C266} URL =
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\na8rv4k9.default-1452362835227 [2017-03-14]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\na8rv4k9.default-1452362835227 -> startpageing123
FF Homepage: Mozilla\Firefox\Profiles\na8rv4k9.default-1452362835227 -> hxxps://www.seznam.cz/
FF SearchPlugin: C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\na8rv4k9.default-1452362835227\searchplugins\startpageing123.xml [2017-03-14]
FF ProfilePath: C:\Users\Gerard\AppData\Roaming\Firefox\Firefox\Profiles\na8rv4k9.default-1452362835227 [2017-03-14]
FF Homepage: Firefox\Firefox\Profiles\na8rv4k9.default-1452362835227 -> hxxps://www.seznam.cz/
FF Extension: (SimilarWeb) - C:\Users\Gerard\AppData\Roaming\Firefox\Firefox\Profiles\na8rv4k9.default-1452362835227\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-14] [not signed]
FF Extension: (FF Adr) - C:\Users\Gerard\AppData\Roaming\Firefox\Firefox\Profiles\na8rv4k9.default-1452362835227\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-14] [not signed]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Gerard\AppData\Roaming\Firefox\Firefox\Profiles\na8rv4k9.default-1452362835227\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-03-14] [not signed]
FF SearchPlugin: C:\Users\Gerard\AppData\Roaming\Firefox\Firefox\Profiles\na8rv4k9.default-1452362835227\searchplugins\startsearch.xml [2017-03-14]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\7r0jcc5e.default\extensions\deskCutv2@gmail.com => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-27] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [104624 2017-03-10] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 iedvutils; C:\Program Files (x86)\Explorer\iedvutils.exe [89272 2017-03-14] ()
S2 Kyubey; C:\Users\Gerard\AppData\Roaming\Kyubey\Kyubey.exe [113664 2017-03-14] () [File not signed]
S2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer336.exe [235776 2015-12-15] (MustangService)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-03-14] (Realtek Semiconductor.) [File not signed]
R2 wimApSrv; C:\ProgramData\VMware\VMware Service\vmAutoStart.dll [105984 2017-03-14] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Gerard\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-03-14] (Windows) [File not signed]
R2 WinSnare; C:\Users\Gerard\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-14] (InterSect Alliance Pty Ltd) [File not signed] <==== ATTENTION
R2 ed2kidle; "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 ASUSVRC64; C:\Windows\System32\DRIVERS\AsusVRC64.sys [23424 2008-10-13] (ASUSTeK COMPUTER INC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-03] ()
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
S3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [521944 2013-09-12] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3741960 2015-06-19] (Realtek Semiconductor Corporation )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2017-03-14] (SlimWare Utilities, Inc.)
S3 AIDA64Driver; \??\C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [X]
S3 ATICDSDr; \??\C:\Users\Gerard\AppData\Local\Temp\ATICDSDr.sys [X] <==== ATTENTION
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 18:00 - 2017-03-14 18:00 - 00015327 _____ C:\Users\Gerard\Desktop\LM.bat
2017-03-14 18:00 - 2017-03-14 18:00 - 00015055 _____ C:\Users\Gerard\Desktop\FRST.txt
2017-03-14 17:59 - 2017-03-14 18:00 - 00029696 _____ C:\Users\Gerard\AppData\Local\MSGBOX.EXE
2017-03-14 17:59 - 2017-03-14 18:00 - 00000000 ____D C:\FRST
2017-03-14 17:57 - 2017-03-14 17:57 - 02424832 _____ (Farbar) C:\Users\Gerard\Desktop\FRST64.exe
2017-03-14 17:57 - 2017-03-14 17:57 - 00112640 _____ (forum.viry.cz) C:\Users\Gerard\Desktop\FRSTLauncher.exe
2017-03-14 17:44 - 2017-03-14 17:44 - 00000000 ____D C:\Windows\SysWOW64\WinFast
2017-03-14 17:31 - 2017-03-14 17:31 - 00002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-14 17:31 - 2017-03-14 17:31 - 00002072 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-14 17:31 - 2017-03-14 17:31 - 00000000 ____D C:\Users\Gerard\AppData\Local\Noflat
2017-03-14 17:31 - 2017-03-14 17:31 - 00000000 ____D C:\Users\Gerard\AppData\Local\Google
2017-03-14 17:31 - 2017-03-14 17:31 - 00000000 ____D C:\ProgramData\VMware
2017-03-14 17:31 - 2017-03-14 17:31 - 00000000 ____D C:\Program Files (x86)\Noflat
2017-03-14 17:29 - 2017-03-14 17:31 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-14 17:29 - 2017-03-14 17:29 - 00000000 ____D C:\Windows\system32\log
2017-03-14 17:29 - 2016-05-23 03:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2017-03-14 17:29 - 2016-05-19 07:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2017-03-14 17:27 - 2017-03-14 17:51 - 00000000 ____D C:\Users\Gerard\AppData\LocalLow\Mozilla
2017-03-14 17:26 - 2017-03-14 17:26 - 00000000 ____D C:\Users\Gerard\AppData\Roaming\Firefox
2017-03-14 17:26 - 2017-03-14 17:26 - 00000000 ____D C:\Users\Gerard\AppData\Local\Firefox
2017-03-14 17:26 - 2017-03-14 17:26 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-14 17:25 - 2017-03-14 17:47 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-14 17:23 - 2017-03-14 17:36 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-14 17:23 - 2017-03-14 17:23 - 00001873 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
2017-03-14 17:23 - 2017-03-14 17:23 - 00000000 ____D C:\Program Files (x86)\Explorer
2017-03-14 17:20 - 2017-03-14 17:20 - 00000000 ____D C:\Program Files (x86)\n1
2017-03-14 17:19 - 2017-03-14 17:43 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-14 17:19 - 2017-03-14 17:20 - 00003576 _____ C:\Windows\System32\Tasks\Milimili
2017-03-14 17:19 - 2017-03-14 17:19 - 00000000 ____D C:\Users\Gerard\AppData\Roaming\WinSnare
2017-03-14 17:19 - 2017-03-14 17:19 - 00000000 ____D C:\Users\Gerard\AppData\Roaming\WinSAPSvc
2017-03-14 17:19 - 2017-03-14 17:19 - 00000000 ____D C:\Users\Gerard\AppData\Roaming\Kyubey
2017-03-14 17:19 - 2017-03-14 17:19 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-14 16:57 - 2000-01-01 01:00 - 01028352 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2017-03-14 16:57 - 2000-01-01 01:00 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-03-14 16:18 - 2017-03-14 16:22 - 00000000 ____D C:\Users\Gerard\AppData\Roaming\TP-LINK
2017-03-14 16:18 - 2017-03-14 16:18 - 00002271 _____ C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
2017-03-14 16:18 - 2017-03-14 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2017-03-14 16:17 - 2017-03-14 16:17 - 00000000 ____D C:\Program Files (x86)\TP-LINK
2017-03-14 16:16 - 2015-06-19 02:54 - 03741960 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtwlanu.sys
2017-03-14 16:16 - 2015-06-19 02:54 - 03741960 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2017-03-14 16:16 - 2015-06-19 02:54 - 00030472 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll
2017-03-14 16:16 - 2015-06-19 02:53 - 00028467 _____ C:\Windows\system32\netrtwlanu.cat
2017-03-14 16:16 - 2015-02-16 15:19 - 00008320 _____ C:\Windows\system32\rtlCoInst.dat
2017-03-14 16:15 - 2017-03-14 16:16 - 00000000 ____D C:\ProgramData\TP-LINK

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 17:58 - 2016-01-03 15:03 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-03-14 17:58 - 2016-01-03 15:03 - 00000000 ____D C:\Windows\system32\DAX2
2017-03-14 17:58 - 2015-09-27 16:04 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-03-14 17:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-14 17:47 - 2009-07-14 05:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-14 17:47 - 2009-07-14 05:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-14 17:44 - 2015-09-27 16:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-14 17:29 - 2015-09-27 16:01 - 00001713 _____ C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-03-14 17:27 - 2009-07-14 16:18 - 00668866 _____ C:\Windows\system32\perfh005.dat
2017-03-14 17:27 - 2009-07-14 16:18 - 00141526 _____ C:\Windows\system32\perfc005.dat
2017-03-14 17:27 - 2009-07-14 06:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-14 17:26 - 2015-09-27 16:52 - 00002291 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-14 17:26 - 2015-09-27 16:52 - 00002221 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-14 17:24 - 2015-09-27 17:21 - 00000000 ____D C:\Program Files (x86)\RayDld
2017-03-14 17:23 - 2015-09-27 16:01 - 00002664 _____ C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-14 17:16 - 2015-10-01 20:04 - 00002840 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2017-03-14 17:16 - 2015-10-01 20:04 - 00000412 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2017-03-14 17:16 - 2015-10-01 20:03 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2017-03-14 17:15 - 2015-09-27 17:00 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-14 17:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-14 16:57 - 2015-09-27 16:05 - 00000000 ____D C:\Program Files (x86)\Realtek

==================== Files in the root of some directories =======

2017-03-14 17:59 - 2017-03-14 18:00 - 0029696 _____ () C:\Users\Gerard\AppData\Local\MSGBOX.EXE
2015-10-02 09:34 - 2015-10-02 09:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2015-09-27 17:48 - 2015-09-27 17:48 - 0983320 _____ (Soft Installer ) C:\Users\Gerard\AppData\Local\Temp\ICReinstall_realtek-high-definition-audio-driver.exe
2015-09-27 17:00 - 2014-07-02 18:44 - 1214048 _____ (NVIDIA Corporation) C:\Users\Gerard\AppData\Local\Temp\nvSCPAPI.dll
2015-09-27 17:00 - 2014-07-02 18:44 - 0411936 _____ (NVIDIA Corporation) C:\Users\Gerard\AppData\Local\Temp\nvSCPAPISvr.exe
2016-01-03 14:43 - 2014-07-02 18:44 - 0826712 _____ (NVIDIA Corporation) C:\Users\Gerard\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-19 11:13

==================== End of FRST.txt ============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.044 - Log vytvořen 14/03/2017 v 18:43:44
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-14.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Gerard - GERARD-OSOBNÍ
# Spuštěno z : C:\Users\Gerard\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: MustangService_2015_10_10
[-] Služba smazána: iSafeKrnlMon
[-] Služba smazána: swdumon
[-] Služba smazána: FirefoxU
[-] Služba smazána: WinSAPSvc
[-] Služba smazána: ed2kidle
[-] Služba smazána: EsgScanner
[-] Služba smazána: WinSnare
[-] Služba smazána: iedvutils
[-] Služba smazána: Kyubey


***** [ Složky ] *****

[-] Složka smazána: C:\Users\Gerard\AppData\Local\eSupport.com
[-] Složka smazána: C:\Users\Gerard\AppData\Local\slimware utilities inc
[#] Složka smazána po restartu: C:\Users\Gerard\AppData\Local\SlimWare Utilities Inc
[-] Složka smazána: C:\Users\Gerard\AppData\Roaming\WinSAPSvc
[-] Složka smazána: C:\Users\Gerard\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Users\Gerard\AppData\Roaming\Kyubey
[-] Složka smazána: C:\ProgramData\TempMoudleSet
[-] Složka smazána: C:\ProgramData\SlimWare Utilities, Inc
[#] Složka smazána po restartu: C:\ProgramData\Application Data\TempMoudleSet
[#] Složka smazána po restartu: C:\ProgramData\Application Data\SlimWare Utilities, Inc
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[-] Složka smazána: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[-] Složka smazána: C:\Users\Public\Documents\Downloaded Installers
[-] Složka smazána: C:\Program Files (x86)\eSupport.com
[-] Složka smazána: C:\Program Files (x86)\RayDld
[-] Složka smazána: C:\Program Files (x86)\SlimDrivers
[-] Složka smazána: C:\Program Files (x86)\BikaQRss
[-] Složka smazána: C:\Program Files (x86)\Firefox
[#] Složka smazána po restartu: C:\Users\Gerard\AppData\Roaming\WinSnare
[-] Složka smazána: C:\Program Files (x86)\Explorer
[-] Složka smazána: C:\Users\Gerard\AppData\Roaming\Firefox
[-] Složka smazána: C:\Users\Gerard\AppData\Local\Firefox


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Gerard\Desktop\Find Drivers with DriverAgent.lnk
[-] Soubor smazán: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán: C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
[-] Soubor smazán: C:\Windows\SysNative\drivers\iSafeNetFilter.sys
[-] Soubor smazán: C:\Windows\SysNative\drivers\swdumon.sys
[-] Soubor smazán: C:\Windows\SysNative\drivers\EsgScanner.sys
[-] Soubor smazán: C:\Users\Public\Desktop\SlimDrivers.lnk
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
[-] Soubor smazán: C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\na8rv4k9.default-1452362835227\searchplugins\startpageing123.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce vyléčen: C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce vyléčen: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
[-] Zástupce vyléčen: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk


***** [ Naplánované úlohy ] *****

[-] Úloha smazána: LaunchPreSignup
[-] Úloha smazána: SlimDrivers Startup
[-] Úloha smazána: Milimili


***** [ Registry ] *****

[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\services\MustangService_2015_10_10
[-] Klíč smazán: HKCU\Software\5bee1429fe136a70b667eda3a3c287ab
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\iedvutils
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\iedvutils
[-] Klíč smazán: HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{8DD92279-9B04-4C6F-A862-EF3C24603804}
[-] Klíč smazán: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\eSupport.com
[-] Klíč smazán: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\Mozilla\Extends
[-] Klíč smazán: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\PRODUCTSETUP
[-] Klíč smazán: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\SlimWare Utilities Inc
[-] Klíč smazán: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\UpdateStar
[#] Klíč smazán po restartu: HKCU\Software\eSupport.com
[#] Klíč smazán po restartu: HKCU\Software\Mozilla\Extends
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\SlimWare Utilities Inc
[#] Klíč smazán po restartu: HKCU\Software\UpdateStar
[-] Klíč smazán: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Klíč smazán: HKLM\SOFTWARE\ihpmserver
[-] Klíč smazán: HKLM\SOFTWARE\istartsurfSoftware
[-] Klíč smazán: HKLM\SOFTWARE\RayDld
[-] Klíč smazán: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius Professional Edition_is1
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverAgent_is1
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{746AB259-6474-4111-8966-1C62F9A6E063}
[#] Klíč smazán po restartu: [x64] HKCU\Software\eSupport.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Mozilla\Extends
[#] Klíč smazán po restartu: [x64] HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: [x64] HKCU\Software\SlimWare Utilities Inc
[#] Klíč smazán po restartu: [x64] HKCU\Software\UpdateStar
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
[-] Data obnovena: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]


***** [ Prohlížeče ] *****

[-] Firefox předvolby vyčištěny: "browser.search.defaultenginename" - "startpageing123"


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9851 Bajty] - [14/03/2017 18:43:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [11937 Bajty] - [14/03/2017 18:39:55]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9998 Bajty] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2017
Ran by Gerard (administrator) on GERARD-OSOBNÍ (14-03-2017 18:54:49)
Running from C:\Users\Gerard\Desktop
Loaded Profiles: Gerard (Available Profiles: Gerard)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\ASUSTek Computer Inc\ASUS U3100MINI PLUS V2 Utilities\RTLRCtl.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(forum.viry.cz) C:\Users\Gerard\Desktop\FRST-OlderVersion\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16473344 2000-01-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [Driver Genius] => [X]
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-19] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\...\MountPoints2: {6ca2659c-6527-11e5-9b2e-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk [2015-09-27]
ShortcutTarget: Remote Control.lnk -> C:\Program Files (x86)\ASUSTek Computer Inc\ASUS U3100MINI PLUS V2 Utilities\RTLRCtl.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2016-01-09]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2017-03-14]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0ED6F968-6050-48DF-B7B8-4092160D0869}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1443 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1443 ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1443 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1443 ... earchTerms}
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001 -> {2313AC38-BA14-4797-8175-B74E8B13C266} URL =
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\na8rv4k9.default-1452362835227 [2017-03-14]
FF Homepage: Mozilla\Firefox\Profiles\na8rv4k9.default-1452362835227 -> hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-27] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
R2 wimApSrv; C:\ProgramData\VMware\VMware Service\vmAutoStart.dll [105984 2017-03-14] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 ASUSVRC64; C:\Windows\System32\DRIVERS\AsusVRC64.sys [23424 2008-10-13] (ASUSTeK COMPUTER INC.)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-10-13] (NVIDIA Corporation)
S3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [521944 2013-09-12] (Realtek Semiconductor Corporation )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3741960 2015-06-19] (Realtek Semiconductor Corporation )
S3 AIDA64Driver; \??\C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [X]
S3 ATICDSDr; \??\C:\Users\Gerard\AppData\Local\Temp\ATICDSDr.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 18:54 - 2017-03-14 18:55 - 00010719 _____ C:\Users\Gerard\Desktop\FRST.txt
2017-03-14 18:54 - 2017-03-14 18:54 - 00000000 ____D C:\Users\Gerard\Desktop\FRST-OlderVersion
2017-03-14 18:48 - 2017-03-14 18:48 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-14 18:38 - 2017-03-14 18:43 - 00000000 ____D C:\AdwCleaner
2017-03-14 18:37 - 2017-03-14 18:37 - 04031440 _____ C:\Users\Gerard\Desktop\adwcleaner_6.044.exe
2017-03-14 18:33 - 2017-03-14 18:33 - 00000000 ____D C:\Program Files\Realtek
2017-03-14 18:33 - 2000-01-01 01:00 - 15128176 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 05876734 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-03-14 18:33 - 2000-01-01 01:00 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2017-03-14 18:33 - 2000-01-01 01:00 - 04874496 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-03-14 18:33 - 2000-01-01 01:00 - 03299824 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 03283248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 03199232 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 03181209 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2017-03-14 18:33 - 2000-01-01 01:00 - 03086960 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 02895104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-03-14 18:33 - 2000-01-01 01:00 - 02718664 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 02477528 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 02190992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 02110600 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 01847888 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 01435152 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 01355616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 01023240 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00927424 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00888480 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00873472 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00716112 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00596120 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00589072 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.DLL
2017-03-14 18:33 - 2000-01-01 01:00 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00467168 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00450128 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00381416 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00341160 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00341160 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00224264 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00209544 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00192984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00172584 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00110992 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2017-03-14 18:33 - 2000-01-01 01:00 - 00023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 72520720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-03-14 18:32 - 2000-01-01 01:00 - 14057256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 13122584 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 12988352 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 10512456 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 06342576 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 06264640 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 05776968 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 05339560 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 05289952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 03282032 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 02825112 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 02437760 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 02053376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 02050184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01959608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01601952 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01422936 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01334384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01213664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01186824 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01166168 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01061120 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 01003864 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00999864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00931624 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00923744 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00708320 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00678192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00677680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00514528 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00500560 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00472312 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00447728 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00445408 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00428232 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00416512 _____ (Harman) C:\Windows\system32\HMUI.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00371456 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00366128 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00362064 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00360352 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00327464 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00310424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00203848 _____ (Harman) C:\Windows\system32\HMHVS.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00190944 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00190944 _____ (Harman) C:\Windows\system32\HMEQ.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00179608 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00154368 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00105312 _____ C:\Windows\system32\audioLibVc.dll
2017-03-14 18:32 - 2000-01-01 01:00 - 00084624 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2017-03-14 18:31 - 2000-01-01 01:00 - 02826832 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-03-14 18:21 - 2017-03-14 18:21 - 00004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 18:04 - 2017-03-14 18:04 - 00007210 _____ C:\Users\Gerard\Desktop\Addition.zip
2017-03-14 17:59 - 2017-03-14 18:54 - 00000000 ____D C:\FRST
2017-03-14 17:57 - 2017-03-14 18:54 - 02424832 _____ (Farbar) C:\Users\Gerard\Desktop\FRST64.exe
2017-03-14 17:44 - 2017-03-14 17:44 - 00000000 ____D C:\Windows\SysWOW64\WinFast
2017-03-14 17:31 - 2017-03-14 17:31 - 00002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-14 17:31 - 2017-03-14 17:31 - 00002072 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-14 17:31 - 2017-03-14 17:31 - 00000000 ____D C:\Users\Gerard\AppData\Local\Noflat
2017-03-14 17:31 - 2017-03-14 17:31 - 00000000 ____D C:\Users\Gerard\AppData\Local\Google
2017-03-14 17:31 - 2017-03-14 17:31 - 00000000 ____D C:\ProgramData\VMware
2017-03-14 17:31 - 2017-03-14 17:31 - 00000000 ____D C:\Program Files (x86)\Noflat
2017-03-14 17:29 - 2017-03-14 18:43 - 00000000 ____D C:\Windows\system32\log
2017-03-14 17:27 - 2017-03-14 18:38 - 00000000 ____D C:\Users\Gerard\AppData\LocalLow\Mozilla
2017-03-14 17:25 - 2017-03-14 17:47 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-14 17:23 - 2017-03-14 17:23 - 00001873 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
2017-03-14 17:20 - 2017-03-14 17:20 - 00000000 ____D C:\Program Files (x86)\n1
2017-03-14 17:19 - 2017-03-14 17:19 - 00000000 ____D C:\Program Files (x86)\MIO
2017-03-14 16:57 - 2000-01-01 01:00 - 01028352 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2017-03-14 16:57 - 2000-01-01 01:00 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-03-14 16:18 - 2017-03-14 16:22 - 00000000 ____D C:\Users\Gerard\AppData\Roaming\TP-LINK
2017-03-14 16:18 - 2017-03-14 16:18 - 00002271 _____ C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
2017-03-14 16:18 - 2017-03-14 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2017-03-14 16:17 - 2017-03-14 16:17 - 00000000 ____D C:\Program Files (x86)\TP-LINK
2017-03-14 16:16 - 2015-06-19 02:54 - 03741960 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtwlanu.sys
2017-03-14 16:16 - 2015-06-19 02:54 - 03741960 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2017-03-14 16:16 - 2015-06-19 02:54 - 00030472 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll
2017-03-14 16:16 - 2015-06-19 02:53 - 00028467 _____ C:\Windows\system32\netrtwlanu.cat
2017-03-14 16:16 - 2015-02-16 15:19 - 00008320 _____ C:\Windows\system32\rtlCoInst.dat
2017-03-14 16:15 - 2017-03-14 16:16 - 00000000 ____D C:\ProgramData\TP-LINK

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 18:53 - 2009-07-14 05:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-14 18:53 - 2009-07-14 05:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-14 18:52 - 2009-07-14 16:18 - 00668866 _____ C:\Windows\system32\perfh005.dat
2017-03-14 18:52 - 2009-07-14 16:18 - 00141526 _____ C:\Windows\system32\perfc005.dat
2017-03-14 18:52 - 2009-07-14 06:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-14 18:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-14 18:46 - 2015-09-27 17:00 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-14 18:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-14 18:43 - 2015-09-27 16:52 - 00000836 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-14 18:43 - 2015-09-27 16:52 - 00000766 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-14 18:43 - 2015-09-27 16:01 - 00001024 _____ C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-14 18:35 - 2015-09-27 16:04 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-03-14 18:33 - 2016-01-03 15:03 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-03-14 18:33 - 2016-01-03 15:03 - 00000000 ____D C:\Windows\system32\DAX2
2017-03-14 18:32 - 2015-09-27 16:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-14 18:21 - 2015-09-27 17:19 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 18:21 - 2015-09-27 17:19 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 18:21 - 2015-09-27 17:19 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 18:21 - 2015-09-27 17:19 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-14 18:20 - 2015-09-27 17:18 - 00000000 ____D C:\Users\Gerard\AppData\Local\Adobe
2017-03-14 17:29 - 2015-09-27 16:01 - 00001713 _____ C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-03-14 16:57 - 2015-09-27 16:05 - 00000000 ____D C:\Program Files (x86)\Realtek

==================== Files in the root of some directories =======

2015-10-02 09:34 - 2015-10-02 09:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2015-09-27 17:48 - 2015-09-27 17:48 - 0983320 _____ (Soft Installer ) C:\Users\Gerard\AppData\Local\Temp\ICReinstall_realtek-high-definition-audio-driver.exe
2015-09-27 17:00 - 2014-07-02 18:44 - 1214048 _____ (NVIDIA Corporation) C:\Users\Gerard\AppData\Local\Temp\nvSCPAPI.dll
2015-09-27 17:00 - 2014-07-02 18:44 - 0411936 _____ (NVIDIA Corporation) C:\Users\Gerard\AppData\Local\Temp\nvSCPAPISvr.exe
2016-01-03 14:43 - 2014-07-02 18:44 - 0826712 _____ (NVIDIA Corporation) C:\Users\Gerard\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-19 11:13

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:931.41 GB) (Free:887.78 GB) NTFS
Drive d: (CD176A4) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS

Available physical RAM: 3167.79 MB
Total physical RAM: 4094.49 MB
Percentage of memory in use: 22%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 016D016D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Gerard\Desktop" je 23 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [Driver Genius] => [X]
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\...\MountPoints2: {6ca2659c-6527-11e5-9b2e-806e6f6e6963} - D:\Autorun.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds& ... z105457&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds& ... z105457&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds& ... z105457&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds& ... z105457&q={searchTerms}
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001 -> {2313AC38-BA14-4797-8175-B74E8B13C266} URL =
S3 ATICDSDr; \??\C:\Users\Gerard\AppData\Local\Temp\ATICDSDr.sys [X] <==== ATTENTION
C:\ProgramData\DP45977C.lfl
C:\Users\Gerard\AppData\Local\Temp
Task: {09C4FF57-534E-42B8-9BD8-359D565EEA63} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {9A5F3F11-C2F4-47A6-BBDB-527660E49036} - System32\Tasks\{0295069D-E874-414E-B75E-8F42301DC97F} => pcalua.exe -a "E:\záloha\Stažené soubory\wdm_r272.exe" -d "E:\záloha\Stažené soubory"
Task: {D0CB2D1F-821F-46B6-883F-7B05230C237F} - System32\Tasks\{CEE55DB1-4713-4CBD-B337-92A65226CE0C} => pcalua.exe -a D:\Autorun.exe -d D:\ -c HowToUse\HowToUse.html
Task: {ED54233D-5C93-4869-A280-7EA63E941EEB} - System32\Tasks\{FD39F1BF-F118-4B6E-B065-ED04DA00326B} => pcalua.exe -a "E:\záloha\Stažené soubory
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=148 ... J90Z105457
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=148 ... J90Z105457
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=148 ... J90Z105457
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=148 ... J90Z105457
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=148 ... J90Z105457
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=148 ... J90Z105457
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=148 ... J90Z105457
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=148 ... J90Z105457

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-03-2017
Ran by Gerard (14-03-2017 20:15:10) Run:1
Running from C:\Users\Gerard\Desktop
Loaded Profiles: Gerard (Available Profiles: Gerard)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [Driver Genius] => [X]
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\...\MountPoints2: {6ca2659c-6527-11e5-9b2e-806e6f6e6963} - D:\Autorun.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds& ... z105457&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds& ... z105457&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds& ... z105457&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds& ... z105457&q={searchTerms}
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4194783695-2281227778-3063890349-1001 -> {2313AC38-BA14-4797-8175-B74E8B13C266} URL =
S3 ATICDSDr; \??\C:\Users\Gerard\AppData\Local\Temp\ATICDSDr.sys [X] <==== ATTENTION
C:\ProgramData\DP45977C.lfl
C:\Users\Gerard\AppData\Local\Temp
Task: {09C4FF57-534E-42B8-9BD8-359D565EEA63} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {9A5F3F11-C2F4-47A6-BBDB-527660E49036} - System32\Tasks\{0295069D-E874-414E-B75E-8F42301DC97F} => pcalua.exe -a "E:\záloha\Stažené soubory\wdm_r272.exe" -d "E:\záloha\Stažené soubory"
Task: {D0CB2D1F-821F-46B6-883F-7B05230C237F} - System32\Tasks\{CEE55DB1-4713-4CBD-B337-92A65226CE0C} => pcalua.exe -a D:\Autorun.exe -d D:\ -c HowToUse\HowToUse.html
Task: {ED54233D-5C93-4869-A280-7EA63E941EEB} - System32\Tasks\{FD39F1BF-F118-4B6E-B065-ED04DA00326B} => pcalua.exe -a "E:\záloha\Stažené soubory
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc ... J90Z105457
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc ... J90Z105457
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc ... J90Z105457
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc ... J90Z105457
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc ... J90Z105457
ShortcutWithArgument: C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc ... J90Z105457
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc ... J90Z105457
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc ... J90Z105457

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Driver Genius => value removed successfully
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ca2659c-6527-11e5-9b2e-806e6f6e6963} => key removed successfully
HKCR\CLSID\{6ca2659c-6527-11e5-9b2e-806e6f6e6963} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-4194783695-2281227778-3063890349-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2313AC38-BA14-4797-8175-B74E8B13C266} => key removed successfully
HKCR\CLSID\{2313AC38-BA14-4797-8175-B74E8B13C266} => key not found.
HKLM\System\CurrentControlSet\Services\ATICDSDr => key removed successfully
ATICDSDr => service removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Gerard\AppData\Local\Temp" folder move:

Could not move "C:\Users\Gerard\AppData\Local\Temp" => Scheduled to move on reboot.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09C4FF57-534E-42B8-9BD8-359D565EEA63} => key not found.
C:\Windows\System32\Tasks\LaunchPreSignup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A5F3F11-C2F4-47A6-BBDB-527660E49036} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A5F3F11-C2F4-47A6-BBDB-527660E49036} => key removed successfully
C:\Windows\System32\Tasks\{0295069D-E874-414E-B75E-8F42301DC97F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0295069D-E874-414E-B75E-8F42301DC97F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0CB2D1F-821F-46B6-883F-7B05230C237F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0CB2D1F-821F-46B6-883F-7B05230C237F} => key removed successfully
C:\Windows\System32\Tasks\{CEE55DB1-4713-4CBD-B337-92A65226CE0C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CEE55DB1-4713-4CBD-B337-92A65226CE0C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED54233D-5C93-4869-A280-7EA63E941EEB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED54233D-5C93-4869-A280-7EA63E941EEB} => key removed successfully
C:\Windows\System32\Tasks\{FD39F1BF-F118-4B6E-B065-ED04DA00326B} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FD39F1BF-F118-4B6E-B065-ED04DA00326B} => key removed successfully
C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Gerard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14516870 B
Java, Flash, Steam htmlcache => 888 B
Windows/system/drivers => 40801794 B
Edge => 0 B
Chrome => 0 B
Firefox => 376642983 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83699 B
systemprofile32 => 8678808 B
LocalService => 66228 B
NetworkService => 692 B
Gerard => 2188244108 B

RecycleBin => 84456602 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-03-2017 20:16:45)

"C:\Users\Gerard\AppData\Local\Temp" => Could not move

==== End of Fixlog 20:16:48 ====

Smazáno. Nastala nějaká změna?

Ano,
vše je v pořádku.
Moc děkuji. Pokud chcete napsat, že není zač, tak je. Ještě jednou děkuji Radek.

Opravdu není zač. Mám to tu jako relax.