VIRY.CZ

Dobrý den,
jak mám postupovat dále. Děkuji Agatka

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Andrea (administrator) on ANDREA-PC (04-04-2017 20:30:17)
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea (Available Profiles: Andrea)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(MEDIAN s.r.o.) C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Farbar) C:\Users\Andrea\Desktop\FRST (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2009-01-19] (Sony Corporation)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WwwAccessConnectorUrlMonitor] => C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe [274944 2016-06-29] (MEDIAN s.r.o.)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-02-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Url Monitor.lnk [2015-09-01]
ShortcutTarget: Url Monitor.lnk -> C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe (MEDIAN s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5CDE5058-9E40-4DDC-828B-4E2609822D96}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8C900FA7-380C-46AA-AF30-5FEC3355B95F}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2008-10-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2008-10-05] ()
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default [2017-04-04]
CHR Extension: (YouTube) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-02] (ArcSoft Inc.)
S2 AudioHubWwwAccessConnector; C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnector.exe [187392 2016-06-29] (MEDIAN s.r.o.) [File not signed]
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-04] (Google)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-10-15] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-08] (Sony Corporation) [File not signed]
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-01-20] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-01-20] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
R2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-20] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
S3 lgmdbus; C:\Windows\System32\DRIVERS\lgmdbus.sys [89600 2008-07-08] (MCCI Corporation)
S3 lgmdmdfl; C:\Windows\System32\DRIVERS\lgmdmdfl.sys [14976 2008-07-08] (MCCI Corporation)
S3 lgmdmdm; C:\Windows\System32\DRIVERS\lgmdmdm.sys [121344 2008-07-08] (MCCI Corporation)
S3 lgmdmgmt; C:\Windows\System32\DRIVERS\lgmdmgmt.sys [114944 2008-07-08] (MCCI Corporation)
S3 lgmdobex; C:\Windows\System32\DRIVERS\lgmdobex.sys [111232 2008-07-08] (MCCI Corporation)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-04 20:30 - 2017-04-04 20:32 - 00013587 _____ C:\Users\Andrea\Desktop\FRST.txt
2017-04-04 20:29 - 2017-04-04 20:30 - 00000000 ____D C:\FRST
2017-04-04 20:29 - 2017-04-04 20:29 - 00015327 _____ C:\Users\Andrea\Desktop\LM.bat
2017-04-04 20:28 - 2017-04-04 20:29 - 00029696 _____ C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2017-04-04 20:26 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Desktop\FRSTLauncher.exe
2017-04-04 20:22 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Downloads\FRSTLauncher.exe
2017-04-04 20:21 - 2017-04-04 20:21 - 01766912 _____ (Farbar) C:\Users\Andrea\Desktop\FRST (1).exe
2017-04-04 20:20 - 2017-04-04 20:21 - 01766912 _____ (Farbar) C:\Users\Andrea\Downloads\FRST (1).exe
2017-04-04 18:52 - 2017-04-04 18:53 - 00364216 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-04 17:54 - 2017-04-04 17:54 - 00093232 _____ C:\Users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-04 13:04 - 2017-04-04 17:46 - 00000000 ____D C:\Users\Andrea\AppData\Local\ESET
2017-04-04 13:03 - 2017-04-04 13:04 - 06751872 _____ (ESET spol. s r.o.) C:\Users\Andrea\Downloads\esetonlinescanner_csy.exe
2017-04-04 11:04 - 2017-04-04 11:04 - 00055913 _____ C:\Users\Andrea\Documents\dl-voucher-dobrovsky-duben-2017.pdf
2017-04-04 10:06 - 2017-04-04 10:06 - 00000000 ____D C:\rsit
2017-03-28 09:42 - 2017-03-28 09:42 - 02148188 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09 (1).pdf
2017-03-28 09:40 - 2017-03-28 09:41 - 00682954 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09.pdf
2017-03-21 11:58 - 2017-03-21 14:59 - 1766320358 _____ C:\Users\Andrea\Desktop\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.) (1).avi
2017-03-21 11:11 - 2017-03-21 11:50 - 377888487 _____ C:\Users\Andrea\Downloads\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.).avi
2017-03-19 13:16 - 2017-03-19 13:17 - 07029472 _____ (Microsoft Corporation) C:\Users\Andrea\Downloads\Silverlight (2).exe
2017-03-16 21:15 - 2017-03-16 21:15 - 01136458 _____ C:\Users\Andrea\Documents\Elle.PDF
2017-03-16 21:13 - 2017-03-16 21:13 - 01136458 _____ C:\Users\Andrea\Downloads\387074.PDF
2017-03-09 13:39 - 2017-03-09 13:39 - 00017281 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx.zip
2017-03-09 13:39 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017 (1).xlsx
2017-03-09 13:38 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx
2017-03-09 12:14 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Documents\Posedlost.PDF
2017-03-09 12:13 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Downloads\626176 (1).PDF
2017-03-09 12:12 - 2017-03-09 12:12 - 00601213 _____ C:\Users\Andrea\Downloads\626176.PDF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-04 20:19 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-04 20:19 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-04 18:53 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 18:30 - 2006-11-02 15:01 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-04 17:46 - 2015-09-01 12:33 - 01576960 _____ C:\Windows\system32\tempResults.db
2017-04-04 17:44 - 2013-12-11 10:19 - 00000000 ____D C:\AdwCleaner
2017-04-04 10:07 - 2014-02-18 10:39 - 00000000 ____D C:\Program Files\trend micro
2017-03-28 09:36 - 2009-03-09 20:09 - 03010488 _____ C:\Windows\system32\perfh005.dat
2017-03-28 09:36 - 2009-03-09 20:09 - 00983764 _____ C:\Windows\system32\perfc005.dat
2017-03-28 09:36 - 2006-11-02 12:33 - 00006606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-27 12:56 - 2016-11-19 11:24 - 1431435272 _____ C:\Users\Andrea\Desktop\Kočka-na-rozpálené-plechové-střeše---Cat-on-a-Hot-Tin-Roof-1958,-CZ-tit.avi
2017-03-27 12:56 - 2011-02-08 12:50 - 00073216 _____ C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-14 12:27 - 2013-03-25 09:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 12:27 - 2013-03-25 09:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-14 12:26 - 2011-01-28 22:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-12 11:17 - 2016-09-13 13:06 - 00006836 _____ C:\Users\Andrea\AppData\Local\d3d9caps.dat

==================== Files in the root of some directories =======

2011-11-21 13:45 - 2011-11-21 13:45 - 0000600 _____ () C:\Users\Andrea\AppData\Roaming\winscp.rnd
2011-02-24 12:47 - 2014-12-02 09:18 - 0001218 _____ () C:\Users\Andrea\AppData\Roaming\wklnhst.dat
2016-09-13 13:06 - 2017-03-12 11:17 - 0006836 _____ () C:\Users\Andrea\AppData\Local\d3d9caps.dat
2011-02-08 12:50 - 2017-03-27 12:56 - 0073216 _____ () C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-04 20:28 - 2017-04-04 20:29 - 0029696 _____ () C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2011-02-04 18:44 - 2011-02-04 18:47 - 0000184 _____ () C:\Users\Andrea\AppData\Local\setup.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-04 20:19

==================== End of FRST.txt ============================

Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Na ploše se objevil soubor LM. Dávkový soubor systému Windows (.bat).
Co je to ?
Děkuji



# AdwCleaner v6.045 - Logfile created 05/04/2017 at 09:12:13
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : Andrea - ANDREA-PC
# Running from : C:\Users\Andrea\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: DrvAgent32


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Andrea\AppData\Local\VirtualStore\Program Files\Free Offers from Freeze.com


***** [ Files ] *****

[-] File deleted: C:\Windows\system32\drivers\DrvAgent32.sys
[-] File deleted: C:\user.js


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: IHUninstallTrackingTASK
[-] Task deleted: ihuninstalltrackingtask


***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6565F37-655B-4c9e-AA5F-0307AC976ED4}
[-] Key deleted: HKLM\SOFTWARE\Classes\OpcMp4.OpcMp4Player
[-] Key deleted: HKLM\SOFTWARE\Classes\OpcMp4.OpcMp4Player.1


***** [ Web browsers ] *****

[-] [C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: arriva-vychodnicechy.cz


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2855 Bytes] - [30/03/2016 10:47:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [2281 Bytes] - [06/07/2016 19:18:55]
C:\AdwCleaner\AdwCleaner[C3].txt - [1797 Bytes] - [04/04/2017 10:01:55]
C:\AdwCleaner\AdwCleaner[C4].txt - [1635 Bytes] - [04/04/2017 17:44:31]
C:\AdwCleaner\AdwCleaner[C5].txt - [1768 Bytes] - [05/04/2017 09:12:13]
C:\AdwCleaner\AdwCleaner[R0].txt - [7737 Bytes] - [11/12/2013 10:20:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [8008 Bytes] - [11/12/2013 10:22:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [2752 Bytes] - [30/03/2016 10:45:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [2565 Bytes] - [06/07/2016 19:17:29]
C:\AdwCleaner\AdwCleaner[S3].txt - [1605 Bytes] - [04/04/2017 09:58:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [1451 Bytes] - [04/04/2017 17:42:52]
C:\AdwCleaner\AdwCleaner[S5].txt - [2344 Bytes] - [05/04/2017 09:09:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2352 Bytes] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Andrea (administrator) on ANDREA-PC (06-04-2017 14:12:10)
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea (Available Profiles: Andrea)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(MEDIAN s.r.o.) C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(MEDIAN s.r.o.) C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnector.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Farbar) C:\Users\Andrea\Desktop\FRST (2).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2009-01-19] (Sony Corporation)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WwwAccessConnectorUrlMonitor] => C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe [274944 2016-06-29] (MEDIAN s.r.o.)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-02-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Url Monitor.lnk [2015-09-01]
ShortcutTarget: Url Monitor.lnk -> C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe (MEDIAN s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5CDE5058-9E40-4DDC-828B-4E2609822D96}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8C900FA7-380C-46AA-AF30-5FEC3355B95F}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2008-10-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2008-10-05] ()
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default [2017-04-06]
CHR Extension: (YouTube) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-02] (ArcSoft Inc.)
R2 AudioHubWwwAccessConnector; C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnector.exe [187392 2016-06-29] (MEDIAN s.r.o.) [File not signed]
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-04] (Google)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-10-15] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-08] (Sony Corporation) [File not signed]
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-01-20] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-01-20] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
R2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-20] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
S3 lgmdbus; C:\Windows\System32\DRIVERS\lgmdbus.sys [89600 2008-07-08] (MCCI Corporation)
S3 lgmdmdfl; C:\Windows\System32\DRIVERS\lgmdmdfl.sys [14976 2008-07-08] (MCCI Corporation)
S3 lgmdmdm; C:\Windows\System32\DRIVERS\lgmdmdm.sys [121344 2008-07-08] (MCCI Corporation)
S3 lgmdmgmt; C:\Windows\System32\DRIVERS\lgmdmgmt.sys [114944 2008-07-08] (MCCI Corporation)
S3 lgmdobex; C:\Windows\System32\DRIVERS\lgmdobex.sys [111232 2008-07-08] (MCCI Corporation)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-06 14:12 - 2017-04-06 14:13 - 00013871 _____ C:\Users\Andrea\Desktop\FRST.txt
2017-04-06 14:11 - 2017-04-06 14:11 - 00015327 _____ C:\Users\Andrea\Desktop\LM.bat
2017-04-05 19:42 - 2017-04-05 19:42 - 00093232 _____ C:\Users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 19:42 - 2017-04-05 19:42 - 00002042 _____ C:\Users\Andrea\Desktop\ulice.txt
2017-04-05 19:40 - 2017-04-05 19:40 - 00364216 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-05 10:38 - 2017-04-05 12:13 - 852641850 _____ C:\Users\Andrea\Desktop\Sladký-pták-mládí---Sweet-Bird-of-Youth-1962,-CZ-tit (1).avi
2017-04-05 10:05 - 2017-04-05 10:35 - 201818956 _____ C:\Users\Andrea\Downloads\Sladký-pták-mládí---Sweet-Bird-of-Youth-1962,-CZ-tit.avi
2017-04-05 09:07 - 2017-04-05 09:06 - 04089296 _____ C:\Users\Andrea\Desktop\adwcleaner_6.045.exe
2017-04-05 09:06 - 2017-04-05 09:06 - 04089296 _____ C:\Users\Andrea\Downloads\adwcleaner_6.045.exe
2017-04-04 20:48 - 2017-04-04 20:47 - 01766912 _____ (Farbar) C:\Users\Andrea\Desktop\FRST (2).exe
2017-04-04 20:47 - 2017-04-04 20:47 - 01766912 _____ (Farbar) C:\Users\Andrea\Downloads\FRST (2).exe
2017-04-04 20:44 - 2017-04-04 20:44 - 00000000 ____D C:\Users\Andrea\Desktop\Nová složka (2)
2017-04-04 20:43 - 2017-04-04 20:43 - 02424832 _____ (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2017-04-04 20:29 - 2017-04-06 14:12 - 00000000 ____D C:\FRST
2017-04-04 20:28 - 2017-04-06 14:11 - 00029696 _____ C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2017-04-04 20:26 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Desktop\FRSTLauncher.exe
2017-04-04 20:22 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Downloads\FRSTLauncher.exe
2017-04-04 20:20 - 2017-04-04 20:21 - 01766912 _____ (Farbar) C:\Users\Andrea\Downloads\FRST (1).exe
2017-04-04 13:04 - 2017-04-04 17:46 - 00000000 ____D C:\Users\Andrea\AppData\Local\ESET
2017-04-04 13:03 - 2017-04-04 13:04 - 06751872 _____ (ESET spol. s r.o.) C:\Users\Andrea\Downloads\esetonlinescanner_csy.exe
2017-04-04 11:04 - 2017-04-04 11:04 - 00055913 _____ C:\Users\Andrea\Documents\dl-voucher-dobrovsky-duben-2017.pdf
2017-04-04 10:06 - 2017-04-04 10:06 - 00000000 ____D C:\rsit
2017-03-28 09:42 - 2017-03-28 09:42 - 02148188 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09 (1).pdf
2017-03-28 09:40 - 2017-03-28 09:41 - 00682954 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09.pdf
2017-03-21 11:58 - 2017-03-21 14:59 - 1766320358 _____ C:\Users\Andrea\Desktop\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.) (1).avi
2017-03-21 11:11 - 2017-03-21 11:50 - 377888487 _____ C:\Users\Andrea\Downloads\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.).avi
2017-03-19 13:16 - 2017-03-19 13:17 - 07029472 _____ (Microsoft Corporation) C:\Users\Andrea\Downloads\Silverlight (2).exe
2017-03-16 21:15 - 2017-03-16 21:15 - 01136458 _____ C:\Users\Andrea\Documents\Elle.PDF
2017-03-16 21:13 - 2017-03-16 21:13 - 01136458 _____ C:\Users\Andrea\Downloads\387074.PDF
2017-03-09 13:39 - 2017-03-09 13:39 - 00017281 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx.zip
2017-03-09 13:39 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017 (1).xlsx
2017-03-09 13:38 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx
2017-03-09 12:14 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Documents\Posedlost.PDF
2017-03-09 12:13 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Downloads\626176 (1).PDF
2017-03-09 12:12 - 2017-03-09 12:12 - 00601213 _____ C:\Users\Andrea\Downloads\626176.PDF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-06 13:52 - 2015-09-01 12:33 - 01586176 _____ C:\Windows\system32\tempResults.db
2017-04-06 13:51 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-06 13:51 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-06 13:51 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-06 13:36 - 2006-11-02 15:01 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-06 09:52 - 2009-03-09 20:09 - 03037236 _____ C:\Windows\system32\perfh005.dat
2017-04-06 09:52 - 2009-03-09 20:09 - 00993344 _____ C:\Windows\system32\perfc005.dat
2017-04-06 09:52 - 2006-11-02 12:33 - 00006606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-05 19:39 - 2013-12-11 10:19 - 00000000 ____D C:\AdwCleaner
2017-04-05 19:36 - 2011-02-08 12:50 - 00075776 _____ C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-04 10:07 - 2014-02-18 10:39 - 00000000 ____D C:\Program Files\trend micro
2017-03-27 12:56 - 2016-11-19 11:24 - 1431435272 _____ C:\Users\Andrea\Desktop\Kočka-na-rozpálené-plechové-střeše---Cat-on-a-Hot-Tin-Roof-1958,-CZ-tit.avi
2017-03-14 12:27 - 2013-03-25 09:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 12:27 - 2013-03-25 09:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-14 12:26 - 2011-01-28 22:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-12 11:17 - 2016-09-13 13:06 - 00006836 _____ C:\Users\Andrea\AppData\Local\d3d9caps.dat

==================== Files in the root of some directories =======

2011-11-21 13:45 - 2011-11-21 13:45 - 0000600 _____ () C:\Users\Andrea\AppData\Roaming\winscp.rnd
2011-02-24 12:47 - 2014-12-02 09:18 - 0001218 _____ () C:\Users\Andrea\AppData\Roaming\wklnhst.dat
2016-09-13 13:06 - 2017-03-12 11:17 - 0006836 _____ () C:\Users\Andrea\AppData\Local\d3d9caps.dat
2011-02-08 12:50 - 2017-04-05 19:36 - 0075776 _____ () C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-04 20:28 - 2017-04-06 14:11 - 0029696 _____ () C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2011-02-04 18:44 - 2011-02-04 18:47 - 0000184 _____ () C:\Users\Andrea\AppData\Local\setup.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-06 13:58

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
C:\Program Files\McAfee Security Scan
C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Andrea (07-04-2017 09:06:59) Run:1
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea (Available Profiles: Andrea)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
C:\Program Files\McAfee Security Scan
C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
C:\Program Files\Google\Google Toolbar => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => key removed successfully.
"C:\Program Files\McAfee Security Scan" => not found.
C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8386643 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 487412 B
Edge => 0 B
Chrome => 92861636 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 51546 B
LocalService => 180402201 B
NetworkService => 120644922 B
Andrea => 1580013 B

RecycleBin => 3102752 B
EmptyTemp: => 396.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:07:44 ====

Smazáno. PC by již měl být čistý.

Super, a Telefony, tablety taky ,,uklizite'' ? Dekuji moc ! !

agata píše:Super, a Telefony, tablety taky ,,uklizite'' ? Dekuji moc ! !

Zatím ne. Nemáme tu odborníka na jiné oper. systémy, nežli Windows.

A nevíte na koho se obrátit ? Děkuji !

Lituji, ale nevím. Linux má své fórum, ale jestli i ty ostatní OS, nevím. Zkuste Google.

Dobry den,
dnes mi PC zkolabovalo
Po spusteni se sam restartuje a objevi se modra obrazovka, pak se spusti a porad dokola... Dekuji