VIRY.CZ

Zdravím Vás,
mám problém na půjčeným pc, po instalaci Blackberry blend je vytížení paměti cca 50 %. To, že aplikace Blackberry vůbec nefunguje bych ještě přešel, horší je je její vliv na chod pc a to, že nejde odistalovat (chyba 2738).
Hledal jsem kde se dalo, nenašel jsem nic, co by pomohlo. Ještě možná zbývá obrátit se přímo na BB.

Děkuji za případnou pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Martina (administrator) on MARTINA-PC (07-06-2018 19:48:20)
Running from C:\Users\Martina\Desktop
Loaded Profiles: UpdatusUser & Martina (Available Profiles: UpdatusUser & Martina & Kubík)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BlackBerry) C:\ProgramData\Package Cache\{a0642dd3-1105-464b-84c8-caaf676c39c8}\BlackBerryDesktopSoftware.exe
(BlackBerry) C:\ProgramData\Package Cache\{a0642dd3-1105-464b-84c8-caaf676c39c8}\BlackBerryDesktopSoftware.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(forum.viry.cz) C:\Users\Martina\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2843466727-1290568425-2328592285-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default*綍ࠀ***********************************
HKU\S-1-5-21-2843466727-1290568425-2328592285-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2843466727-1290568425-2328592285-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: F - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: {23339a6c-436e-11e2-b9d6-60d819275a33} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: {7300759f-6715-11e8-b0c4-922b43299972} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: {de2348df-8364-11e4-a484-dd39615bce6f} - E:\SETUP.EXE
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-10-25] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [203072 2011-10-25] (NVIDIA Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2795CCB6-9819-43D6-867F-3FF1C78D642A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ED9F1939-81BD-440E-8601-5717BD31DE8E}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.cz/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-2843466727-1290568425-2328592285-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2843466727-1290568425-2328592285-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2843466727-1290568425-2328592285-1001 -> {54969CDB-1680-4A04-B168-63F31613986E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2843466727-1290568425-2328592285-1001: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll [No File]
FF Plugin HKU\S-1-5-21-2843466727-1290568425-2328592285-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default [2018-06-07]
CHR Extension: (Minimal White) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcbojcafbggjenbeflknhfimpcikmlc [2018-04-18]
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2018-04-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-23]
CHR HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Martina\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Limited)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-04-30] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-04-30] (Kaspersky Lab ZAO)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-12-14] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-05-30] (Check Point Software Technologies Ltd.)
U3 aovywcri; C:\Windows\System32\Drivers\aovywcri.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-07 19:48 - 2018-06-07 19:49 - 000016495 _____ C:\Users\Martina\Desktop\FRST.txt
2018-06-07 19:47 - 2018-06-07 19:48 - 000000000 ____D C:\FRST
2018-06-07 19:47 - 2018-06-07 19:47 - 000112640 _____ (forum.viry.cz) C:\Users\Martina\Desktop\FRSTLauncher.exe
2018-06-07 19:45 - 2018-06-07 19:45 - 002413056 _____ (Farbar) C:\Users\Martina\Desktop\FRST64.exe
2018-06-07 19:41 - 2018-06-07 19:41 - 000001063 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2018-06-07 19:41 - 2018-06-07 19:41 - 000000979 _____ C:\Users\Public\Desktop\BlackBerry Blend.lnk
2018-06-07 19:41 - 2018-06-07 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Link
2018-06-07 19:41 - 2018-06-07 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Blend
2018-06-07 19:41 - 2018-06-07 19:41 - 000000000 ____D C:\Program Files (x86)\Research In Motion
2018-06-07 19:41 - 2018-06-07 19:41 - 000000000 ____D C:\Program Files (x86)\BlackBerry
2018-06-04 16:48 - 2018-06-04 16:48 - 000000000 ____D C:\Users\Martina\Documents\BlackBerry
2018-06-04 16:39 - 2018-06-04 16:39 - 000000000 ____D C:\Users\Martina\AppData\Roaming\XCPCSync.OEM
2018-06-04 16:39 - 2018-06-04 16:39 - 000000000 ____D C:\Users\Martina\AppData\Roaming\Research In Motion
2018-06-03 18:27 - 2018-06-03 18:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2018-06-03 18:26 - 2018-06-03 18:26 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_blackberryncm6_AMD64_01007.Wdf
2018-06-03 18:21 - 2018-06-04 16:38 - 000000000 ____D C:\Users\Martina\AppData\Local\BlackBerry
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 ____D C:\Users\Martina\AppData\Local\Research In Motion
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 ____D C:\ProgramData\Research In Motion
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 _____ C:\Windows\SysWOW64\out.txt
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 _____ C:\Windows\SysWOW64\err.txt
2018-06-03 18:19 - 2012-12-10 15:48 - 000044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2018-05-27 05:42 - 2018-05-27 05:45 - 000000000 ____D C:\Users\Martina\Desktop\všechny fotky
2018-05-08 21:25 - 2018-05-08 21:25 - 000000000 ____D C:\Users\Martina\AppData\Local\CEF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-07 19:40 - 2013-02-22 10:43 - 000003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{52769474-5BFB-44A6-A263-FAB3A2FC0A31}
2018-06-07 19:40 - 2009-07-14 06:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-07 19:40 - 2009-07-14 06:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-07 19:40 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-06-07 19:34 - 2011-11-25 11:44 - 000000000 ____D C:\Users\UpdatusUser
2018-06-07 19:32 - 2014-08-20 18:54 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-06-07 19:32 - 2012-09-14 23:31 - 000000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-06-07 19:32 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-07 19:26 - 2015-06-21 16:12 - 000000000 ____D C:\Users\Martina\AppData\Roaming\Battle.net
2018-06-07 05:49 - 2011-11-25 12:24 - 000669132 _____ C:\Windows\system32\perfh005.dat
2018-06-07 05:49 - 2011-11-25 12:24 - 000141760 _____ C:\Windows\system32\perfc005.dat
2018-06-07 05:49 - 2009-07-14 07:13 - 001584626 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-07 05:35 - 2018-04-29 08:17 - 000000000 ____D C:\Users\Martina\Desktop\07
2018-06-06 17:53 - 2015-05-07 00:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-06 17:53 - 2012-09-14 18:49 - 000000000 ____D C:\Users\Martina
2018-06-06 17:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration
2018-06-05 19:05 - 2018-04-21 08:40 - 000000000 ____D C:\Záloha dat
2018-06-05 19:03 - 2018-04-17 16:45 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-05-18 22:36 - 2012-09-16 14:03 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-18 22:36 - 2012-09-16 14:03 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-18 05:45 - 2012-09-16 14:05 - 000002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-08 21:26 - 2013-04-25 21:40 - 000000000 ____D C:\Users\Martina\AppData\Local\CrashDumps
2018-05-08 21:25 - 2012-10-25 14:18 - 000000000 ____D C:\Users\Martina\AppData\Local\Adobe

==================== Files in the root of some directories =======

2015-11-08 18:07 - 2015-11-08 18:07 - 001503872 _____ (Skype Technologies S.A.) C:\Users\Martina\SkypeSetup.exe
2015-12-04 23:31 - 2015-12-04 23:40 - 517121104 _____ (Image-Line) C:\Program Files (x86)\flstudio_12.1.3.exe
2012-11-02 09:46 - 2012-11-02 09:55 - 000004608 _____ () C:\Users\Martina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-04-18 16:48 - 2018-04-18 16:48 - 000007606 _____ () C:\Users\Martina\AppData\Local\Resmon.ResmonCfg
2013-01-08 00:17 - 2013-01-08 00:17 - 000001048 _____ () C:\Users\Martina\AppData\Local\SRDownloader.nast

Some files in TEMP:
====================
2014-05-07 10:36 - 2014-05-07 10:36 - 000000000 ____D () C:\Users\Kubík\AppData\Local\Temp\avgnt.exe
2013-10-27 09:01 - 2014-02-21 19:36 - 000027411 _____ () C:\Users\Kubík\AppData\Local\Temp\i4jdel0.exe
2013-07-04 17:59 - 2013-08-23 21:15 - 031954536 _____ (Skype Technologies S.A.) C:\Users\Kubík\AppData\Local\Temp\SkypeSetup.exe
2018-06-03 16:11 - 2018-06-03 16:13 - 160815464 _____ (BlackBerry) C:\Users\Martina\AppData\Local\Temp\BlackBerryDesktopSoftware.exe
2018-06-03 16:10 - 2015-04-01 20:42 - 073521000 ____R (Research In Motion Ltd. ) C:\Users\Martina\AppData\Local\Temp\BlackBerryDeviceManager.exe
2015-04-01 20:42 - 2015-04-01 20:42 - 002423032 ____R () C:\Users\Martina\AppData\Local\Temp\BlackBerryLauncher.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 06:07

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:293.32 GB) NTFS
\\?\Volume{8da7c4d0-1748-11e1-9c32-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{8da7c4cf-1748-11e1-9c32-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:15 GB) (Free:2.19 GB) NTFS

Available physical RAM: 1793.71 MB
Total physical RAM: 3766.71 MB
Percentage of memory in use: 52%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 799178DC)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]

==================== Security Center ==================

AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
Stav:Neznámý
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martina\Desktop" je 13117 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun
"C:\Program Files (x86)\WebcamMax\wcmmon.exe" -a [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím!
Určitě se obraťte na BlackberryBlend. Je to speciální program pro mobilní telefony, se kterým my zkušenosti nemáme. Můžele vám ale PC vyčistit. Máte-li zájem, spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Zdravím

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-06-07.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-08-2018
# Duration: 00:00:28
# OS: Windows 7 Home Premium
# Scanned: 41015
# Detected: 3


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Conduit HKU\S-1-5-21-2843466727-1290568425-2328592285-1000\Software\AppDataLow\Software\Conduit
PUP.Optional.Legacy HKU\S-1-5-21-2843466727-1290568425-2328592285-1000\Software\APN PIP
PUP.Optional.SuperOptimizer HKU\S-1-5-21-2843466727-1290568425-2328592285-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Martina (administrator) on MARTINA-PC (22-06-2018 05:56:00)
Running from C:\Users\Martina\Desktop
Loaded Profiles: Martina (Available Profiles: UpdatusUser & Martina & Kubík)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: F - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: {23339a6c-436e-11e2-b9d6-60d819275a33} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: {7300759f-6715-11e8-b0c4-922b43299972} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: {de2348df-8364-11e4-a484-dd39615bce6f} - E:\SETUP.EXE
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-10-25] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [203072 2011-10-25] (NVIDIA Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2795CCB6-9819-43D6-867F-3FF1C78D642A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ED9F1939-81BD-440E-8601-5717BD31DE8E}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.cz/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-2843466727-1290568425-2328592285-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2843466727-1290568425-2328592285-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2843466727-1290568425-2328592285-1001 -> {54969CDB-1680-4A04-B168-63F31613986E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2843466727-1290568425-2328592285-1001: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll [No File]
FF Plugin HKU\S-1-5-21-2843466727-1290568425-2328592285-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default [2018-06-22]
CHR Extension: (Minimal White) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcbojcafbggjenbeflknhfimpcikmlc [2018-04-18]
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2018-04-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Martina\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Limited)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-04-30] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-04-30] (Kaspersky Lab ZAO)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-12-14] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-05-30] (Check Point Software Technologies Ltd.)
U3 al6is7na; C:\Windows\System32\Drivers\al6is7na.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-22 05:55 - 2018-06-22 05:55 - 000000000 ____D C:\Users\Martina\Desktop\FRST-OlderVersion
2018-06-08 05:28 - 2018-06-08 05:28 - 007271632 _____ (Malwarebytes) C:\Users\Martina\Desktop\AdwCleaner.exe
2018-06-07 19:49 - 2018-06-07 19:50 - 000039074 _____ C:\Users\Martina\Desktop\Addition.txt
2018-06-07 19:48 - 2018-06-22 11:04 - 000014830 _____ C:\Users\Martina\Desktop\FRST.txt
2018-06-07 19:47 - 2018-06-22 05:56 - 000000000 ____D C:\FRST
2018-06-07 19:45 - 2018-06-22 05:55 - 002412544 _____ (Farbar) C:\Users\Martina\Desktop\FRST64.exe
2018-06-07 19:41 - 2018-06-07 19:41 - 000001063 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2018-06-07 19:41 - 2018-06-07 19:41 - 000000979 _____ C:\Users\Public\Desktop\BlackBerry Blend.lnk
2018-06-07 19:41 - 2018-06-07 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Link
2018-06-07 19:41 - 2018-06-07 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Blend
2018-06-07 19:41 - 2018-06-07 19:41 - 000000000 ____D C:\Program Files (x86)\Research In Motion
2018-06-07 19:41 - 2018-06-07 19:41 - 000000000 ____D C:\Program Files (x86)\BlackBerry
2018-06-04 16:48 - 2018-06-04 16:48 - 000000000 ____D C:\Users\Martina\Documents\BlackBerry
2018-06-04 16:39 - 2018-06-04 16:39 - 000000000 ____D C:\Users\Martina\AppData\Roaming\XCPCSync.OEM
2018-06-04 16:39 - 2018-06-04 16:39 - 000000000 ____D C:\Users\Martina\AppData\Roaming\Research In Motion
2018-06-03 18:27 - 2018-06-03 18:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2018-06-03 18:26 - 2018-06-03 18:26 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_blackberryncm6_AMD64_01007.Wdf
2018-06-03 18:21 - 2018-06-04 16:38 - 000000000 ____D C:\Users\Martina\AppData\Local\BlackBerry
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 ____D C:\Users\Martina\AppData\Local\Research In Motion
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 ____D C:\ProgramData\Research In Motion
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 _____ C:\Windows\SysWOW64\out.txt
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 _____ C:\Windows\SysWOW64\err.txt
2018-06-03 18:19 - 2012-12-10 15:48 - 000044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2018-05-27 05:42 - 2018-05-27 05:45 - 000000000 ____D C:\Users\Martina\Desktop\všechny fotky

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-22 07:13 - 2013-02-22 10:43 - 000003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{52769474-5BFB-44A6-A263-FAB3A2FC0A31}
2018-06-22 06:01 - 2009-07-14 06:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-22 06:01 - 2009-07-14 06:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-22 05:54 - 2014-08-20 18:54 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-06-22 05:54 - 2012-09-14 23:31 - 000000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-06-22 05:53 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-21 17:29 - 2018-04-29 08:17 - 000000000 ____D C:\Users\Martina\Desktop\07
2018-06-20 10:21 - 2018-04-17 16:45 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-14 05:25 - 2012-09-16 14:05 - 000002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-07 19:40 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-06-07 19:34 - 2011-11-25 11:44 - 000000000 ____D C:\Users\UpdatusUser
2018-06-07 19:26 - 2015-06-21 16:12 - 000000000 ____D C:\Users\Martina\AppData\Roaming\Battle.net
2018-06-07 05:49 - 2011-11-25 12:24 - 000669132 _____ C:\Windows\system32\perfh005.dat
2018-06-07 05:49 - 2011-11-25 12:24 - 000141760 _____ C:\Windows\system32\perfc005.dat
2018-06-07 05:49 - 2009-07-14 07:13 - 001584626 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-06 17:53 - 2015-05-07 00:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-06 17:53 - 2012-09-14 18:49 - 000000000 ____D C:\Users\Martina
2018-06-06 17:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration
2018-06-06 17:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\AppCompat
2018-06-05 19:05 - 2018-04-21 08:40 - 000000000 ____D C:\Záloha dat

==================== Files in the root of some directories =======

2015-11-08 18:07 - 2015-11-08 18:07 - 001503872 _____ (Skype Technologies S.A.) C:\Users\Martina\SkypeSetup.exe
2015-12-04 23:31 - 2015-12-04 23:40 - 517121104 _____ (Image-Line) C:\Program Files (x86)\flstudio_12.1.3.exe
2012-11-02 09:46 - 2012-11-02 09:55 - 000004608 _____ () C:\Users\Martina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-04-18 16:48 - 2018-04-18 16:48 - 000007606 _____ () C:\Users\Martina\AppData\Local\Resmon.ResmonCfg
2013-01-08 00:17 - 2013-01-08 00:17 - 000001048 _____ () C:\Users\Martina\AppData\Local\SRDownloader.nast

Some files in TEMP:
====================
2014-05-07 10:36 - 2014-05-07 10:36 - 000000000 ____D () C:\Users\Kubík\AppData\Local\Temp\avgnt.exe
2013-10-27 09:01 - 2014-02-21 19:36 - 000027411 _____ () C:\Users\Kubík\AppData\Local\Temp\i4jdel0.exe
2013-07-04 17:59 - 2013-08-23 21:15 - 031954536 _____ (Skype Technologies S.A.) C:\Users\Kubík\AppData\Local\Temp\SkypeSetup.exe
2018-06-03 16:11 - 2018-06-03 16:13 - 160815464 _____ (BlackBerry) C:\Users\Martina\AppData\Local\Temp\BlackBerryDesktopSoftware.exe
2018-06-03 16:10 - 2015-04-01 20:42 - 073521000 ____R (Research In Motion Ltd. ) C:\Users\Martina\AppData\Local\Temp\BlackBerryDeviceManager.exe
2015-04-01 20:42 - 2015-04-01 20:42 - 002423032 ____R () C:\Users\Martina\AppData\Local\Temp\BlackBerryLauncher.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-17 08:22

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: F - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: {23339a6c-436e-11e2-b9d6-60d819275a33} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: {7300759f-6715-11e8-b0c4-922b43299972} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\MountPoints2: {de2348df-8364-11e4-a484-dd39615bce6f} - E:\SETUP.EXE
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-2843466727-1290568425-2328592285-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2843466727-1290568425-2328592285-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2843466727-1290568425-2328592285-1001 -> {54969CDB-1680-4A04-B168-63F31613986E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2843466727-1290568425-2328592285-1001: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll [No File]
FF Plugin HKU\S-1-5-21-2843466727-1290568425-2328592285-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Users\Martina\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm.crx <not found>
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited)
U3 al6is7na; C:\Windows\System32\Drivers\al6is7na.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Users\Martina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Kubík\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Martina (administrator) on MARTINA-PC (24-06-2018 13:41:37)
Running from C:\Users\Martina\Desktop
Loaded Profiles: Martina (Available Profiles: UpdatusUser & Martina & Kubík)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2011-01-06] (Acer Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4861688 2015-03-19] (BlackBerry Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-10-25] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [203072 2011-10-25] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2795CCB6-9819-43D6-867F-3FF1C78D642A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ED9F1939-81BD-440E-8601-5717BD31DE8E}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-2843466727-1290568425-2328592285-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.cz/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default [2018-06-24]
CHR Extension: (Minimal White) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcbojcafbggjenbeflknhfimpcikmlc [2018-04-18]
CHR Extension: (BB10 / PlayBook App Manager) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2018-04-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1354488 2015-03-19] (BlackBerry Limited)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-04-30] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-04-30] (Kaspersky Lab ZAO)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-12-14] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-05-30] (Check Point Software Technologies Ltd.)
U3 a8pqcca5; C:\Windows\System32\Drivers\a8pqcca5.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-24 13:39 - 2018-06-24 13:39 - 000008551 _____ C:\Users\Martina\Desktop\Fixlog.txt
2018-06-24 13:38 - 2018-06-24 13:38 - 000000000 _____ C:\Users\Martina\Desktop\Nový textový dokument (3).txt
2018-06-22 19:58 - 2018-06-22 19:58 - 000001063 _____ C:\Users\Public\Desktop\BlackBerry Link.lnk
2018-06-22 19:58 - 2018-06-22 19:58 - 000000979 _____ C:\Users\Public\Desktop\BlackBerry Blend.lnk
2018-06-22 19:58 - 2018-06-22 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Blend
2018-06-22 19:58 - 2018-06-22 19:58 - 000000000 ____D C:\Program Files (x86)\BlackBerry
2018-06-22 19:57 - 2018-06-22 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Link
2018-06-22 19:57 - 2018-06-22 19:57 - 000000000 ____D C:\Program Files (x86)\Research In Motion
2018-06-22 05:55 - 2018-06-22 05:55 - 000000000 ____D C:\Users\Martina\Desktop\FRST-OlderVersion
2018-06-08 05:28 - 2018-06-08 05:28 - 007271632 _____ (Malwarebytes) C:\Users\Martina\Desktop\AdwCleaner.exe
2018-06-07 19:49 - 2018-06-22 11:05 - 000038663 _____ C:\Users\Martina\Desktop\Addition.txt
2018-06-07 19:48 - 2018-06-24 13:42 - 000011055 _____ C:\Users\Martina\Desktop\FRST.txt
2018-06-07 19:47 - 2018-06-24 13:41 - 000000000 ____D C:\FRST
2018-06-07 19:45 - 2018-06-22 05:55 - 002412544 _____ (Farbar) C:\Users\Martina\Desktop\FRST64.exe
2018-06-04 16:48 - 2018-06-04 16:48 - 000000000 ____D C:\Users\Martina\Documents\BlackBerry
2018-06-04 16:39 - 2018-06-04 16:39 - 000000000 ____D C:\Users\Martina\AppData\Roaming\XCPCSync.OEM
2018-06-04 16:39 - 2018-06-04 16:39 - 000000000 ____D C:\Users\Martina\AppData\Roaming\Research In Motion
2018-06-03 18:27 - 2018-06-03 18:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2018-06-03 18:26 - 2018-06-03 18:26 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_blackberryncm6_AMD64_01007.Wdf
2018-06-03 18:21 - 2018-06-04 16:38 - 000000000 ____D C:\Users\Martina\AppData\Local\BlackBerry
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 ____D C:\Users\Martina\AppData\Local\Research In Motion
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 ____D C:\ProgramData\Research In Motion
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 _____ C:\Windows\SysWOW64\out.txt
2018-06-03 18:19 - 2018-06-03 18:19 - 000000000 _____ C:\Windows\SysWOW64\err.txt
2018-06-03 18:19 - 2012-12-10 15:48 - 000044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2018-05-27 05:42 - 2018-05-27 05:45 - 000000000 ____D C:\Users\Martina\Desktop\všechny fotky

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-24 13:41 - 2013-02-14 18:32 - 000666112 ___SH C:\Users\Martina\Desktop\Thumbs.db
2018-06-24 13:41 - 2012-09-14 23:31 - 000000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-06-24 13:40 - 2014-08-20 18:54 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-06-24 13:40 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-24 13:39 - 2012-11-29 21:25 - 000000000 ____D C:\Users\Martina\AppData\LocalLow\Temp
2018-06-24 13:36 - 2013-02-22 10:43 - 000003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{52769474-5BFB-44A6-A263-FAB3A2FC0A31}
2018-06-24 12:02 - 2018-04-29 08:17 - 000000000 ____D C:\Users\Martina\Desktop\07
2018-06-24 10:07 - 2009-07-14 06:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-24 10:07 - 2009-07-14 06:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-22 19:57 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-06-20 10:21 - 2018-04-17 16:45 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-06-14 05:25 - 2012-09-16 14:05 - 000002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-07 19:34 - 2011-11-25 11:44 - 000000000 ____D C:\Users\UpdatusUser
2018-06-07 19:26 - 2015-06-21 16:12 - 000000000 ____D C:\Users\Martina\AppData\Roaming\Battle.net
2018-06-07 05:49 - 2011-11-25 12:24 - 000669132 _____ C:\Windows\system32\perfh005.dat
2018-06-07 05:49 - 2011-11-25 12:24 - 000141760 _____ C:\Windows\system32\perfc005.dat
2018-06-07 05:49 - 2009-07-14 07:13 - 001584626 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-06 17:53 - 2015-05-07 00:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-06 17:53 - 2012-09-14 18:49 - 000000000 ____D C:\Users\Martina
2018-06-06 17:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\registration
2018-06-06 17:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\AppCompat
2018-06-05 19:05 - 2018-04-21 08:40 - 000000000 ____D C:\Záloha dat

==================== Files in the root of some directories =======

2015-11-08 18:07 - 2015-11-08 18:07 - 001503872 _____ (Skype Technologies S.A.) C:\Users\Martina\SkypeSetup.exe
2015-12-04 23:31 - 2015-12-04 23:40 - 517121104 _____ (Image-Line) C:\Program Files (x86)\flstudio_12.1.3.exe
2018-04-18 16:48 - 2018-04-18 16:48 - 000007606 _____ () C:\Users\Martina\AppData\Local\Resmon.ResmonCfg
2013-01-08 00:17 - 2013-01-08 00:17 - 000001048 _____ () C:\Users\Martina\AppData\Local\SRDownloader.nast

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-17 08:22

==================== End of FRST.txt ============================

Chtěl jsem sice obsah souboru fixlog.txt, z logu ale vidím, že bylo smazáno. Nastala nějaká změna?

Děkuji za pomoc
Bohužel, rozdíl není patrný,využití paměti stále kolem 50%, asi tu bude souvislost s tou BB link/blend.

BB jsme odstranili (viz. fixlog). Ještě vyčistíme prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.