Dobrý den,
spozorovala jsem vytížení procesoru na cca 50% procesem svchost.exe
Proto prosím o kontrolu logu a případnou radu.
Děkuji
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:32:25, on 14.7.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16789)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Users\Uživatel\Desktop\ProcessExplorer\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Uživatel\Desktop\HiJackThis.exe
C:\Users\UIVATE~1\AppData\Local\Temp\nswAEF6.tmp\setupHiJackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 8196 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vytížení procesoru procesem svchost.exe
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118272
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vytížení procesoru procesem svchost.exe
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . HijackThis je už za svým zenitem.
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . HijackThis je už za svým zenitem.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vytížení procesoru procesem svchost.exe
Tak jsem zkusila všechny možné způsoby i restart NTB a nedaří se mi stahnout FRSTLauncher 
-
Rudy
- Site Admin
- Příspěvky: 118272
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vytížení procesoru procesem svchost.exe
Zkuste tedy pouze samotný FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Dobrý den log ze samotného FRST.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2016 02
Ran by Uživatel (administrator) on HP (15-07-2016 02:42:03)
Running from C:\Users\Uživatel\Desktop
Loaded Profiles: Uživatel (Available Profiles: Uživatel)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-391041014-788420946-166250655-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-391041014-788420946-166250655-1000\...\MountPoints2: {83107a3a-b267-11e4-966a-00247e560867} - F:\LG_PC_Programs.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\..\Interfaces\{AEC252F4-DD9E-453E-9805-9DF7126FD13F}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-391041014-788420946-166250655-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-391041014-788420946-166250655-1000 -> {0552FC89-76A9-4C3C-8F8D-BD121032C4DD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-391041014-788420946-166250655-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27] (Hewlett-Packard Co.)
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-391041014-788420946-166250655-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\vz317551.default-1460598468185
FF Homepage: http://www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-avast.xml [2015-01-22]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.ru-190124.xml [2012-04-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ybqs-yandex.xml [2012-04-23]
FF Extension: Stop Ads - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\vz317551.default-1460598468185\Extensions\@stopads.xpi [2016-05-11]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\vz317551.default-1460598468185\Extensions\elemhidehelper@adblockplus.org.xpi [2016-05-04]
FF Extension: Adblock Plus - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\vz317551.default-1460598468185\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: Adblock Plus - C:\Program Files\Mozilla Firefox\browser\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-23] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011-04-22] [not signed]
FF HKU\S-1-5-21-391041014-788420946-166250655-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-03]
CHR Extension: (Dokumenty Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-03]
CHR Extension: (Disk Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Vyhledávání Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Tabulky Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-08]
CHR Extension: (Gmail) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-03]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 yksvc; C:\Windows\System32\yk60x86.dll [282624 2009-07-17] (Marvell)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S4 RsFx0151; C:\Windows\System32\DRIVERS\RsFx0151.sys [240736 2011-06-17] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-11-26] (Samsung Electronics) [File not signed]
U4 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 ISODrive; \??\C:\Users\Uživatel\Desktop\Ultra_iso_portable\UltraISOPortable\UltraISO\drivers\ISODrive.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-15 02:42 - 2016-07-15 02:43 - 00016932 _____ C:\Users\Uživatel\Desktop\FRST.txt
2016-07-15 02:40 - 2016-07-15 02:42 - 00000000 ____D C:\FRST
2016-07-14 19:25 - 2016-07-14 19:25 - 01741312 _____ (Farbar) C:\Users\Uživatel\Desktop\FRST.exe
2016-07-13 17:31 - 2016-07-13 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2016-07-13 17:28 - 2016-07-14 03:02 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2016-07-11 16:39 - 2016-07-14 15:00 - 00099921 _____ C:\Users\Uživatel\Desktop\navrh_db.xlsx
2016-07-10 18:31 - 2016-07-12 05:15 - 00038952 _____ C:\Users\Uživatel\Desktop\hc2_tab.php
2016-07-09 02:59 - 2016-07-13 04:48 - 00000000 ____D C:\Users\Uživatel\Desktop\logo
2016-07-06 10:27 - 2016-07-06 11:02 - 00044423 _____ C:\Users\Uživatel\Desktop\hc4.txt
2016-07-05 09:58 - 2016-07-05 10:18 - 00033047 _____ C:\Users\Uživatel\Desktop\hc2 - Kopie (2).php
2016-07-03 01:02 - 2016-07-03 01:03 - 00000000 ____D C:\Users\Uživatel\Documents\Visual Studio 2008
2016-07-01 18:12 - 2016-07-01 18:13 - 14013543 _____ C:\Users\Uživatel\Desktop\Podpisová Karta - be4design.psd
2016-06-28 18:30 - 2016-07-07 05:59 - 00000000 ____D C:\Users\Uživatel\Desktop\LN_AJ
2016-06-27 16:49 - 2016-06-27 08:54 - 00024418 _____ C:\Users\Uživatel\Desktop\DS.xlsx
2016-06-15 21:29 - 2016-05-18 17:33 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 21:29 - 2016-05-12 16:21 - 02071040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 21:28 - 2016-05-10 17:31 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 21:28 - 2016-05-10 17:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 21:28 - 2016-05-10 17:31 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 21:28 - 2016-05-10 16:28 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 21:28 - 2016-05-10 16:28 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 21:27 - 2016-05-12 17:34 - 00582144 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 21:27 - 2016-05-12 17:34 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 21:27 - 2016-05-12 17:34 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 21:27 - 2016-05-12 17:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 21:27 - 2016-05-12 17:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 21:27 - 2016-05-12 17:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 21:26 - 2016-05-12 16:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 21:23 - 2016-05-14 17:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-06-15 21:22 - 2016-05-14 17:47 - 00306408 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 21:22 - 2016-05-14 17:41 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 21:22 - 2016-05-14 17:41 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 21:22 - 2016-05-14 16:19 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 21:22 - 2016-05-14 16:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 21:22 - 2016-05-14 16:18 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 21:22 - 2016-05-11 15:09 - 00440552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 21:11 - 2016-05-12 21:11 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 21:11 - 2016-05-12 21:10 - 12840960 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 21:11 - 2016-05-12 21:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 21:11 - 2016-05-12 21:06 - 09755136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 21:11 - 2016-05-12 21:06 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 21:11 - 2016-05-12 21:05 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 21:11 - 2016-05-12 21:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 21:11 - 2016-05-12 21:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-06-15 21:11 - 2016-05-12 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 21:11 - 2016-05-12 21:03 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 21:11 - 2016-05-12 21:03 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 21:11 - 2016-05-12 21:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 21:11 - 2016-05-12 21:03 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 21:11 - 2016-05-12 21:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-06-15 21:11 - 2016-05-12 21:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-15 02:08 - 2011-04-21 15:02 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-15 02:07 - 2012-03-31 16:18 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-14 19:38 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-14 19:38 - 2006-11-02 14:47 - 00004240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-14 19:38 - 2006-11-02 14:47 - 00004240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-14 19:37 - 2011-04-21 14:12 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-07-14 19:37 - 2006-11-02 15:01 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-14 18:07 - 2012-09-03 19:09 - 00088129 _____ C:\Users\Uživatel\Desktop\PHA.xlsx
2016-07-14 05:36 - 2015-02-08 16:12 - 00265614 _____ C:\Users\Uživatel\Desktop\pl.xlsx
2016-07-14 02:11 - 2011-04-21 15:14 - 00002635 _____ C:\Users\Uživatel\Desktop\Microsoft Office Word 2007.lnk
2016-07-13 19:33 - 2011-04-21 15:13 - 00034304 _____ C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-13 18:15 - 2016-06-03 18:12 - 00000000 ____D C:\Users\Uživatel\Desktop\TREASURES
2016-07-13 16:58 - 2016-06-07 18:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-13 16:58 - 2016-04-03 16:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-13 16:58 - 2011-04-22 18:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-13 04:45 - 2012-03-31 16:18 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-13 04:45 - 2011-06-16 05:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-07-13 04:45 - 2011-04-21 15:02 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 04:41 - 2011-06-08 18:54 - 00000132 _____ C:\Users\Uživatel\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2016-07-11 05:21 - 2009-04-13 11:32 - 01715816 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-11 05:21 - 2009-04-13 11:31 - 00710870 _____ C:\Windows\system32\perfh005.dat
2016-07-11 05:21 - 2009-04-13 11:31 - 00162006 _____ C:\Windows\system32\perfc005.dat
2016-07-11 05:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2016-07-11 02:44 - 2013-08-10 06:15 - 00000000 ____D C:\Windows\system32\MRT
2016-07-11 02:31 - 2006-11-02 12:24 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-07-10 12:14 - 2013-02-23 19:00 - 00000000 ____D C:\Users\Uživatel\AppData\Roaming\.purple
2016-07-09 16:46 - 2011-04-21 15:20 - 00002549 _____ C:\Users\Uživatel\Desktop\Microsoft Office Excel 2007.lnk
2016-07-07 05:35 - 2016-03-09 18:21 - 00000000 ____D C:\Users\Uživatel\Desktop\db_2
2016-07-07 02:39 - 2011-04-21 17:30 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-05 15:23 - 2016-05-09 04:43 - 00037711 _____ C:\Users\Uživatel\Desktop\hc2.php
2016-07-04 18:59 - 2016-05-03 17:45 - 00000000 ____D C:\Users\Uživatel\Documents\Scan
2016-07-04 15:15 - 2016-06-11 18:19 - 00006355 _____ C:\Users\Uživatel\Desktop\sezn_.txt
2016-07-03 01:04 - 2011-04-21 15:05 - 00000000 ____D C:\Users\Uživatel\AppData\Local\Microsoft Help
2016-06-30 15:04 - 2016-04-03 04:45 - 00000000 ____D C:\Users\Uživatel\Desktop\naweb
2016-06-27 05:55 - 2011-04-21 15:24 - 00000000 ____D C:\Users\Uživatel\Documents\Lucka
2016-06-26 05:27 - 2016-06-08 17:14 - 00000000 ____D C:\Users\Uživatel\Desktop\HIDDEN
2016-06-25 15:21 - 2016-05-21 09:08 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-06-25 15:21 - 2012-03-02 08:38 - 00000000 ____D C:\ProgramData\VMware
2016-06-25 15:16 - 2012-03-02 08:50 - 00000000 ____D C:\Users\Uživatel\AppData\Roaming\VMware
2016-06-25 15:15 - 2012-03-02 08:50 - 00000000 ____D C:\Users\Uživatel\AppData\Local\VMware
2016-06-23 17:23 - 2011-05-17 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-16 04:53 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2016-06-15 21:38 - 2006-11-02 14:47 - 03748864 _____ C:\Windows\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2016-01-24 17:02 - 2016-01-24 17:02 - 0000132 _____ () C:\Users\Uživatel\AppData\Roaming\Adobe Formát AIFF CS5 – předvolby
2012-05-22 04:57 - 2012-05-22 04:57 - 0000132 _____ () C:\Users\Uživatel\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
2012-05-25 01:56 - 2015-08-15 17:24 - 0000132 _____ () C:\Users\Uživatel\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2011-06-08 18:54 - 2016-07-13 04:41 - 0000132 _____ () C:\Users\Uživatel\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Uživatel\AppData\Roaming\HpCBNsg
2012-11-16 06:22 - 2012-11-16 06:22 - 0087608 _____ () C:\Users\Uživatel\AppData\Roaming\inst.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Uživatel\AppData\Roaming\kWnd6rycWENv7kTL
2012-11-16 06:22 - 2012-11-16 06:22 - 0007887 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.cat
2012-11-16 06:22 - 2012-11-16 06:22 - 0001144 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.inf
2012-11-16 06:23 - 2012-11-16 06:23 - 0000034 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.log
2012-11-16 06:22 - 2012-11-16 06:22 - 0047360 _____ (VSO Software) C:\Users\Uživatel\AppData\Roaming\pcouffin.sys
2012-03-03 14:49 - 2012-03-03 14:49 - 0031007 _____ () C:\Users\Uživatel\AppData\Roaming\UserTile.png
2012-11-16 06:24 - 2013-08-04 17:38 - 0000671 _____ () C:\Users\Uživatel\AppData\Roaming\vso_ts_preview.xml
2016-04-08 18:15 - 2016-05-21 02:25 - 0000600 _____ () C:\Users\Uživatel\AppData\Roaming\winscp.rnd
2011-04-21 14:43 - 2011-04-21 14:43 - 0000000 _____ () C:\Users\Uživatel\AppData\Local\AtStart.txt
2011-04-21 14:18 - 2016-03-26 02:39 - 0006944 _____ () C:\Users\Uživatel\AppData\Local\d3d9caps.dat
2011-04-21 15:13 - 2016-07-13 19:33 - 0034304 _____ () C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-21 14:43 - 2011-04-21 14:43 - 0000000 _____ () C:\Users\Uživatel\AppData\Local\DSwitch.txt
2012-05-08 16:46 - 2014-12-17 05:40 - 0004096 ____H () C:\Users\Uživatel\AppData\Local\keyfile3.drm
2011-04-21 14:43 - 2011-04-21 14:43 - 0000000 _____ () C:\Users\Uživatel\AppData\Local\QSwitch.txt
2012-08-21 18:51 - 2012-08-21 18:51 - 0000008 __RSH () C:\ProgramData\42E7AC5A07.sys
2011-04-22 18:57 - 2011-05-14 14:04 - 0001959 _____ () C:\ProgramData\hpzinstall.log
2012-08-21 18:51 - 2012-08-21 19:08 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
Some files in TEMP:
====================
C:\Users\Uživatel\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Uživatel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Uživatel\AppData\Local\Temp\sfextra.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-14 19:46
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2016 02
Ran by Uživatel (administrator) on HP (15-07-2016 02:42:03)
Running from C:\Users\Uživatel\Desktop
Loaded Profiles: Uživatel (Available Profiles: Uživatel)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-391041014-788420946-166250655-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-391041014-788420946-166250655-1000\...\MountPoints2: {83107a3a-b267-11e4-966a-00247e560867} - F:\LG_PC_Programs.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\..\Interfaces\{AEC252F4-DD9E-453E-9805-9DF7126FD13F}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-391041014-788420946-166250655-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-391041014-788420946-166250655-1000 -> {0552FC89-76A9-4C3C-8F8D-BD121032C4DD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-391041014-788420946-166250655-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27] (Hewlett-Packard Co.)
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-391041014-788420946-166250655-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\vz317551.default-1460598468185
FF Homepage: http://www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-avast.xml [2015-01-22]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.ru-190124.xml [2012-04-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ybqs-yandex.xml [2012-04-23]
FF Extension: Stop Ads - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\vz317551.default-1460598468185\Extensions\@stopads.xpi [2016-05-11]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\vz317551.default-1460598468185\Extensions\elemhidehelper@adblockplus.org.xpi [2016-05-04]
FF Extension: Adblock Plus - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\vz317551.default-1460598468185\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: Adblock Plus - C:\Program Files\Mozilla Firefox\browser\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-23] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011-04-22] [not signed]
FF HKU\S-1-5-21-391041014-788420946-166250655-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-03]
CHR Extension: (Dokumenty Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-03]
CHR Extension: (Disk Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Vyhledávání Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Tabulky Google) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-08]
CHR Extension: (Gmail) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-03]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 yksvc; C:\Windows\System32\yk60x86.dll [282624 2009-07-17] (Marvell)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S4 RsFx0151; C:\Windows\System32\DRIVERS\RsFx0151.sys [240736 2011-06-17] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-11-26] (Samsung Electronics) [File not signed]
U4 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 ISODrive; \??\C:\Users\Uživatel\Desktop\Ultra_iso_portable\UltraISOPortable\UltraISO\drivers\ISODrive.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-15 02:42 - 2016-07-15 02:43 - 00016932 _____ C:\Users\Uživatel\Desktop\FRST.txt
2016-07-15 02:40 - 2016-07-15 02:42 - 00000000 ____D C:\FRST
2016-07-14 19:25 - 2016-07-14 19:25 - 01741312 _____ (Farbar) C:\Users\Uživatel\Desktop\FRST.exe
2016-07-13 17:31 - 2016-07-13 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2016-07-13 17:28 - 2016-07-14 03:02 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2016-07-11 16:39 - 2016-07-14 15:00 - 00099921 _____ C:\Users\Uživatel\Desktop\navrh_db.xlsx
2016-07-10 18:31 - 2016-07-12 05:15 - 00038952 _____ C:\Users\Uživatel\Desktop\hc2_tab.php
2016-07-09 02:59 - 2016-07-13 04:48 - 00000000 ____D C:\Users\Uživatel\Desktop\logo
2016-07-06 10:27 - 2016-07-06 11:02 - 00044423 _____ C:\Users\Uživatel\Desktop\hc4.txt
2016-07-05 09:58 - 2016-07-05 10:18 - 00033047 _____ C:\Users\Uživatel\Desktop\hc2 - Kopie (2).php
2016-07-03 01:02 - 2016-07-03 01:03 - 00000000 ____D C:\Users\Uživatel\Documents\Visual Studio 2008
2016-07-01 18:12 - 2016-07-01 18:13 - 14013543 _____ C:\Users\Uživatel\Desktop\Podpisová Karta - be4design.psd
2016-06-28 18:30 - 2016-07-07 05:59 - 00000000 ____D C:\Users\Uživatel\Desktop\LN_AJ
2016-06-27 16:49 - 2016-06-27 08:54 - 00024418 _____ C:\Users\Uživatel\Desktop\DS.xlsx
2016-06-15 21:29 - 2016-05-18 17:33 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 21:29 - 2016-05-12 16:21 - 02071040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 21:28 - 2016-05-10 17:31 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 21:28 - 2016-05-10 17:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 21:28 - 2016-05-10 17:31 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 21:28 - 2016-05-10 16:28 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 21:28 - 2016-05-10 16:28 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 21:27 - 2016-05-12 17:34 - 00582144 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 21:27 - 2016-05-12 17:34 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 21:27 - 2016-05-12 17:34 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 21:27 - 2016-05-12 17:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 21:27 - 2016-05-12 17:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 21:27 - 2016-05-12 17:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 21:26 - 2016-05-12 16:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 21:23 - 2016-05-14 17:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2016-06-15 21:22 - 2016-05-14 17:47 - 00306408 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 21:22 - 2016-05-14 17:41 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 21:22 - 2016-05-14 17:41 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 21:22 - 2016-05-14 16:19 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 21:22 - 2016-05-14 16:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 21:22 - 2016-05-14 16:18 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 21:22 - 2016-05-11 15:09 - 00440552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 21:11 - 2016-05-12 21:11 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 21:11 - 2016-05-12 21:10 - 12840960 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 21:11 - 2016-05-12 21:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 21:11 - 2016-05-12 21:06 - 09755136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 21:11 - 2016-05-12 21:06 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 21:11 - 2016-05-12 21:05 - 01129984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 21:11 - 2016-05-12 21:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 21:11 - 2016-05-12 21:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 21:11 - 2016-05-12 21:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-06-15 21:11 - 2016-05-12 21:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 21:11 - 2016-05-12 21:03 - 00354304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 21:11 - 2016-05-12 21:03 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 21:11 - 2016-05-12 21:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 21:11 - 2016-05-12 21:03 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 21:11 - 2016-05-12 21:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-06-15 21:11 - 2016-05-12 21:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-15 02:08 - 2011-04-21 15:02 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-15 02:07 - 2012-03-31 16:18 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-14 19:38 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-14 19:38 - 2006-11-02 14:47 - 00004240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-14 19:38 - 2006-11-02 14:47 - 00004240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-14 19:37 - 2011-04-21 14:12 - 00000012 _____ C:\Windows\bthservsdp.dat
2016-07-14 19:37 - 2006-11-02 15:01 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-14 18:07 - 2012-09-03 19:09 - 00088129 _____ C:\Users\Uživatel\Desktop\PHA.xlsx
2016-07-14 05:36 - 2015-02-08 16:12 - 00265614 _____ C:\Users\Uživatel\Desktop\pl.xlsx
2016-07-14 02:11 - 2011-04-21 15:14 - 00002635 _____ C:\Users\Uživatel\Desktop\Microsoft Office Word 2007.lnk
2016-07-13 19:33 - 2011-04-21 15:13 - 00034304 _____ C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-13 18:15 - 2016-06-03 18:12 - 00000000 ____D C:\Users\Uživatel\Desktop\TREASURES
2016-07-13 16:58 - 2016-06-07 18:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-13 16:58 - 2016-04-03 16:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-13 16:58 - 2011-04-22 18:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-13 04:45 - 2012-03-31 16:18 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-13 04:45 - 2011-06-16 05:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-07-13 04:45 - 2011-04-21 15:02 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 04:41 - 2011-06-08 18:54 - 00000132 _____ C:\Users\Uživatel\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2016-07-11 05:21 - 2009-04-13 11:32 - 01715816 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-11 05:21 - 2009-04-13 11:31 - 00710870 _____ C:\Windows\system32\perfh005.dat
2016-07-11 05:21 - 2009-04-13 11:31 - 00162006 _____ C:\Windows\system32\perfc005.dat
2016-07-11 05:20 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\inf
2016-07-11 02:44 - 2013-08-10 06:15 - 00000000 ____D C:\Windows\system32\MRT
2016-07-11 02:31 - 2006-11-02 12:24 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-07-10 12:14 - 2013-02-23 19:00 - 00000000 ____D C:\Users\Uživatel\AppData\Roaming\.purple
2016-07-09 16:46 - 2011-04-21 15:20 - 00002549 _____ C:\Users\Uživatel\Desktop\Microsoft Office Excel 2007.lnk
2016-07-07 05:35 - 2016-03-09 18:21 - 00000000 ____D C:\Users\Uživatel\Desktop\db_2
2016-07-07 02:39 - 2011-04-21 17:30 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-05 15:23 - 2016-05-09 04:43 - 00037711 _____ C:\Users\Uživatel\Desktop\hc2.php
2016-07-04 18:59 - 2016-05-03 17:45 - 00000000 ____D C:\Users\Uživatel\Documents\Scan
2016-07-04 15:15 - 2016-06-11 18:19 - 00006355 _____ C:\Users\Uživatel\Desktop\sezn_.txt
2016-07-03 01:04 - 2011-04-21 15:05 - 00000000 ____D C:\Users\Uživatel\AppData\Local\Microsoft Help
2016-06-30 15:04 - 2016-04-03 04:45 - 00000000 ____D C:\Users\Uživatel\Desktop\naweb
2016-06-27 05:55 - 2011-04-21 15:24 - 00000000 ____D C:\Users\Uživatel\Documents\Lucka
2016-06-26 05:27 - 2016-06-08 17:14 - 00000000 ____D C:\Users\Uživatel\Desktop\HIDDEN
2016-06-25 15:21 - 2016-05-21 09:08 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-06-25 15:21 - 2012-03-02 08:38 - 00000000 ____D C:\ProgramData\VMware
2016-06-25 15:16 - 2012-03-02 08:50 - 00000000 ____D C:\Users\Uživatel\AppData\Roaming\VMware
2016-06-25 15:15 - 2012-03-02 08:50 - 00000000 ____D C:\Users\Uživatel\AppData\Local\VMware
2016-06-23 17:23 - 2011-05-17 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-16 04:53 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2016-06-15 21:38 - 2006-11-02 14:47 - 03748864 _____ C:\Windows\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2016-01-24 17:02 - 2016-01-24 17:02 - 0000132 _____ () C:\Users\Uživatel\AppData\Roaming\Adobe Formát AIFF CS5 – předvolby
2012-05-22 04:57 - 2012-05-22 04:57 - 0000132 _____ () C:\Users\Uživatel\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
2012-05-25 01:56 - 2015-08-15 17:24 - 0000132 _____ () C:\Users\Uživatel\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2011-06-08 18:54 - 2016-07-13 04:41 - 0000132 _____ () C:\Users\Uživatel\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Uživatel\AppData\Roaming\HpCBNsg
2012-11-16 06:22 - 2012-11-16 06:22 - 0087608 _____ () C:\Users\Uživatel\AppData\Roaming\inst.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Uživatel\AppData\Roaming\kWnd6rycWENv7kTL
2012-11-16 06:22 - 2012-11-16 06:22 - 0007887 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.cat
2012-11-16 06:22 - 2012-11-16 06:22 - 0001144 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.inf
2012-11-16 06:23 - 2012-11-16 06:23 - 0000034 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.log
2012-11-16 06:22 - 2012-11-16 06:22 - 0047360 _____ (VSO Software) C:\Users\Uživatel\AppData\Roaming\pcouffin.sys
2012-03-03 14:49 - 2012-03-03 14:49 - 0031007 _____ () C:\Users\Uživatel\AppData\Roaming\UserTile.png
2012-11-16 06:24 - 2013-08-04 17:38 - 0000671 _____ () C:\Users\Uživatel\AppData\Roaming\vso_ts_preview.xml
2016-04-08 18:15 - 2016-05-21 02:25 - 0000600 _____ () C:\Users\Uživatel\AppData\Roaming\winscp.rnd
2011-04-21 14:43 - 2011-04-21 14:43 - 0000000 _____ () C:\Users\Uživatel\AppData\Local\AtStart.txt
2011-04-21 14:18 - 2016-03-26 02:39 - 0006944 _____ () C:\Users\Uživatel\AppData\Local\d3d9caps.dat
2011-04-21 15:13 - 2016-07-13 19:33 - 0034304 _____ () C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-21 14:43 - 2011-04-21 14:43 - 0000000 _____ () C:\Users\Uživatel\AppData\Local\DSwitch.txt
2012-05-08 16:46 - 2014-12-17 05:40 - 0004096 ____H () C:\Users\Uživatel\AppData\Local\keyfile3.drm
2011-04-21 14:43 - 2011-04-21 14:43 - 0000000 _____ () C:\Users\Uživatel\AppData\Local\QSwitch.txt
2012-08-21 18:51 - 2012-08-21 18:51 - 0000008 __RSH () C:\ProgramData\42E7AC5A07.sys
2011-04-22 18:57 - 2011-05-14 14:04 - 0001959 _____ () C:\ProgramData\hpzinstall.log
2012-08-21 18:51 - 2012-08-21 19:08 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
Some files in TEMP:
====================
C:\Users\Uživatel\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Uživatel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Uživatel\AppData\Local\Temp\sfextra.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-14 19:46
==================== End of FRST.txt ============================
- Přílohy
-
- FRST_Add.zip
- (11.49 KiB) Staženo 81 x
-
Rudy
- Site Admin
- Příspěvky: 118272
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vytížení procesoru procesem svchost.exe
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-391041014-788420946-166250655-1000\...\MountPoints2: {83107a3a-b267-11e4-966a-00247e560867} - F:\LG_PC_Programs.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-391041014-788420946-166250655-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
U4 eabfiltr; no ImagePath
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\42E7AC5A07.sys
C:\ProgramData\KGyGaAvL.sys
C:\Users\Uživatel\AppData\Local\Temp
Task: {17F85D26-7A5D-49BD-89E6-9AE439EB96E0} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {4E1FFF15-0BBC-494A-BA9C-F3B72F75F859} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: C:\Windows\Tasks\HpCBNsg.job => C:\Users\U�ivatel\AppData\Roaming\HpCBNsg.exe <==== ATTENTION
Task: C:\Windows\Tasks\kWnd6rycWENv7kTL.job => C:\Users\U�ivatel\AppData\Roaming\kWnd6rycWENv7kTL.exe <==== ATTENTION
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vytížení procesoru procesem svchost.exe
Fix result of Farbar Recovery Scan Tool (x86) Version: 17-07-2016
Ran by Uživatel (2016-07-17 09:33:27) Run:1
Running from C:\Users\Uživatel\Desktop
Loaded Profiles: Uživatel (Available Profiles: Uživatel)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-391041014-788420946-166250655-1000\...\MountPoints2: {83107a3a-b267-11e4-966a-00247e560867} - F:\LG_PC_Programs.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-391041014-788420946-166250655-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
U4 eabfiltr; no ImagePath
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\42E7AC5A07.sys
C:\ProgramData\KGyGaAvL.sys
C:\Users\Uživatel\AppData\Local\Temp
Task: {17F85D26-7A5D-49BD-89E6-9AE439EB96E0} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {4E1FFF15-0BBC-494A-BA9C-F3B72F75F859} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: C:\Windows\Tasks\HpCBNsg.job => C:\Users\Uživatel\AppData\Roaming\HpCBNsg.exe <==== ATTENTION
Task: C:\Windows\Tasks\kWnd6rycWENv7kTL.job => C:\Users\Uživatel\AppData\Roaming\kWnd6rycWENv7kTL.exe <==== ATTENTION
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
"HKU\S-1-5-21-391041014-788420946-166250655-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83107a3a-b267-11e4-966a-00247e560867}" => key removed successfully.
HKCR\CLSID\{83107a3a-b267-11e4-966a-00247e560867} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} => value removed successfully.
HKCR\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6} => key not found.
HKU\S-1-5-21-391041014-788420946-166250655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
eabfiltr => service removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\42E7AC5A07.sys => moved successfully
C:\ProgramData\KGyGaAvL.sys => moved successfully
"C:\Users\Uživatel\AppData\Local\Temp" folder move:
Could not move "C:\Users\Uživatel\AppData\Local\Temp" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17F85D26-7A5D-49BD-89E6-9AE439EB96E0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17F85D26-7A5D-49BD-89E6-9AE439EB96E0}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E1FFF15-0BBC-494A-BA9C-F3B72F75F859}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E1FFF15-0BBC-494A-BA9C-F3B72F75F859}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found.
C:\Windows\Tasks\HpCBNsg.job => moved successfully
C:\Windows\Tasks\kWnd6rycWENv7kTL.job => moved successfully
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-17 09:37:17)
C:\Users\Uživatel\AppData\Local\Temp => moved successfully
==== End of Fixlog 09:37:19 ====
Ran by Uživatel (2016-07-17 09:33:27) Run:1
Running from C:\Users\Uživatel\Desktop
Loaded Profiles: Uživatel (Available Profiles: Uživatel)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-391041014-788420946-166250655-1000\...\MountPoints2: {83107a3a-b267-11e4-966a-00247e560867} - F:\LG_PC_Programs.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File
Toolbar: HKU\S-1-5-21-391041014-788420946-166250655-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
U4 eabfiltr; no ImagePath
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\42E7AC5A07.sys
C:\ProgramData\KGyGaAvL.sys
C:\Users\Uživatel\AppData\Local\Temp
Task: {17F85D26-7A5D-49BD-89E6-9AE439EB96E0} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {4E1FFF15-0BBC-494A-BA9C-F3B72F75F859} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: C:\Windows\Tasks\HpCBNsg.job => C:\Users\Uživatel\AppData\Roaming\HpCBNsg.exe <==== ATTENTION
Task: C:\Windows\Tasks\kWnd6rycWENv7kTL.job => C:\Users\Uživatel\AppData\Roaming\kWnd6rycWENv7kTL.exe <==== ATTENTION
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
"HKU\S-1-5-21-391041014-788420946-166250655-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83107a3a-b267-11e4-966a-00247e560867}" => key removed successfully.
HKCR\CLSID\{83107a3a-b267-11e4-966a-00247e560867} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} => value removed successfully.
HKCR\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6} => key not found.
HKU\S-1-5-21-391041014-788420946-166250655-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
eabfiltr => service removed successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\42E7AC5A07.sys => moved successfully
C:\ProgramData\KGyGaAvL.sys => moved successfully
"C:\Users\Uživatel\AppData\Local\Temp" folder move:
Could not move "C:\Users\Uživatel\AppData\Local\Temp" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17F85D26-7A5D-49BD-89E6-9AE439EB96E0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17F85D26-7A5D-49BD-89E6-9AE439EB96E0}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E1FFF15-0BBC-494A-BA9C-F3B72F75F859}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E1FFF15-0BBC-494A-BA9C-F3B72F75F859}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found.
C:\Windows\Tasks\HpCBNsg.job => moved successfully
C:\Windows\Tasks\kWnd6rycWENv7kTL.job => moved successfully
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-17 09:37:17)
C:\Users\Uživatel\AppData\Local\Temp => moved successfully
==== End of Fixlog 09:37:19 ====
-
Rudy
- Site Admin
- Příspěvky: 118272
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vytížení procesoru procesem svchost.exe
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vytížení procesoru procesem svchost.exe
Dobrý den, vše se zdá být už v pořádku. Děkuji za pomoc. Je nutné ještě provést nějaké čištění? V NTB mi zůstala složka FRST, lze ji jako správce smazat?
-
Rudy
- Site Admin
- Příspěvky: 118272
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vytížení procesoru procesem svchost.exe
FRST a vše, co vytvořil, smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?