Zdravím,
dostal se mi do rukou ntb dell studio po mamince.
je sice funkční, ale byl celkem dost zaneřáděn. co chvili se ukazal blue screen, win hlasil nelegalni kopii (7 home premium-netuším jakým zpusobem nahravané, já si pomatuji win vista) (Zkoušel jsem oužít aktivátor, ale po té se počítač ještě více zasekal a jakoby měl zakazane veškere spojeni s microsoft, nešel update, defender, nic.
Nejprve jsem použil malware anti bytes který po prvním scanu našel asi 120 problémů (log nemám) poté jsem použil ccleaner a po té eset online scaner. Několikrát se počítač sekl a hodil bluescreen a restartoval se. Asi na pátý pokus se mi podařilo ho nechat doběhnout asi do 96% a poté stejně přestal reagovat a počítač následně spadl do bluescreen.
Zkusil sem stáhnout a nainstalovat eset smart security premium zkušební, zapul prvotní scan, ale nic nenašel.
Zde přikládám RSIT log
Logfile of random's system information tool 1.14 (written by random/random)
Run by Eliška at 2016-11-15 12:57:07
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 142 GB (47%) free of 305 GB
Total RAM: 4091 MB (40% free)
X64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:16, on 15.11.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18450)
Boot mode: Normal
Running processes:
C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\SAMSUNG\Kies\Kies.exe
C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe
C:\Program Files (x86)\SAMSUNG\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
C:\Windows\SysWOW64\wscript.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Eliška_RSITx64.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
O4 - HKLM\..\Run: [final] wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [final] wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: final.vbs
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: mcserver.lnk = C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11887 bytes
======Enumerating Processes======
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Fingerprint Sensor\AtService.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe"
"C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
C:\Windows\system32\taskhost.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Windows\System32\WLTRAY.EXE"
"C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"C:\Program Files (x86)\SAMSUNG\Kies\Kies.exe" /preload
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
C:\Windows\SysWOW64\cmd.exe
\??\C:\Windows\system32\conhost.exe "-1746993765-77033326217116382831496210322-13385187221191857300811264375299683382
C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
"C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\SAMSUNG\Kies\KiesTrayAgent.exe"
"C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" /logon
"C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe"
C:\Windows\SysWOW64\wscript.exe
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\sppsvc.exe
C:\Windows\splwow64.exe 8192
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files\DellTPad\HidFind.exe"
C:\Program Files\DellTPad\Apntex.exe
\??\C:\Windows\system32\conhost.exe "-2007033178-1980771827-1278635988175956847619669052461456683004-94904030-1414895642
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE"
"C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe" /MainProcess 1904 /PrinterName "Canon MG3500 series Printer" /ScannerName "Canon MG3500 series" /Language cs-CZ /Startup
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe" -f="SM_CreateListBG"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe" http://java.com/verify9/?src=install
C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe --type=crashpad-handler /prefetch:7 "--database=C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=54.0.2840.71 --handshake-handle=0x9c
"C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/ClientSideDetectionModel/Model0/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/OfferUploadCreditCards/Disabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Control/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_80/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_07/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,12,14,15,16,17,19,33,59 --gpu-vendor-id=0x1002 --gpu-device-id=0x9591 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.632.1.2000 --gpu-driver-date=8-17-2009 --mojo-application-channel-token=1DEF475BA5655CC60D80E4A069EC78E3 --mojo-platform-channel-handle=1016 --ignored=" --type=renderer " /prefetch:2
"C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/OfferUploadCreditCards/Disabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Control/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_80/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_07/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=FBE26B17438FADD0BFDC098B13AF842C --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=FBE26B17438FADD0BFDC098B13AF842C --channel="1992.3.449538501\1571760938" --mojo-platform-channel-handle=4968 /prefetch:1
C:\Windows\system32\taskhost.exe
"C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe"
"C:\Program Files\ESET\ESET Smart Security Premium\egui.exe" /hide
C:\Windows\system32\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
"C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ClientSideDetectionModel/Model0/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/OfferUploadCreditCards/Disabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SignInPasswordPromo/Default/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Control/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_80/*UMA-Uniformity-Trial-10-Percent/group_01/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_07/*UMA-Uniformity-Trial-50-Percent/group_01/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=332D1B7CFF7948020AE4D5C9ED50A0DA --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=332D1B7CFF7948020AE4D5C9ED50A0DA --channel="1992.14.941730914\1195131192" --mojo-platform-channel-handle=3752 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\AUDIODG.EXE 0xa88
"C:\Users\Eliška\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job - C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe --uninstall=1
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job - C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job - C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job - C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4.job - C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job - C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46.job - C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe online update program - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv - C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe --uninstall=1
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core - C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA - C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Google Updater and Installer - C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core - C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4 - C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA - C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46 - C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Java Update Scheduler - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\tasks\Launch HTC Sync Loader - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup
C:\Windows\system32\tasks\{05A4A8B2-B57B-4AA8-B68A-29A7B53217B9} - C:\Windows\system32\pcalua.exe -a C:\Users\Eliška\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
C:\Windows\system32\tasks\{38177F14-8DEA-48AB-ACAA-D6717578CE04} - "c:\users\eliška\appdata\local\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/6.20.0.104/cs/ ... age=tsMain
C:\Windows\system32\tasks\{3BBE9C39-A751-4314-8BF5-D2E6561EA6F1} - C:\Windows\system32\pcalua.exe -a C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4\ScannerWizard.exe -d C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4
C:\Windows\system32\tasks\{993806C8-B561-44E4-B466-C1068D20A484} - C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\TubeSaver-1\Uninstall.exe" -c /fromcontrolpanel=1
C:\Windows\system32\tasks\{B523F393-A29A-469A-85C2-320DBBFAB1A4} - "c:\users\eliška\appdata\local\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/6.16.0.105/cs/ ... age=tsMain
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2426440832-341668823-1581636725-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\Nero\Nero Info - C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe -shedul
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows Defender\MpIdleTask - c:\program files\windows defender\MpCmdRun.exe -IdleTask -TaskName MpIdleTask
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime - %windir%\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeReminderTime
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime - %windir%\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeTime
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess - %windir%\system32\GWX\GWX.exe /tasklaunch
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\rundetector - %windir%\system32\GWX\GWXDetector.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader - %windir%\system32\WSqmCons.exe -u
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.malwarebytes.org/restorebro ... 0715&SSPV="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.111.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.7]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\searchplugins\
bingp.xml
C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\addons.json
Skype - extension - {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\extensions.json
Bytemobile Optimization Client - extension - ff-bmboc@bytemobile.com - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Skype Click to Call - extension - {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\pluginreg.dat
Plugin - Shockwave Flash - 20.0.0.235 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll
Plugin - Google Update - 1.3.29.1 - C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll
Plugin - Google Update - 1.3.29.1 - C:\Users\Eliška\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll
Plugin - Adobe Acrobat - 11.0.13.17 - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
Plugin - Adobe Acrobat - 11.0.13.17 - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Plugin - DivX Plus Web Player - 3.2.4.1250 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
Plugin - Facebook Video Calling Plugin - 3.1.0.521 - C:\Users\Eliška\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
Plugin - Java(TM) Platform SE 7 U65 - 10.65.2.20 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
Plugin - Java Deployment Toolkit 7.0.650.20 - 10.65.2.20 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
Plugin - DivX VOD Helper Plug-in - 1.1.0.14 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
Plugin - VLC Web Plugin - 2.1.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Plugin - Google Earth Plugin - 7.1.2.2041 - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Plugin - QuickTime Plug-in 7.7.4 - 7.7.4.0 - C:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
Plugin - QuickTime Plug-in 7.7.4 - 7.7.4.0 - C:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
Plugin - QuickTime Plug-in 7.7.4 - 7.7.4.0 - C:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
Plugin - QuickTime Plug-in 7.7.4 - 7.7.4.0 - C:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
Plugin - QuickTime Plug-in 7.7.4 - 7.7.4.0 - C:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
Plugin - CANON iMAGE GATEWAY Album Plugin Utility for IJ - 5.0.0.0 - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
=========Google Chrome=========
C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod 0.2
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 0 YouTube 4.2.8
Extension booedmolknjekdopkepjjeckmjkdpfgl 1 Extutil 0.1
Extension coobgpohoikkiipiblmjeljniedjpjpf 0 Vyhledávání Google 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ejjicmeblgpmajnghnpcppodonldlgfn 0 Kalendář Google 4.5.6
Extension ennkphjdgehloodpbhlhldgbnhmacadg Settings 0.2
Extension fcfenmboojpjinhpgggodefccipikbpd 2 MSN Homepage & Bing Search Engine 0.0.0.5
Extension flcpildhclihlpljpfpojindpglggkpd 0 MapsGalaxy 12.9.6.8621
Extension flpcjncodpafbgdpnkljologafpionhb 1 Managera 0.1
Extension fpmeembnagmagppkgghhfjfdfajdfcah 2 Linkey 1.0.0.5
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ikgjglmlehllifdekcggaapkaplbdpje 0 VideoDownloadConverter 12.202.10.30595
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension lifbcibllhkdhoafpjfnlhfpfgnpldfl 2 Skype Click to Call 7.2.15747.10003
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pafkbggdmjlpgkdkcbjmhmfcdpncadgh Google Now 1.2.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 0 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Extension pljcgbedjplidkdjahbaalanadmjfgop 2 Ask Toolbar 32.3
Homepage: http://google.com/
default_search_provider.search_url:
C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-14 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-14 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-06-19 342528]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-01-27 500208]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-11-17 4119552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"Google Update"=C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
"Facebook Update"=C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-29 138096]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2014-05-28 1563440]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"final"=wscript.exe //B C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs []
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-09-28 8944344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files (x86)\Ask.com\Updater\Updater.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe /systray /nologon []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2014-05-28 310064]
"DivXMediaServer"=C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [2014-11-17 448856]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2013-04-02 1282632]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-01 1156824]
"ProductUpdater"=C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [2016-05-27 75776]
"final"=wscript.exe //B C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22 587288]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
mcserver.lnk - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe
C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
final.vbs
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-11-15 12:57:07 ----D---- C:\rsit
2016-11-15 12:57:07 ----D---- C:\Program Files\trend micro
2016-11-15 00:16:49 ----D---- C:\ProgramData\ESET
2016-11-15 00:16:49 ----D---- C:\Program Files\ESET
2016-11-13 20:15:40 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-11-13 20:15:01 ----D---- C:\ProgramData\Malwarebytes
2016-11-13 20:15:01 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-13 20:15:01 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-11-13 20:15:01 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-11-13 20:15:01 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-11-13 14:30:57 ----A---- C:\Windows\SYSWOW64\winver.exe
2016-11-13 14:30:57 ----A---- C:\Windows\SYSWOW64\user32.dll
2016-11-13 14:30:57 ----A---- C:\Windows\SYSWOW64\systemcpl.dll
2016-11-13 14:30:57 ----A---- C:\Windows\SYSWOW64\sppcomapi.dll
2016-11-13 14:30:57 ----A---- C:\Windows\SYSWOW64\slmgr.vbs
2016-11-13 12:42:49 ----D---- C:\Program Files (x86)\My Program
2016-10-28 14:44:52 ----D---- C:\912d2e4e024f32452e1d
======List of files/folders modified in the last 1 month======
2016-11-15 12:57:11 ----D---- C:\Windows\Temp
2016-11-15 12:57:07 ----RD---- C:\Program Files
2016-11-15 12:19:09 ----D---- C:\Windows\tracing
2016-11-15 00:18:55 ----D---- C:\Windows\system32\drivers
2016-11-15 00:18:55 ----D---- C:\Windows\inf
2016-11-15 00:18:49 ----D---- C:\Windows\system32\DriverStore
2016-11-15 00:18:37 ----SHD---- C:\Windows\Installer
2016-11-15 00:17:51 ----SHD---- C:\Config.Msi
2016-11-15 00:16:49 ----HD---- C:\ProgramData
2016-11-14 23:45:49 ----D---- C:\Windows\system32\config
2016-11-14 23:41:59 ----D---- C:\ProgramData\Oracle
2016-11-14 23:39:42 ----D---- C:\Program Files (x86)\Java
2016-11-14 23:39:36 ----D---- C:\Windows\SysWOW64
2016-11-14 23:37:09 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-11-14 23:26:58 ----D---- C:\Windows
2016-11-14 02:50:39 ----SHD---- C:\System Volume Information
2016-11-14 01:54:46 ----D---- C:\Windows\ModemLogs
2016-11-14 01:54:45 ----D---- C:\Windows\Minidump
2016-11-14 01:54:45 ----D---- C:\Windows\Logs
2016-11-14 01:54:45 ----D---- C:\Windows\debug
2016-11-14 01:46:13 ----D---- C:\Program Files\CCleaner
2016-11-13 20:57:24 ----D---- C:\Windows\System32
2016-11-13 20:57:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-11-13 20:47:34 ----D---- C:\Windows\Panther
2016-11-13 20:43:44 ----RD---- C:\Program Files (x86)
2016-11-13 20:43:44 ----D---- C:\ProgramData\APN
2016-11-13 12:39:47 ----D---- C:\Windows\AppPatch
2016-11-13 12:39:45 ----D---- C:\Windows\system32\Tasks
2016-11-13 12:37:16 ----D---- C:\Windows\system32\MRT
2016-11-13 12:21:28 ----AC---- C:\Windows\system32\MRT.exe
2016-10-31 23:24:56 ----D---- C:\Users\Eliška\AppData\Roaming\Skype
2016-10-28 17:38:38 ----D---- C:\Windows\Prefetch
2016-10-28 14:44:55 ----D---- C:\Windows\SoftwareDistribution
2016-10-28 01:47:59 ----RD---- C:\Program Files (x86)\Skype
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is not digitally signed
File C:\Windows\SysWOW64\User32.dll is not digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BMLoad;Bytemobile Boot Time Load Driver; C:\Windows\system32\drivers\BMLoad.sys [2009-12-15 16512]
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2016-10-13 212096]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-10-13 232072]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-10-13 177792]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-10-13 76416]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-10-13 59528]
R1 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-10-13 91784]
R1 tcpipBM;Bytemobile Kernel Network Provider; \??\C:\Windows\system32\drivers\tcpipBM.sys [2009-12-15 39552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2009-06-25 67584]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2009-06-25 55296]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2009-06-25 57856]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows XP/Vista x64; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-07-29 253488]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-08-17 734720]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-11-17 22520]
R3 BCM43XX;Ovladač bezdrátové karty Dell WLAN; C:\Windows\system32\DRIVERS\bcmwl664.sys [2008-11-17 1526776]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2016-03-10 81104]
R3 ITECIRfilter;ITECIR Filter Driver; C:\Windows\system32\DRIVERS\ITECIRfilter.sys [2016-03-10 36560]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-11-15 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
S1 ewudvwsr;ewudvwsr; \??\C:\Windows\system32\drivers\ewudvwsr.sys []
S1 jmokswes;jmokswes; \??\C:\Windows\system32\drivers\jmokswes.sys []
S2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-10-13 48768]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-04-24 129152]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
S3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-04-24 221824]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-10-01 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 ATService;AuthenTec Fingerprint Service; C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [2009-08-16 1807608]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe [2016-10-11 2815520]
R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2016-05-27 108032]
R2 FreemakeVideoCapture;FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2016-05-27 9216]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-07-18 762192]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-11-17 32768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-19 269504]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-09-01 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-20 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-25 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescreen
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
Krasny den Vam preju 
Je vas operacni system legalni?
V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
Je vas operacni system legalni? V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan (Skenovani), pote na Cleaning (Cisteni)
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
Jestli je nebo není system egální nevím, maminka bydlela v Rakousku a vím, že se jí tam o počítač někdo staral a asi i tam w7 nainstaloval...
zde je log adwcleaner:
# AdwCleaner v6.030 - Log soubor vytvořen 15/11/2016 na 16:05:28
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-15.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Eliška - ELIŠKA-PC
# Beží od : C:\Users\Eliška\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Adresáře ] *****
[-] Adresář smazán:C:\Users\Eliška\AppData\Local\apn
[-] Adresář smazán:C:\Users\Eliška\AppData\Local\genienext
[-] Adresář smazán:C:\Users\Eliška\AppData\Local\Rocket
[-] Adresář smazán:C:\Users\Eliška\AppData\Local\bvyvave
[-] Adresář smazán:C:\Users\Eliška\AppData\Roaming\PerformerSoft
[-] Adresář smazán:C:\Users\Eliška\AppData\Roaming\RHEng
[-] Adresář smazán:C:\ProgramData\apn
[-] Adresář smazán:C:\ProgramData\Babylon
[#] Adresář nelze smazat:C:\ProgramData\Application Data\apn
[#] Adresář nelze smazat:C:\ProgramData\Application Data\Babylon
[-] Adresář smazán:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Adresář smazán:C:\Program Files (x86)\Mobogenie
[-] Adresář smazán:C:\Program Files (x86)\myfree codec
[-] Adresář smazán:C:\Program Files (x86)\PANDORA.TV
[-] Adresář smazán:C:\Program Files (x86)\Common Files\freemake shared
[-] Adresář smazán:C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
***** [ Soubory ] *****
[-] Soubor smazán:C:\Users\Eliška\daemonprocess.txt
[-] Soubor smazán:C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\invalidprefs.js
[-] Soubor smazán:C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] Soubor smazán:C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\searchplugins\bingp.xml
[#] Soubor smazán:C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] Soubor smazán:C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift.1
[-] Klíč smazán:HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Klíč smazán:HKU\.DEFAULT\Software\AVG Secure Search
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\InstalledThirdPartyPrograms
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Myfree Codec
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Rocket Browser
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Softonic
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\AVG Secure Search
[#] Klíč smazán po restartování:HKCU\Software\InstalledThirdPartyPrograms
[#] Klíč smazán po restartování:HKCU\Software\Myfree Codec
[#] Klíč smazán po restartování:HKCU\Software\Rocket Browser
[#] Klíč smazán po restartování:HKCU\Software\Softonic
[-] Klíč smazán:HKLM\SOFTWARE\Myfree Codec
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Klíč smazán po restartování:[x64] HKCU\Software\InstalledThirdPartyPrograms
[#] Klíč smazán po restartování:[x64] HKCU\Software\Myfree Codec
[#] Klíč smazán po restartování:[x64] HKCU\Software\Rocket Browser
[#] Klíč smazán po restartování:[x64] HKCU\Software\Softonic
[-] Klíč smazán:[x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Klíč smazán:[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnUpdater
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
***** [ Prohlížeče ] *****
[-] Firefox nastavení vyčištěno:"browser.search.order.1" - "default-search.net"
[-] Firefox nastavení vyčištěno:"browser.startup.homepage" - "hxxps://www.malwarebytes.org/restorebrowser//?g ... 0715&SSPV="
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.autoRvrt" - "false"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.dfltLng" - "en"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.excTlbr" - false
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.ffxUnstlRst" - true
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.id" - "de12fddd0000000000000021708ebe22"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.instlDay" - "16084"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.instlRef" - "sst"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.newTab" - false
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.prdct" - "buenosearch"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.prtnrId" - "buenosearch"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.rvrt" - "false"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.smplGrp" - "none"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.tb_url" - "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 5&tsp=5127"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.tlbrId" - "base"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.tlbrSrchUrl" - "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 5&tsp=5127"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsn" - "1.8.28.7"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsnTs" - "1.8.28.721:48:51"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsni" - "1.8.28.7"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.appId" - "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.instlDay" - "16084"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsn" - "1.8.28.7"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsni" - "1.8.28.7"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsnTs" - "1.8.28.721:48:51"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.prtnrId" - "buenosearch"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.prdct" - "buenosearch"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.aflt" - "babsst"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.smplGrp" - "none"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.tlbrId" - "base"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.instlRef" - "sst"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.dfltLng" - "en"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.excTlbr" - false
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.ffxUnstlRst" - true
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.admin" - false
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.autoRvrt" - "false"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.rvrt" - "false"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.newTab" - false
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [10146 Bajtů] - [15/11/2016 16:05:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [12904 Bajtů] - [15/11/2016 15:38:00]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10296 Bajtů] ##########
zde je log adwcleaner:
# AdwCleaner v6.030 - Log soubor vytvořen 15/11/2016 na 16:05:28
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-15.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Eliška - ELIŠKA-PC
# Beží od : C:\Users\Eliška\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Adresáře ] *****
[-] Adresář smazán:C:\Users\Eliška\AppData\Local\apn
[-] Adresář smazán:C:\Users\Eliška\AppData\Local\genienext
[-] Adresář smazán:C:\Users\Eliška\AppData\Local\Rocket
[-] Adresář smazán:C:\Users\Eliška\AppData\Local\bvyvave
[-] Adresář smazán:C:\Users\Eliška\AppData\Roaming\PerformerSoft
[-] Adresář smazán:C:\Users\Eliška\AppData\Roaming\RHEng
[-] Adresář smazán:C:\ProgramData\apn
[-] Adresář smazán:C:\ProgramData\Babylon
[#] Adresář nelze smazat:C:\ProgramData\Application Data\apn
[#] Adresář nelze smazat:C:\ProgramData\Application Data\Babylon
[-] Adresář smazán:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Adresář smazán:C:\Program Files (x86)\Mobogenie
[-] Adresář smazán:C:\Program Files (x86)\myfree codec
[-] Adresář smazán:C:\Program Files (x86)\PANDORA.TV
[-] Adresář smazán:C:\Program Files (x86)\Common Files\freemake shared
[-] Adresář smazán:C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
***** [ Soubory ] *****
[-] Soubor smazán:C:\Users\Eliška\daemonprocess.txt
[-] Soubor smazán:C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\invalidprefs.js
[-] Soubor smazán:C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] Soubor smazán:C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\searchplugins\bingp.xml
[#] Soubor smazán:C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] Soubor smazán:C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AVSAsyncBuffer.AVSVideoTimeShift.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AVSAsyncBuffer.UVideoTimeShift.1
[-] Klíč smazán:HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Klíč smazán:HKU\.DEFAULT\Software\AVG Secure Search
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\InstalledThirdPartyPrograms
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Myfree Codec
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Rocket Browser
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Softonic
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Klíč smazán:HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\AVG Secure Search
[#] Klíč smazán po restartování:HKCU\Software\InstalledThirdPartyPrograms
[#] Klíč smazán po restartování:HKCU\Software\Myfree Codec
[#] Klíč smazán po restartování:HKCU\Software\Rocket Browser
[#] Klíč smazán po restartování:HKCU\Software\Softonic
[-] Klíč smazán:HKLM\SOFTWARE\Myfree Codec
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[#] Klíč smazán po restartování:[x64] HKCU\Software\InstalledThirdPartyPrograms
[#] Klíč smazán po restartování:[x64] HKCU\Software\Myfree Codec
[#] Klíč smazán po restartování:[x64] HKCU\Software\Rocket Browser
[#] Klíč smazán po restartování:[x64] HKCU\Software\Softonic
[-] Klíč smazán:[x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Klíč smazán:[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnUpdater
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
***** [ Prohlížeče ] *****
[-] Firefox nastavení vyčištěno:"browser.search.order.1" - "default-search.net"
[-] Firefox nastavení vyčištěno:"browser.startup.homepage" - "hxxps://www.malwarebytes.org/restorebrowser//?g ... 0715&SSPV="
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.autoRvrt" - "false"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.dfltLng" - "en"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.excTlbr" - false
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.ffxUnstlRst" - true
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.id" - "de12fddd0000000000000021708ebe22"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.instlDay" - "16084"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.instlRef" - "sst"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.newTab" - false
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.prdct" - "buenosearch"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.prtnrId" - "buenosearch"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.rvrt" - "false"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.smplGrp" - "none"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.tb_url" - "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 5&tsp=5127"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.tlbrId" - "base"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.tlbrSrchUrl" - "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 5&tsp=5127"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsn" - "1.8.28.7"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsnTs" - "1.8.28.721:48:51"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsni" - "1.8.28.7"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.appId" - "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.instlDay" - "16084"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsn" - "1.8.28.7"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsni" - "1.8.28.7"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.vrsnTs" - "1.8.28.721:48:51"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.prtnrId" - "buenosearch"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.prdct" - "buenosearch"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.aflt" - "babsst"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.smplGrp" - "none"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.tlbrId" - "base"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.instlRef" - "sst"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.dfltLng" - "en"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.excTlbr" - false
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.ffxUnstlRst" - true
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.admin" - false
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.autoRvrt" - "false"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.rvrt" - "false"
[-] Firefox nastavení vyčištěno:"extensions.buenosearch.newTab" - false
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [10146 Bajtů] - [15/11/2016 16:05:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [12904 Bajtů] - [15/11/2016 15:38:00]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10296 Bajtů] ##########
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Eliška (administrator) on ELIŠKA-PC (15-11-2016 17:59:32)
Running from C:\Users\Eliška\Desktop
Loaded Profiles: Eliška (Available Profiles: Eliška)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe
(AuthenTec, Inc.) C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security Premium\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Facebook Inc.) C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Samsung) C:\Program Files (x86)\SAMSUNG\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(ZTE) C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [342528 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2012-01-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [4119552 2008-11-17] (Dell Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [Google Update] => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [Facebook Update] => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-29] (Facebook Inc.)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [final] => wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: {bd882beb-58b4-11e1-8791-0021708ebe22} - E:\Startme.exe
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: {ed360ca6-c762-11e2-a782-0021708ebe22} - E:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mcserver.lnk [2016-11-13]
ShortcutTarget: mcserver.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE)
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-11-13]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{52C58F0C-8388-455D-B348-F367F1635E90}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{76DE49D9-1C51-40BD-9DC7-DF7FC9753243}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?pc=UE12&ocid=UE12DHP
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> {984F4E3E-CF4D-48B9-B242-50E8083E1828} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_5
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-14] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-14] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default [2016-11-15]
FF user.js: detected! => C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\user.js [2016-11-15]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\3w1zlmmx.default -> Bing
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: (Bytemobile Optimization Client) - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon [2012-07-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Eliška\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-09-19] (Apple Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/en-us/?pc=__PARAM__&ocid=__PARAM__DHP
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid ... 0715&SSPV="
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Kalendář Google) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR Profile: C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ATService; C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [1807608 2009-08-16] (AuthenTec, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe [2815520 2016-10-11] (ESET)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-05-27] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-05-27] (Ellora Assets Corp.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-11-17] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
R0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [212096 2016-10-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [48768 2016-10-13] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [76416 2016-10-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59528 2016-10-13] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [91784 2016-10-13] (ESET)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [36560 2016-03-10] (ITE Tech. Inc. )
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
R1 tcpipBM; C:\Windows\SysWOW64\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-11-02] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-11-02] (ZTE)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 ewudvwsr; \??\C:\Windows\system32\drivers\ewudvwsr.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S1 jmokswes; \??\C:\Windows\system32\drivers\jmokswes.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-15 17:59 - 2016-11-15 18:00 - 00024191 _____ C:\Users\Eliška\Desktop\FRST.txt
2016-11-15 17:59 - 2016-11-15 17:59 - 00000000 ____D C:\FRST
2016-11-15 17:55 - 2016-11-15 17:56 - 02411520 _____ (Farbar) C:\Users\Eliška\Desktop\FRST64.exe
2016-11-15 15:36 - 2016-11-15 16:05 - 00000000 ____D C:\AdwCleaner
2016-11-15 15:32 - 2016-11-15 15:33 - 03910208 _____ C:\Users\Eliška\Desktop\adwcleaner_6.030.exe
2016-11-15 12:57 - 2016-11-15 12:57 - 00000000 ____D C:\rsit
2016-11-15 12:57 - 2016-11-15 12:57 - 00000000 ____D C:\Program Files\trend micro
2016-11-15 12:56 - 2016-11-15 12:56 - 01323520 _____ C:\Users\Eliška\Downloads\RSITx64.exe
2016-11-15 00:16 - 2016-11-15 00:16 - 00002083 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\ProgramData\ESET
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\Program Files\ESET
2016-11-14 23:56 - 2016-11-14 23:56 - 03136640 _____ (ESET) C:\Users\Eliška\Downloads\eset_smart_security_premium_live_installer.exe
2016-11-14 02:05 - 2016-11-14 02:06 - 06760064 _____ (ESET spol. s r.o.) C:\Users\Eliška\Downloads\ESETOnlineScanner_CSY.exe
2016-11-14 01:45 - 2016-11-14 01:45 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\Hudba - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\HONZA - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\Dokumenty - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\Conchita - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\Conchi - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\A-PEČENÍ - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\Andy - zástupce.lnk
2016-11-13 20:15 - 2016-11-15 17:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 20:15 - 2016-11-13 20:45 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-13 20:15 - 2016-11-13 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-13 20:15 - 2016-11-13 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-13 20:15 - 2016-11-13 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-13 20:15 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-13 20:15 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-13 20:15 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-13 20:06 - 2016-11-13 20:08 - 22851472 _____ (Malwarebytes ) C:\Users\Eliška\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-13 19:21 - 2016-11-13 19:23 - 46755096 _____ (Microsoft Corporation) C:\Users\Eliška\Downloads\mpas-feX64.exe
2016-11-13 14:30 - 2016-11-13 14:31 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-11-13 14:30 - 2016-11-13 14:31 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2016-11-13 14:30 - 2016-11-13 14:31 - 00002048 _____ C:\Windows\SysWOW64\winver.exe
2016-11-13 14:30 - 2016-11-13 14:30 - 00113543 _____ C:\Windows\SysWOW64\slmgr.vbs
2016-11-13 14:30 - 2016-11-13 14:30 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2016-11-13 14:07 - 2016-11-13 14:08 - 09060217 _____ C:\Users\Eliška\Downloads\Win-7-activator.rar
2016-11-13 12:42 - 2016-11-13 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
2016-11-13 12:42 - 2016-11-13 14:03 - 00000000 ____D C:\Program Files (x86)\My Program
2016-11-13 12:41 - 2016-11-13 12:41 - 01903757 _____ C:\Users\Eliška\Downloads\patch-Windows-7-Activator---KMSpico.2016.rar
2016-10-28 14:44 - 2016-10-28 14:44 - 00000000 ___HT C:\Windows\wusa.lock
2016-10-28 14:44 - 2016-10-28 14:44 - 00000000 ____D C:\912d2e4e024f32452e1d
2016-10-28 14:43 - 2016-10-28 14:44 - 00159144 _____ (Microsoft Corporation) C:\Users\Eliška\Downloads\WindowsActivationUpdate.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-15 17:50 - 2016-08-24 20:44 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46.job
2016-11-15 17:42 - 2009-07-14 05:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-15 17:42 - 2009-07-14 05:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-15 16:12 - 2013-06-11 16:35 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-11-15 16:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-11-15 16:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 16:05 - 2012-01-24 16:00 - 00000000 ____D C:\Users\Eliška
2016-11-15 00:30 - 2012-01-24 20:04 - 00000000 ____D C:\Users\Eliška\AppData\Local\ESET
2016-11-15 00:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-14 23:53 - 2012-01-24 16:15 - 00002378 _____ C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 23:41 - 2013-12-16 13:45 - 00000000 ____D C:\ProgramData\Oracle
2016-11-14 23:39 - 2014-07-30 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-14 23:39 - 2012-02-21 13:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-14 23:37 - 2014-07-30 15:19 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-14 01:54 - 2012-07-23 09:50 - 00000000 ____D C:\Users\Eliška\AppData\Local\CrashDumps
2016-11-14 01:54 - 2012-05-03 21:40 - 00000000 ____D C:\Windows\Minidump
2016-11-14 01:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2016-11-14 01:46 - 2012-05-06 15:43 - 00000000 ____D C:\Program Files\CCleaner
2016-11-14 01:45 - 2012-05-06 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-13 22:24 - 2012-04-15 14:00 - 00000000 ____D C:\Users\Eliška\Desktop\zástupci
2016-11-13 21:50 - 2016-08-24 20:44 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4.job
2016-11-13 20:57 - 2009-07-14 16:18 - 00672424 _____ C:\Windows\system32\perfh005.dat
2016-11-13 20:57 - 2009-07-14 16:18 - 00142988 _____ C:\Windows\system32\perfc005.dat
2016-11-13 20:57 - 2009-07-14 06:13 - 01593374 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-13 20:47 - 2012-01-24 15:52 - 00000000 ____D C:\Windows\Panther
2016-11-13 20:45 - 2016-04-15 18:22 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-11-13 20:45 - 2016-03-19 23:33 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
2016-11-13 20:45 - 2016-02-10 17:58 - 00001326 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2016-11-13 20:45 - 2016-01-08 00:17 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-11-13 20:45 - 2016-01-08 00:16 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-11-13 20:45 - 2015-04-16 12:41 - 00002015 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2016-11-13 20:45 - 2014-10-06 19:55 - 00000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-11-13 20:45 - 2014-07-02 19:38 - 00002001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2016-11-13 20:45 - 2014-07-02 19:38 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
2016-11-13 20:45 - 2014-07-02 19:38 - 00001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2016-11-13 20:45 - 2014-06-18 10:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-13 20:45 - 2012-01-27 16:25 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2016-11-13 20:45 - 2012-01-27 16:23 - 00001207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:20 - 00001262 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:20 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:18 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:18 - 00001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-11-13 20:45 - 2012-01-24 16:09 - 00001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-13 20:45 - 2012-01-24 15:56 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-13 20:45 - 2012-01-24 15:56 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-11-13 20:45 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-11-13 20:44 - 2016-10-01 15:02 - 00000000 ____D C:\Users\Eliška\Desktop\Pečení
2016-11-13 20:44 - 2013-09-13 16:20 - 00000908 _____ C:\Users\Eliška\Desktop\Downloads.lnk
2016-11-13 20:44 - 2013-08-09 15:38 - 00002246 _____ C:\Users\Eliška\Desktop\Internet Manager.lnk
2016-11-13 20:44 - 2012-08-03 12:09 - 00014408 _____ C:\Users\Eliška\Desktop\Stažené soubory.lnk
2016-11-13 20:44 - 2012-01-24 16:02 - 00001393 _____ C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-13 20:44 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-11-13 20:44 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-11-13 13:38 - 2014-12-06 22:05 - 00000000 ____D C:\Users\Eliška\Desktop\Bety dort a fotky
2016-11-13 12:38 - 2013-08-25 22:21 - 00001912 _____ C:\Windows\epplauncher.mif
2016-11-13 12:37 - 2013-08-20 11:58 - 00000000 ____D C:\Windows\system32\MRT
2016-11-13 12:21 - 2012-01-24 20:50 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-31 23:24 - 2012-02-01 23:19 - 00000000 ____D C:\Users\Eliška\AppData\Roaming\Skype
2016-10-28 21:53 - 2012-01-24 16:12 - 00000000 ____D C:\Users\Eliška\AppData\Local\Google
2016-10-28 01:47 - 2012-02-04 21:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-18 13:09 - 2015-05-08 11:18 - 00000000 ____D C:\Users\Eliška\Documents\Odtah auta
2016-10-18 13:00 - 2016-02-27 20:19 - 00000000 ____D C:\Users\Eliška\Documents\Můj nový byt
2016-10-18 12:57 - 2013-04-21 17:15 - 00000000 ____D C:\Users\Eliška\Documents\Důchod
2016-10-18 12:55 - 2016-04-19 21:35 - 00000000 ____D C:\Users\Eliška\Documents\Banka
2016-10-18 10:27 - 2014-09-17 14:00 - 00000000 ____D C:\Users\Eliška\Documents\Růnová
==================== Files in the root of some directories =======
2012-02-03 15:13 - 2011-10-21 21:57 - 21073936 _____ () C:\Program Files\vlc-1.1.11-win32.exe
2014-07-30 21:36 - 2016-05-21 08:36 - 0000250 _____ () C:\Users\Eliška\AppData\Roaming\WB.CFG
2016-07-02 21:45 - 2016-07-02 21:45 - 0003584 _____ () C:\Users\Eliška\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-04 16:50 - 2015-03-04 16:50 - 0000849 _____ () C:\Users\Eliška\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Eliška\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Eliška\AppData\Local\Temp\libeay32.dll
C:\Users\Eliška\AppData\Local\Temp\msvcr120.dll
C:\Users\Eliška\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2016-09-17 14:01] - [2016-08-16 18:36] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E
C:\Windows\SysWOW64\User32.dll
[2016-11-13 14:30] - [2016-11-13 14:31] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-24 23:32
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Eliška (15-11-2016 18:01:05)
Running from C:\Users\Eliška\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-24 15:00:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2426440832-341668823-1581636725-500 - Administrator - Disabled)
Eliška (S-1-5-21-2426440832-341668823-1581636725-1000 - Administrator - Enabled) => C:\Users\Eliška
Guest (S-1-5-21-2426440832-341668823-1581636725-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2426440832-341668823-1581636725-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security Premium 10.0.369.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium 10.0.369.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AuthenTec Fingerprint Software (HKLM-x32\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.3.0 - "AuthenTec,Inc.")
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Balíček ovladače systému Windows - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2009 8.5.0.251) (HKLM\...\815EB4ED418166EC2BBE3A39EAC38C74AE911A8C) (Version: 07/02/2009 8.5.0.251 - AuthenTec Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.224 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
ESET Smart Security Premium (HKLM\...\{9FD38E7D-4EEC-4057-9D3A-2C48C91D0C12}) (Version: 10.0.369.1 - ESET, spol. s r.o.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: - )
Foxit PDF Editor 2.0 Build 1011 + Patch version for Windows (HKLM-x32\...\{BA30BA25-3C41-FFFD-B067-1515F4EAC738}_is1) (Version: for Windows - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Internet Manager (HKLM\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 cs)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Program version 1.5 (HKLM-x32\...\{11C0B447-2D00-4891-B686-367E63EDAC63}_is1) (Version: 1.5 - My Company, Inc.)
Nero Burning ROM 2014 (HKLM-x32\...\{B0E4ACBC-4CFA-4B6D-9B7B-E13C171BCC23}) (Version: 15.0.05300 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Registrace uživatele zařízení Canon MG3500 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG3500 series) (Version: - Canon Inc.)
RICOH Media Driver ver.2.07.01.00 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
save2pc 5.44 (HKLM-x32\...\save2pc_is1) (Version: - FDRLab, Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.127 - PandoraTV)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2426440832-341668823-1581636725-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2426440832-341668823-1581636725-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {076A80B0-8DC0-4244-BE78-1C9186EE4654} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {1A2FD1BD-1D02-4095-BD93-32E752B9E2BD} - System32\Tasks\{05A4A8B2-B57B-4AA8-B68A-29A7B53217B9} => pcalua.exe -a C:\Users\Eliška\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {288620B5-354D-46D1-A05D-5B1F27257232} - System32\Tasks\{993806C8-B561-44E4-B466-C1068D20A484} => pcalua.exe -a "C:\Program Files (x86)\TubeSaver-1\Uninstall.exe" -c /fromcontrolpanel=1
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {31D0C88D-115A-4D7D-B3EB-FEF58B302DF1} - System32\Tasks\{3BBE9C39-A751-4314-8BF5-D2E6561EA6F1} => pcalua.exe -a C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4\ScannerWizard.exe -d C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4
Task: {4461739E-AB82-43F3-974A-6D232DFC2C9C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4 => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4AD3A0A2-7876-4CB1-9A0D-48BD6AD4087A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-19] (Adobe Systems Incorporated)
Task: {50901F1D-939F-4002-8B74-74930E685CA2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {56ADCC3F-5D3D-48F0-8DE3-D34C4C9D5559} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-29] (Facebook Inc.)
Task: {5B837D10-68F3-4D5A-8CDB-6B8478C83914} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {7570F405-69D1-48D1-B3FE-4857EFEB9B1C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {865D5A61-188C-47F6-9640-ECFD0FB81175} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {949D3DC8-9FEE-4B4C-8AF2-AA1F487F93F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A33F57FD-FC30-4274-A695-2E7963A56365} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-29] (Facebook Inc.)
Task: {A7F72BA3-C4E8-47B3-8042-B507D4D5F1AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {ADA5A295-A151-44E8-B18A-EC1E90586FBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B2859F79-E28B-472C-A6CF-199CF67FAC30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C12C4841-312E-47A3-9B13-BC4076B1CB8E} - System32\Tasks\{B523F393-A29A-469A-85C2-320DBBFAB1A4} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/cs/abandoninstall?page=tsMain
Task: {C855205F-3F08-46DF-9BB6-1DB110C9D81F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46 => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CD3DF530-E3EA-4D99-9E78-F5EA6575C4B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-01] (Adobe Systems Incorporated)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E2CD6A62-A116-4230-88F7-DAD8A93AD26B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EF70D17C-2E6C-4A23-AB38-8CD02E591545} - System32\Tasks\Google Updater and Installer => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EFE554F8-5220-462E-8F18-30E9B03E59E3} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-01] (Adobe Systems Incorporated)
Task: {F2BF26DB-5BB5-4127-854F-348E3CCDFAB7} - System32\Tasks\{38177F14-8DEA-48AB-ACAA-D6717578CE04} => Chrome.exe hxxp://ui.skype.com/ui/0/6.20.0.104/cs/abandoninstall?page=tsMain
Task: {F8143C17-D7BC-43CA-AC63-099CC1FC14C5} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-11-10 09:58 - 2008-11-17 07:29 - 00032768 _____ () C:\Windows\System32\WLTRYSVC.EXE
2015-11-10 09:58 - 2008-11-17 07:29 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-11-08 22:30 - 2014-11-08 22:30 - 00124248 _____ () C:\Program Files (x86)\DivX\DivX Player\DPXIconHandler.dll
2012-01-27 15:43 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-08-09 15:37 - 2012-05-23 09:38 - 00221552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
2016-01-06 17:41 - 2016-01-06 17:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-09-28 17:25 - 2016-09-28 17:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2013-08-09 15:37 - 2012-05-23 09:38 - 00037232 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
2013-08-09 15:37 - 2011-05-06 04:03 - 00594944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-1.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00099840 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\itapi.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00027648 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\log.dll
2013-08-09 15:37 - 2010-10-14 10:37 - 00971776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libxml2.dll
2013-08-09 15:37 - 2010-10-14 10:37 - 00080688 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\zlib1.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00058880 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\coder.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00043520 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\audio.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00036352 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libConfig.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00021504 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libctlsvr.dll
2013-08-09 15:37 - 2011-12-26 08:41 - 00090624 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\CaptureCrash.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-08-09 15:37 - 2007-09-09 16:07 - 00151552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libexpat.dll
2013-08-09 15:37 - 2011-05-06 04:02 - 00341504 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\sqlite3.dll
2016-11-14 23:53 - 2016-11-08 21:29 - 01819240 _____ () C:\Users\Eliška\AppData\Local\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 23:53 - 2016-11-08 21:29 - 00093288 _____ () C:\Users\Eliška\AppData\Local\Google\Chrome\Application\54.0.2840.99\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-11-13 14:30 - 00000921 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Google Update => "C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{45256570-A8CD-4216-A759-FB9363CDD6E1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{72AC8E75-B99E-44F2-ABFA-AD9366160C3C}C:\users\eliška\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\eliška\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{4BB66A68-47B9-46A9-90C5-7BDA5A2907E8}C:\users\eliška\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\eliška\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{54D0DC84-EAFF-4BDB-B813-06E9EC33DD52}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{33F9AF70-4E47-47CB-B8D4-FA1E73773247}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [TCP Query User{511CBFD0-C27E-4D6A-A995-E6CDA0478C28}E:\skype\phone\skype.exe] => (Block) E:\skype\phone\skype.exe
FirewallRules: [UDP Query User{ADB0BC86-9020-4BB7-9C2B-F73488BA0149}E:\skype\phone\skype.exe] => (Block) E:\skype\phone\skype.exe
FirewallRules: [{0D43A994-54A1-4C3B-8099-E92217BA5D35}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{F295CA76-26E4-4ABD-AB00-F7F97D6AAC05}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{A88F2FDE-B95C-4A42-9FD6-7DEF034D37D4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{E8EBC84A-A62F-4E51-8CE5-38D7EF651879}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{8B1A6AA0-7F71-42D2-9AFF-4F2300D61433}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [UDP Query User{665AF446-3CC1-4409-972E-D1B07242AFBC}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [TCP Query User{FF4C2287-5314-4F78-9DF9-EE1A5D3962ED}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [UDP Query User{43520E64-DC70-4ABD-8615-5820EABFD3F8}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [TCP Query User{7E2EF2A1-C078-42D6-BAEE-6EF2BB1B64CF}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [UDP Query User{12C62AE4-7157-4980-8D16-558AB29F6D57}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [{1651DBAA-47AE-44B4-9002-15C3F684CB2E}] => (Allow) C:\Users\Eliška\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{191472B7-0619-4E67-A5A7-561F5FEAD024}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe
FirewallRules: [UDP Query User{D017F3D1-1DAD-4462-A4E0-8F2A4680388C}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe
FirewallRules: [{1893C48A-F7C5-481D-A362-FB8EE5F48111}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2879891B-F842-4353-91D5-AD56632F5ED2}] => (Allow) LPort=2869
FirewallRules: [{9A5C4298-AB99-4F32-8880-40B1FE6B6178}] => (Allow) LPort=1900
FirewallRules: [{8CF901A8-3691-421B-8824-F000F9EA045D}] => (Allow) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8055DCCC-E528-4952-BF7A-C64F59EFE3C5}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [UDP Query User{46E9FEF9-9E62-492F-B67E-64412EE8EB79}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/15/2016 04:11:54 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
Error: (11/15/2016 04:11:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9
Error: (11/14/2016 11:34:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (1960) Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error: (11/14/2016 11:27:29 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
Error: (11/14/2016 11:27:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9
Error: (11/14/2016 01:54:31 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5588) testing: Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error: (11/14/2016 01:54:21 AM) (Source: ESENT) (EventID: 490) (User: )
Description: CCleaner64 (5588) testing: Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error: (11/14/2016 12:45:21 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
Error: (11/14/2016 12:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9
Error: (11/14/2016 12:03:24 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
System errors:
=============
Error: (11/15/2016 04:14:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (11/15/2016 04:14:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).
Error: (11/15/2016 04:10:54 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (11/15/2016 04:10:54 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (11/15/2016 04:04:51 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.
Error: (11/15/2016 04:04:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Nero Update byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (11/15/2016 04:04:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (11/15/2016 04:04:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (11/15/2016 04:04:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (11/15/2016 04:04:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Live ID Sign-in Assistant byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
CodeIntegrity:
===================================
Date: 2016-11-15 17:57:04.488
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 16:11:44.325
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 16:04:14.115
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 15:36:03.323
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 12:56:46.067
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 10:44:59.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 05:41:02.207
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 00:19:38.902
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 00:00:33.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-14 23:35:28.787
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 55%
Total physical RAM: 4090.89 MB
Available physical RAM: 1800.33 MB
Total Virtual: 8179.96 MB
Available Virtual: 5429.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:138.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Eliška (administrator) on ELIŠKA-PC (15-11-2016 17:59:32)
Running from C:\Users\Eliška\Desktop
Loaded Profiles: Eliška (Available Profiles: Eliška)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe
(AuthenTec, Inc.) C:\Program Files (x86)\Fingerprint Sensor\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security Premium\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Facebook Inc.) C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Samsung) C:\Program Files (x86)\SAMSUNG\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(ZTE) C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [342528 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2012-01-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [4119552 2008-11-17] (Dell Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [Google Update] => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [Facebook Update] => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-29] (Facebook Inc.)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [final] => wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: {bd882beb-58b4-11e1-8791-0021708ebe22} - E:\Startme.exe
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: {ed360ca6-c762-11e2-a782-0021708ebe22} - E:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mcserver.lnk [2016-11-13]
ShortcutTarget: mcserver.lnk -> C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\mcserver.exe (ZTE)
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-11-13]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{52C58F0C-8388-455D-B348-F367F1635E90}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{76DE49D9-1C51-40BD-9DC7-DF7FC9753243}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?pc=UE12&ocid=UE12DHP
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> {984F4E3E-CF4D-48B9-B242-50E8083E1828} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_5
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-14] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-14] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default [2016-11-15]
FF user.js: detected! => C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\user.js [2016-11-15]
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\3w1zlmmx.default -> Bing
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-20] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon
FF Extension: (Bytemobile Optimization Client) - C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\addon [2012-07-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Eliška\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-2426440832-341668823-1581636725-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-24] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-09-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-09-19] (Apple Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/en-us/?pc=__PARAM__&ocid=__PARAM__DHP
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid ... 0715&SSPV="
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Kalendář Google) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR Profile: C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eliška\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ATService; C:\Program Files (x86)\Fingerprint Sensor\AtService.exe [1807608 2009-08-16] (AuthenTec, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security Premium\ekrn.exe [2815520 2016-10-11] (ESET)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-05-27] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-05-27] (Ellora Assets Corp.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-11-17] (Dell Inc.) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
R0 BMLoad; C:\Windows\SysWOW64\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [232072 2016-10-13] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [212096 2016-10-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [177792 2016-10-13] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [48768 2016-10-13] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [76416 2016-10-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59528 2016-10-13] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [91784 2016-10-13] (ESET)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [36560 2016-03-10] (ITE Tech. Inc. )
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
R1 tcpipBM; C:\Windows\SysWOW64\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-11-02] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-11-02] (ZTE)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 ewudvwsr; \??\C:\Windows\system32\drivers\ewudvwsr.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S1 jmokswes; \??\C:\Windows\system32\drivers\jmokswes.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-15 17:59 - 2016-11-15 18:00 - 00024191 _____ C:\Users\Eliška\Desktop\FRST.txt
2016-11-15 17:59 - 2016-11-15 17:59 - 00000000 ____D C:\FRST
2016-11-15 17:55 - 2016-11-15 17:56 - 02411520 _____ (Farbar) C:\Users\Eliška\Desktop\FRST64.exe
2016-11-15 15:36 - 2016-11-15 16:05 - 00000000 ____D C:\AdwCleaner
2016-11-15 15:32 - 2016-11-15 15:33 - 03910208 _____ C:\Users\Eliška\Desktop\adwcleaner_6.030.exe
2016-11-15 12:57 - 2016-11-15 12:57 - 00000000 ____D C:\rsit
2016-11-15 12:57 - 2016-11-15 12:57 - 00000000 ____D C:\Program Files\trend micro
2016-11-15 12:56 - 2016-11-15 12:56 - 01323520 _____ C:\Users\Eliška\Downloads\RSITx64.exe
2016-11-15 00:16 - 2016-11-15 00:16 - 00002083 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\ProgramData\ESET
2016-11-15 00:16 - 2016-11-15 00:16 - 00000000 ____D C:\Program Files\ESET
2016-11-14 23:56 - 2016-11-14 23:56 - 03136640 _____ (ESET) C:\Users\Eliška\Downloads\eset_smart_security_premium_live_installer.exe
2016-11-14 02:05 - 2016-11-14 02:06 - 06760064 _____ (ESET spol. s r.o.) C:\Users\Eliška\Downloads\ESETOnlineScanner_CSY.exe
2016-11-14 01:45 - 2016-11-14 01:45 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\Hudba - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\HONZA - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\Dokumenty - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\Conchita - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\Conchi - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\A-PEČENÍ - zástupce.lnk
2016-11-13 20:44 - 2016-11-13 20:44 - 00000080 _____ C:\Users\Eliška\Desktop\Andy - zástupce.lnk
2016-11-13 20:15 - 2016-11-15 17:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 20:15 - 2016-11-13 20:45 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-13 20:15 - 2016-11-13 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-13 20:15 - 2016-11-13 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-13 20:15 - 2016-11-13 20:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-13 20:15 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-13 20:15 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-13 20:15 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-13 20:06 - 2016-11-13 20:08 - 22851472 _____ (Malwarebytes ) C:\Users\Eliška\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-13 19:21 - 2016-11-13 19:23 - 46755096 _____ (Microsoft Corporation) C:\Users\Eliška\Downloads\mpas-feX64.exe
2016-11-13 14:30 - 2016-11-13 14:31 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-11-13 14:30 - 2016-11-13 14:31 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\systemcpl.dll
2016-11-13 14:30 - 2016-11-13 14:31 - 00002048 _____ C:\Windows\SysWOW64\winver.exe
2016-11-13 14:30 - 2016-11-13 14:30 - 00113543 _____ C:\Windows\SysWOW64\slmgr.vbs
2016-11-13 14:30 - 2016-11-13 14:30 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcomapi.dll
2016-11-13 14:07 - 2016-11-13 14:08 - 09060217 _____ C:\Users\Eliška\Downloads\Win-7-activator.rar
2016-11-13 12:42 - 2016-11-13 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
2016-11-13 12:42 - 2016-11-13 14:03 - 00000000 ____D C:\Program Files (x86)\My Program
2016-11-13 12:41 - 2016-11-13 12:41 - 01903757 _____ C:\Users\Eliška\Downloads\patch-Windows-7-Activator---KMSpico.2016.rar
2016-10-28 14:44 - 2016-10-28 14:44 - 00000000 ___HT C:\Windows\wusa.lock
2016-10-28 14:44 - 2016-10-28 14:44 - 00000000 ____D C:\912d2e4e024f32452e1d
2016-10-28 14:43 - 2016-10-28 14:44 - 00159144 _____ (Microsoft Corporation) C:\Users\Eliška\Downloads\WindowsActivationUpdate.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-15 17:50 - 2016-08-24 20:44 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46.job
2016-11-15 17:42 - 2009-07-14 05:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-15 17:42 - 2009-07-14 05:45 - 00022784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-15 16:12 - 2013-06-11 16:35 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-11-15 16:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-11-15 16:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-15 16:05 - 2012-01-24 16:00 - 00000000 ____D C:\Users\Eliška
2016-11-15 00:30 - 2012-01-24 20:04 - 00000000 ____D C:\Users\Eliška\AppData\Local\ESET
2016-11-15 00:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-14 23:53 - 2012-01-24 16:15 - 00002378 _____ C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 23:41 - 2013-12-16 13:45 - 00000000 ____D C:\ProgramData\Oracle
2016-11-14 23:39 - 2014-07-30 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-14 23:39 - 2012-02-21 13:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-14 23:37 - 2014-07-30 15:19 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-14 01:54 - 2012-07-23 09:50 - 00000000 ____D C:\Users\Eliška\AppData\Local\CrashDumps
2016-11-14 01:54 - 2012-05-03 21:40 - 00000000 ____D C:\Windows\Minidump
2016-11-14 01:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2016-11-14 01:46 - 2012-05-06 15:43 - 00000000 ____D C:\Program Files\CCleaner
2016-11-14 01:45 - 2012-05-06 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-13 22:24 - 2012-04-15 14:00 - 00000000 ____D C:\Users\Eliška\Desktop\zástupci
2016-11-13 21:50 - 2016-08-24 20:44 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4.job
2016-11-13 20:57 - 2009-07-14 16:18 - 00672424 _____ C:\Windows\system32\perfh005.dat
2016-11-13 20:57 - 2009-07-14 16:18 - 00142988 _____ C:\Windows\system32\perfc005.dat
2016-11-13 20:57 - 2009-07-14 06:13 - 01593374 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-13 20:47 - 2012-01-24 15:52 - 00000000 ____D C:\Windows\Panther
2016-11-13 20:45 - 2016-04-15 18:22 - 00001060 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-11-13 20:45 - 2016-03-19 23:33 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
2016-11-13 20:45 - 2016-02-10 17:58 - 00001326 _____ C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2016-11-13 20:45 - 2016-01-08 00:17 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-11-13 20:45 - 2016-01-08 00:16 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-11-13 20:45 - 2015-04-16 12:41 - 00002015 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2016-11-13 20:45 - 2014-10-06 19:55 - 00000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-11-13 20:45 - 2014-07-02 19:38 - 00002001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2016-11-13 20:45 - 2014-07-02 19:38 - 00001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
2016-11-13 20:45 - 2014-07-02 19:38 - 00001924 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2016-11-13 20:45 - 2014-06-18 10:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-13 20:45 - 2012-01-27 16:25 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2016-11-13 20:45 - 2012-01-27 16:23 - 00001207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:20 - 00001262 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:20 - 00001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:18 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-11-13 20:45 - 2012-01-27 16:18 - 00001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-11-13 20:45 - 2012-01-24 16:09 - 00001150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-13 20:45 - 2012-01-24 15:56 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-13 20:45 - 2012-01-24 15:56 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-11-13 20:45 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-11-13 20:45 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-11-13 20:44 - 2016-10-01 15:02 - 00000000 ____D C:\Users\Eliška\Desktop\Pečení
2016-11-13 20:44 - 2013-09-13 16:20 - 00000908 _____ C:\Users\Eliška\Desktop\Downloads.lnk
2016-11-13 20:44 - 2013-08-09 15:38 - 00002246 _____ C:\Users\Eliška\Desktop\Internet Manager.lnk
2016-11-13 20:44 - 2012-08-03 12:09 - 00014408 _____ C:\Users\Eliška\Desktop\Stažené soubory.lnk
2016-11-13 20:44 - 2012-01-24 16:02 - 00001393 _____ C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-13 20:44 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-11-13 20:44 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-11-13 13:38 - 2014-12-06 22:05 - 00000000 ____D C:\Users\Eliška\Desktop\Bety dort a fotky
2016-11-13 12:38 - 2013-08-25 22:21 - 00001912 _____ C:\Windows\epplauncher.mif
2016-11-13 12:37 - 2013-08-20 11:58 - 00000000 ____D C:\Windows\system32\MRT
2016-11-13 12:21 - 2012-01-24 20:50 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-31 23:24 - 2012-02-01 23:19 - 00000000 ____D C:\Users\Eliška\AppData\Roaming\Skype
2016-10-28 21:53 - 2012-01-24 16:12 - 00000000 ____D C:\Users\Eliška\AppData\Local\Google
2016-10-28 01:47 - 2012-02-04 21:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-18 13:09 - 2015-05-08 11:18 - 00000000 ____D C:\Users\Eliška\Documents\Odtah auta
2016-10-18 13:00 - 2016-02-27 20:19 - 00000000 ____D C:\Users\Eliška\Documents\Můj nový byt
2016-10-18 12:57 - 2013-04-21 17:15 - 00000000 ____D C:\Users\Eliška\Documents\Důchod
2016-10-18 12:55 - 2016-04-19 21:35 - 00000000 ____D C:\Users\Eliška\Documents\Banka
2016-10-18 10:27 - 2014-09-17 14:00 - 00000000 ____D C:\Users\Eliška\Documents\Růnová
==================== Files in the root of some directories =======
2012-02-03 15:13 - 2011-10-21 21:57 - 21073936 _____ () C:\Program Files\vlc-1.1.11-win32.exe
2014-07-30 21:36 - 2016-05-21 08:36 - 0000250 _____ () C:\Users\Eliška\AppData\Roaming\WB.CFG
2016-07-02 21:45 - 2016-07-02 21:45 - 0003584 _____ () C:\Users\Eliška\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-04 16:50 - 2015-03-04 16:50 - 0000849 _____ () C:\Users\Eliška\AppData\Local\recently-used.xbel
Some files in TEMP:
====================
C:\Users\Eliška\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Eliška\AppData\Local\Temp\libeay32.dll
C:\Users\Eliška\AppData\Local\Temp\msvcr120.dll
C:\Users\Eliška\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2016-09-17 14:01] - [2016-08-16 18:36] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E
C:\Windows\SysWOW64\User32.dll
[2016-11-13 14:30] - [2016-11-13 14:31] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-10-24 23:32
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Eliška (15-11-2016 18:01:05)
Running from C:\Users\Eliška\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-24 15:00:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2426440832-341668823-1581636725-500 - Administrator - Disabled)
Eliška (S-1-5-21-2426440832-341668823-1581636725-1000 - Administrator - Enabled) => C:\Users\Eliška
Guest (S-1-5-21-2426440832-341668823-1581636725-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2426440832-341668823-1581636725-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security Premium 10.0.369.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium 10.0.369.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AuthenTec Fingerprint Software (HKLM-x32\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.3.0 - "AuthenTec,Inc.")
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Balíček ovladače systému Windows - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2009 8.5.0.251) (HKLM\...\815EB4ED418166EC2BBE3A39EAC38C74AE911A8C) (Version: 07/02/2009 8.5.0.251 - AuthenTec Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.224 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
ESET Smart Security Premium (HKLM\...\{9FD38E7D-4EEC-4057-9D3A-2C48C91D0C12}) (Version: 10.0.369.1 - ESET, spol. s r.o.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: - )
Foxit PDF Editor 2.0 Build 1011 + Patch version for Windows (HKLM-x32\...\{BA30BA25-3C41-FFFD-B067-1515F4EAC738}_is1) (Version: for Windows - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Internet Manager (HKLM\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 cs)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Program version 1.5 (HKLM-x32\...\{11C0B447-2D00-4891-B686-367E63EDAC63}_is1) (Version: 1.5 - My Company, Inc.)
Nero Burning ROM 2014 (HKLM-x32\...\{B0E4ACBC-4CFA-4B6D-9B7B-E13C171BCC23}) (Version: 15.0.05300 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Registrace uživatele zařízení Canon MG3500 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG3500 series) (Version: - Canon Inc.)
RICOH Media Driver ver.2.07.01.00 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
save2pc 5.44 (HKLM-x32\...\save2pc_is1) (Version: - FDRLab, Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.127 - PandoraTV)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2426440832-341668823-1581636725-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2426440832-341668823-1581636725-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Eliška\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {076A80B0-8DC0-4244-BE78-1C9186EE4654} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22] (Oracle Corporation)
Task: {1A2FD1BD-1D02-4095-BD93-32E752B9E2BD} - System32\Tasks\{05A4A8B2-B57B-4AA8-B68A-29A7B53217B9} => pcalua.exe -a C:\Users\Eliška\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {288620B5-354D-46D1-A05D-5B1F27257232} - System32\Tasks\{993806C8-B561-44E4-B466-C1068D20A484} => pcalua.exe -a "C:\Program Files (x86)\TubeSaver-1\Uninstall.exe" -c /fromcontrolpanel=1
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {31D0C88D-115A-4D7D-B3EB-FEF58B302DF1} - System32\Tasks\{3BBE9C39-A751-4314-8BF5-D2E6561EA6F1} => pcalua.exe -a C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4\ScannerWizard.exe -d C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4
Task: {4461739E-AB82-43F3-974A-6D232DFC2C9C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4 => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4AD3A0A2-7876-4CB1-9A0D-48BD6AD4087A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-19] (Adobe Systems Incorporated)
Task: {50901F1D-939F-4002-8B74-74930E685CA2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {56ADCC3F-5D3D-48F0-8DE3-D34C4C9D5559} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-29] (Facebook Inc.)
Task: {5B837D10-68F3-4D5A-8CDB-6B8478C83914} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {7570F405-69D1-48D1-B3FE-4857EFEB9B1C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {865D5A61-188C-47F6-9640-ECFD0FB81175} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)
Task: {949D3DC8-9FEE-4B4C-8AF2-AA1F487F93F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A33F57FD-FC30-4274-A695-2E7963A56365} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-29] (Facebook Inc.)
Task: {A7F72BA3-C4E8-47B3-8042-B507D4D5F1AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {ADA5A295-A151-44E8-B18A-EC1E90586FBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B2859F79-E28B-472C-A6CF-199CF67FAC30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C12C4841-312E-47A3-9B13-BC4076B1CB8E} - System32\Tasks\{B523F393-A29A-469A-85C2-320DBBFAB1A4} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/cs/abandoninstall?page=tsMain
Task: {C855205F-3F08-46DF-9BB6-1DB110C9D81F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46 => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CD3DF530-E3EA-4D99-9E78-F5EA6575C4B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-01] (Adobe Systems Incorporated)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E2CD6A62-A116-4230-88F7-DAD8A93AD26B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EF70D17C-2E6C-4A23-AB38-8CD02E591545} - System32\Tasks\Google Updater and Installer => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EFE554F8-5220-462E-8F18-30E9B03E59E3} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-01] (Adobe Systems Incorporated)
Task: {F2BF26DB-5BB5-4127-854F-348E3CCDFAB7} - System32\Tasks\{38177F14-8DEA-48AB-ACAA-D6717578CE04} => Chrome.exe hxxp://ui.skype.com/ui/0/6.20.0.104/cs/abandoninstall?page=tsMain
Task: {F8143C17-D7BC-43CA-AC63-099CC1FC14C5} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-11-10 09:58 - 2008-11-17 07:29 - 00032768 _____ () C:\Windows\System32\WLTRYSVC.EXE
2015-11-10 09:58 - 2008-11-17 07:29 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-11-08 22:30 - 2014-11-08 22:30 - 00124248 _____ () C:\Program Files (x86)\DivX\DivX Player\DPXIconHandler.dll
2012-01-27 15:43 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-08-09 15:37 - 2012-05-23 09:38 - 00221552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe
2016-01-06 17:41 - 2016-01-06 17:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-09-28 17:25 - 2016-09-28 17:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2013-08-09 15:37 - 2012-05-23 09:38 - 00037232 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\db_daemon.exe
2013-08-09 15:37 - 2011-05-06 04:03 - 00594944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\dbus-1.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00099840 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\itapi.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00027648 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\log.dll
2013-08-09 15:37 - 2010-10-14 10:37 - 00971776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libxml2.dll
2013-08-09 15:37 - 2010-10-14 10:37 - 00080688 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\zlib1.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00058880 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\coder.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00043520 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\audio.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00036352 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libConfig.dll
2013-08-09 15:37 - 2012-05-23 09:34 - 00021504 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libctlsvr.dll
2013-08-09 15:37 - 2011-12-26 08:41 - 00090624 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\CaptureCrash.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-08-09 15:37 - 2007-09-09 16:07 - 00151552 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\libexpat.dll
2013-08-09 15:37 - 2011-05-06 04:02 - 00341504 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_Z\Bin\sqlite3.dll
2016-11-14 23:53 - 2016-11-08 21:29 - 01819240 _____ () C:\Users\Eliška\AppData\Local\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 23:53 - 2016-11-08 21:29 - 00093288 _____ () C:\Users\Eliška\AppData\Local\Google\Chrome\Application\54.0.2840.99\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-11-13 14:30 - 00000921 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Google Update => "C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{45256570-A8CD-4216-A759-FB9363CDD6E1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{72AC8E75-B99E-44F2-ABFA-AD9366160C3C}C:\users\eliška\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\eliška\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{4BB66A68-47B9-46A9-90C5-7BDA5A2907E8}C:\users\eliška\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\eliška\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{54D0DC84-EAFF-4BDB-B813-06E9EC33DD52}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{33F9AF70-4E47-47CB-B8D4-FA1E73773247}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [TCP Query User{511CBFD0-C27E-4D6A-A995-E6CDA0478C28}E:\skype\phone\skype.exe] => (Block) E:\skype\phone\skype.exe
FirewallRules: [UDP Query User{ADB0BC86-9020-4BB7-9C2B-F73488BA0149}E:\skype\phone\skype.exe] => (Block) E:\skype\phone\skype.exe
FirewallRules: [{0D43A994-54A1-4C3B-8099-E92217BA5D35}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{F295CA76-26E4-4ABD-AB00-F7F97D6AAC05}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{A88F2FDE-B95C-4A42-9FD6-7DEF034D37D4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{E8EBC84A-A62F-4E51-8CE5-38D7EF651879}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{8B1A6AA0-7F71-42D2-9AFF-4F2300D61433}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [UDP Query User{665AF446-3CC1-4409-972E-D1B07242AFBC}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [TCP Query User{FF4C2287-5314-4F78-9DF9-EE1A5D3962ED}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [UDP Query User{43520E64-DC70-4ABD-8615-5820EABFD3F8}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [TCP Query User{7E2EF2A1-C078-42D6-BAEE-6EF2BB1B64CF}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [UDP Query User{12C62AE4-7157-4980-8D16-558AB29F6D57}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe
FirewallRules: [{1651DBAA-47AE-44B4-9002-15C3F684CB2E}] => (Allow) C:\Users\Eliška\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{191472B7-0619-4E67-A5A7-561F5FEAD024}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe
FirewallRules: [UDP Query User{D017F3D1-1DAD-4462-A4E0-8F2A4680388C}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe
FirewallRules: [{1893C48A-F7C5-481D-A362-FB8EE5F48111}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2879891B-F842-4353-91D5-AD56632F5ED2}] => (Allow) LPort=2869
FirewallRules: [{9A5C4298-AB99-4F32-8880-40B1FE6B6178}] => (Allow) LPort=1900
FirewallRules: [{8CF901A8-3691-421B-8824-F000F9EA045D}] => (Allow) C:\Users\Eliška\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{8055DCCC-E528-4952-BF7A-C64F59EFE3C5}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
FirewallRules: [UDP Query User{46E9FEF9-9E62-492F-B67E-64412EE8EB79}C:\users\eliška\desktop\zástupci\skype\phone\skype.exe] => (Block) C:\users\eliška\desktop\zástupci\skype\phone\skype.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/15/2016 04:11:54 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
Error: (11/15/2016 04:11:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9
Error: (11/14/2016 11:34:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (1960) Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error: (11/14/2016 11:27:29 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
Error: (11/14/2016 11:27:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9
Error: (11/14/2016 01:54:31 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5588) testing: Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error: (11/14/2016 01:54:21 AM) (Source: ESENT) (EventID: 490) (User: )
Description: CCleaner64 (5588) testing: Pokus o otevření souboru C:\Users\Eliška\AppData\Local\Microsoft\Windows\WebCache\V01.log pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).
Error: (11/14/2016 12:45:21 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
Error: (11/14/2016 12:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9
Error: (11/14/2016 12:03:24 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.
System errors:
=============
Error: (11/15/2016 04:14:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (11/15/2016 04:14:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).
Error: (11/15/2016 04:10:54 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (11/15/2016 04:10:54 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (11/15/2016 04:04:51 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
Instance této služby je již spuštěna.
Error: (11/15/2016 04:04:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Nero Update byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (11/15/2016 04:04:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (11/15/2016 04:04:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (11/15/2016 04:04:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (11/15/2016 04:04:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Live ID Sign-in Assistant byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.
CodeIntegrity:
===================================
Date: 2016-11-15 17:57:04.488
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 16:11:44.325
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 16:04:14.115
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 15:36:03.323
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 12:56:46.067
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 10:44:59.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 05:41:02.207
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 00:19:38.902
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-15 00:00:33.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-14 23:35:28.787
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 55%
Total physical RAM: 4090.89 MB
Available physical RAM: 1800.33 MB
Total Virtual: 8179.96 MB
Available Virtual: 5429.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:138.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CreateRestorePoint: CloseProcesses: HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2012-01-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs" <===== ATTENTION HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [final] => wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs" <===== ATTENTION HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: {bd882beb-58b4-11e1-8791-0021708ebe22} - E:\Startme.exe HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: {ed360ca6-c762-11e2-a782-0021708ebe22} - E:\AutoRun.exe Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] () SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = CMD: type "C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\user.js" FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File] CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MAC1628CD-353A-411E-8393-B271458EE190&SearchSource=55&CUI=&UM=8&UP=SP60644ED1-12A6-403B-A81D-4922FB0FC1E9&D=040715&SSPV=" File: C:\Windows\System32\bcmwltry.exe S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S1 ewudvwsr; \??\C:\Windows\system32\drivers\ewudvwsr.sys [X] S3 Huawei; system32\DRIVERS\ewdcsc.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S1 jmokswes; \??\C:\Windows\system32\drivers\jmokswes.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] 2016-11-15 15:36 - 2016-11-15 16:05 - 00000000 ____D C:\AdwCleaner 2016-11-15 15:32 - 2016-11-15 15:33 - 03910208 _____ C:\Users\Eliška\Desktop\adwcleaner_6.030.exe 2016-11-15 12:57 - 2016-11-15 12:57 - 00000000 ____D C:\rsit 2016-11-15 12:57 - 2016-11-15 12:57 - 00000000 ____D C:\Program Files\trend micro 2016-11-15 12:56 - 2016-11-15 12:56 - 01323520 _____ C:\Users\Eliška\Downloads\RSITx64.exe 2016-11-13 14:07 - 2016-11-13 14:08 - 09060217 _____ C:\Users\Eliška\Downloads\Win-7-activator.rar Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program Folder: C:\Program Files (x86)\My Program 2016-11-13 12:41 - 2016-11-13 12:41 - 01903757 _____ C:\Users\Eliška\Downloads\patch-Windows-7-Activator---KMSpico.2016.rar Task: {1A2FD1BD-1D02-4095-BD93-32E752B9E2BD} - System32\Tasks\{05A4A8B2-B57B-4AA8-B68A-29A7B53217B9} => pcalua.exe -a C:\Users\Eliška\AppData\Roaming\Seznam.cz\szninstall.exe -c -X Task: {288620B5-354D-46D1-A05D-5B1F27257232} - System32\Tasks\{993806C8-B561-44E4-B466-C1068D20A484} => pcalua.exe -a "C:\Program Files (x86)\TubeSaver-1\Uninstall.exe" -c /fromcontrolpanel=1 Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {31D0C88D-115A-4D7D-B3EB-FEF58B302DF1} - System32\Tasks\{3BBE9C39-A751-4314-8BF5-D2E6561EA6F1} => pcalua.exe -a C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4\ScannerWizard.exe -d C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4 Task: {50901F1D-939F-4002-8B74-74930E685CA2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {5B837D10-68F3-4D5A-8CDB-6B8478C83914} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {F8143C17-D7BC-43CA-AC63-099CC1FC14C5} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe <==== ATTENTION Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe <==== ATTENTION Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe CMD: dir "C:\PROGRA~1" CMD: dir "C:\PROGRA~2" CMD: dir "C:\PROGRA~3" CMD: dir "%localappdata%" CMD: dir "%appdata%" Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
zde je fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Eliška (15-11-2016 18:38:45) Run:1
Running from C:\Users\Eliška\Desktop
Loaded Profiles: Eliška (Available Profiles: Eliška)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2012-01-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [final] => wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: {bd882beb-58b4-11e1-8791-0021708ebe22} - E:\Startme.exe
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: {ed360ca6-c762-11e2-a782-0021708ebe22} - E:\AutoRun.exe
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
CMD: type "C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\user.js"
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid ... 0715&SSPV="
File: C:\Windows\System32\bcmwltry.exe
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 ewudvwsr; \??\C:\Windows\system32\drivers\ewudvwsr.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S1 jmokswes; \??\C:\Windows\system32\drivers\jmokswes.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2016-11-15 15:36 - 2016-11-15 16:05 - 00000000 ____D C:\AdwCleaner
2016-11-15 15:32 - 2016-11-15 15:33 - 03910208 _____ C:\Users\Eliška\Desktop\adwcleaner_6.030.exe
2016-11-15 12:57 - 2016-11-15 12:57 - 00000000 ____D C:\rsit
2016-11-15 12:57 - 2016-11-15 12:57 - 00000000 ____D C:\Program Files\trend micro
2016-11-15 12:56 - 2016-11-15 12:56 - 01323520 _____ C:\Users\Eliška\Downloads\RSITx64.exe
2016-11-13 14:07 - 2016-11-13 14:08 - 09060217 _____ C:\Users\Eliška\Downloads\Win-7-activator.rar
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
Folder: C:\Program Files (x86)\My Program
2016-11-13 12:41 - 2016-11-13 12:41 - 01903757 _____ C:\Users\Eliška\Downloads\patch-Windows-7-Activator---KMSpico.2016.rar
Task: {1A2FD1BD-1D02-4095-BD93-32E752B9E2BD} - System32\Tasks\{05A4A8B2-B57B-4AA8-B68A-29A7B53217B9} => pcalua.exe -a C:\Users\Eliška\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {288620B5-354D-46D1-A05D-5B1F27257232} - System32\Tasks\{993806C8-B561-44E4-B466-C1068D20A484} => pcalua.exe -a "C:\Program Files (x86)\TubeSaver-1\Uninstall.exe" -c /fromcontrolpanel=1
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {31D0C88D-115A-4D7D-B3EB-FEF58B302DF1} - System32\Tasks\{3BBE9C39-A751-4314-8BF5-D2E6561EA6F1} => pcalua.exe -a C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4\ScannerWizard.exe -d C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4
Task: {50901F1D-939F-4002-8B74-74930E685CA2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {5B837D10-68F3-4D5A-8CDB-6B8478C83914} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {F8143C17-D7BC-43CA-AC63-099CC1FC14C5} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
"HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd882beb-58b4-11e1-8791-0021708ebe22}" => key removed successfully
HKCR\CLSID\{bd882beb-58b4-11e1-8791-0021708ebe22} => key not found.
"HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed360ca6-c762-11e2-a782-0021708ebe22}" => key removed successfully
HKCR\CLSID\{ed360ca6-c762-11e2-a782-0021708ebe22} => key not found.
C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs => moved successfully
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
========= type "C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\user.js" =========
========= End of CMD: =========
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
Chrome StartupUrls => removed successfully
========================= File: C:\Windows\System32\bcmwltry.exe ========================
File not signed
MD5: AB88E3A8743893F6B8514C0F876441BD
Creation and modification date: 2015-11-10 09:58 - 2008-11-17 07:29
Size: 3051520
Attributes: ----A
Company Name: Dell Inc.
Internal Name: bcmwltry.exe
Original Name: bcmwltry.exe
Product: Dell Wireless WLAN Card Wireless Network Controller
Description: Dell Wireless WLAN Card Wireless Network Controller
File Version: 5.10.38.30
Product Version: 5.10.38.30
Copyright: 1998-2008, Dell Inc. All Rights Reserved.
====== End of File: ======
dgderdrv => service removed successfully
ewudvwsr => service removed successfully
Huawei => service removed successfully
hwdatacard => service removed successfully
hwusbdev => service removed successfully
jmokswes => service removed successfully
massfilter => service removed successfully
ZTEusbmdm6k => service removed successfully
ZTEusbnmea => service removed successfully
ZTEusbser6k => service removed successfully
C:\AdwCleaner => moved successfully
C:\Users\Eliška\Desktop\adwcleaner_6.030.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Eliška\Downloads\RSITx64.exe => moved successfully
C:\Users\Eliška\Downloads\Win-7-activator.rar => moved successfully
========================= Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program ========================
2016-11-13 12:42 - 2016-11-13 14:03 - 0000049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program\My Program on the Web.url
2016-11-13 12:42 - 2016-11-13 20:46 - 0001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program\My Program.lnk
2016-11-13 12:42 - 2016-11-13 20:46 - 0001039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program\Uninstall My Program.lnk
====== End of Folder: ======
========================= Folder: C:\Program Files (x86)\My Program ========================
2016-11-13 12:42 - 2016-07-16 14:42 - 0827392 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\adtschema.dll
2016-11-13 12:42 - 2016-07-16 14:42 - 0482392 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\advapi32.dll
2016-11-13 12:42 - 2016-07-16 14:43 - 0002560 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\advapi32res.dll
2016-11-13 12:42 - 2016-07-16 14:42 - 0112640 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\advpack.dll
2016-11-13 12:42 - 2016-07-16 14:43 - 0030208 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\aeevts.dll
2016-11-13 12:42 - 2016-10-15 07:26 - 4673304 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\explorer.exe
2016-11-13 12:42 - 2016-11-01 20:49 - 0054213 _____ () C:\Program Files (x86)\My Program\final.vbs
2016-11-13 12:42 - 2016-11-13 14:03 - 0005171 _____ () C:\Program Files (x86)\My Program\unins000.dat
2016-11-13 14:03 - 2016-11-13 14:03 - 0758437 _____ () C:\Program Files (x86)\My Program\unins000.exe
====== End of Folder: ======
C:\Users\Eliška\Downloads\patch-Windows-7-Activator---KMSpico.2016.rar => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A2FD1BD-1D02-4095-BD93-32E752B9E2BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A2FD1BD-1D02-4095-BD93-32E752B9E2BD}" => key removed successfully
C:\Windows\System32\Tasks\{05A4A8B2-B57B-4AA8-B68A-29A7B53217B9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{05A4A8B2-B57B-4AA8-B68A-29A7B53217B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{288620B5-354D-46D1-A05D-5B1F27257232}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{288620B5-354D-46D1-A05D-5B1F27257232}" => key removed successfully
C:\Windows\System32\Tasks\{993806C8-B561-44E4-B466-C1068D20A484} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{993806C8-B561-44E4-B466-C1068D20A484}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31D0C88D-115A-4D7D-B3EB-FEF58B302DF1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31D0C88D-115A-4D7D-B3EB-FEF58B302DF1}" => key removed successfully
C:\Windows\System32\Tasks\{3BBE9C39-A751-4314-8BF5-D2E6561EA6F1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BBE9C39-A751-4314-8BF5-D2E6561EA6F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50901F1D-939F-4002-8B74-74930E685CA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50901F1D-939F-4002-8B74-74930E685CA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B837D10-68F3-4D5A-8CDB-6B8478C83914}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B837D10-68F3-4D5A-8CDB-6B8478C83914}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8143C17-D7BC-43CA-AC63-099CC1FC14C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8143C17-D7BC-43CA-AC63-099CC1FC14C5}" => key removed successfully
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46.job => moved successfully
========= dir "C:\PROGRA~1" =========
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE12-FDDD.
Věpis adres ýe C:\PROGRA~1
15.11.2016 18:39 <DIR> .
15.11.2016 18:39 <DIR> ..
27.01.2012 16:24 <DIR> Adobe
16.04.2015 12:37 <DIR> Canon
14.11.2016 01:46 <DIR> CCleaner
23.05.2016 22:55 <DIR> Common Files
10.11.2015 09:58 <DIR> Dell
24.01.2012 16:16 <DIR> DellTPad
24.01.2012 16:17 <DIR> DIFX
14.09.2014 15:58 <DIR> DivX
25.01.2012 15:22 <DIR> DVD Maker
15.11.2016 00:16 <DIR> ESET
28.05.2014 16:27 <DIR> Foxit Software
06.10.2014 19:54 <DIR> GIMP 2
27.01.2012 21:21 <DIR> HP
18.09.2016 08:41 <DIR> Internet Explorer
14.07.2009 16:37 <DIR> Microsoft Games
24.01.2012 17:57 <DIR> Microsoft Office
14.07.2009 06:32 <DIR> MSBuild
14.07.2009 06:32 <DIR> Reference Assemblies
09.06.2014 00:17 <DIR> SAMSUNG
21.10.2011 21:57 21˙073˙936 vlc-1.1.11-win32.exe
08.08.2013 07:32 <DIR> Windows Defender
26.05.2016 09:33 <DIR> Windows Journal
25.01.2012 15:22 <DIR> Windows Mail
10.03.2016 18:03 <DIR> Windows Media Player
24.01.2012 15:59 <DIR> Windows NT
25.01.2012 15:22 <DIR> Windows Photo Viewer
25.01.2012 15:22 <DIR> Windows Portable Devices
25.01.2012 15:22 <DIR> Windows Sidebar
10.02.2016 17:59 <DIR> WinPcap
Soubor…: 1, Bajt…: 21˙073˙936
Adres ý…: 30, Volněch bajt…: 148˙345˙008˙128
========= End of CMD: =========
========= dir "C:\PROGRA~2" =========
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE12-FDDD.
Věpis adres ýe C:\PROGRA~2
15.11.2016 16:05 <DIR> .
15.11.2016 16:05 <DIR> ..
13.04.2015 09:04 <DIR> Adobe
27.01.2012 16:20 <DIR> Adobe Media Player
11.05.2013 21:27 <DIR> AVS4YOU
16.04.2015 12:42 <DIR> Canon
10.11.2015 10:02 <DIR> Cisco
23.05.2016 22:55 <DIR> Common Files
23.03.2015 20:43 <DIR> DivX
25.11.2015 23:23 <DIR> FDRLab
24.01.2012 16:17 <DIR> Fingerprint Sensor
06.06.2014 22:32 <DIR> Foxit PDF Editor 2.0 Build 1011 + Patch
10.02.2016 17:58 <DIR> Freemake
13.12.2013 23:48 <DIR> Google
27.01.2012 20:35 <DIR> Hewlett-Packard
18.09.2016 08:40 <DIR> Internet Explorer
14.11.2016 23:39 <DIR> Java
04.07.2014 16:05 <DIR> JDownloader
13.11.2016 20:15 <DIR> Malwarebytes Anti-Malware
09.06.2014 00:11 <DIR> MarkAny
04.02.2012 20:20 <DIR> Microsoft Office
08.01.2016 00:16 <DIR> Microsoft SQL Server Compact Edition
24.01.2012 17:59 <DIR> Microsoft Visual Studio
24.01.2012 17:57 <DIR> Microsoft Visual Studio 8
26.01.2012 12:15 <DIR> Microsoft Works
23.05.2016 22:55 <DIR> Microsoft.NET
19.03.2016 23:33 <DIR> Movie Maker 2.6
20.06.2014 14:27 <DIR> Mozilla Firefox
05.07.2014 00:31 <DIR> Mozilla Maintenance Service
23.05.2016 22:55 <DIR> MSBuild
27.03.2012 13:20 <DIR> MSXML 4.0
13.11.2016 14:03 <DIR> My Program
05.07.2014 07:54 <DIR> Nero
25.01.2014 20:23 <DIR> Pinnacle
08.08.2013 09:15 <DIR> QuickTime
14.07.2009 06:32 <DIR> Reference Assemblies
09.06.2014 00:15 <DIR> SAMSUNG
28.10.2016 01:47 <DIR> Skype
09.08.2013 15:37 <DIR> T-Mobile
06.05.2012 15:23 <DIR> TeamViewer
14.09.2014 12:39 <DIR> The KMPlayer
03.02.2012 20:18 <DIR> VideoLAN
08.08.2013 07:32 <DIR> Windows Defender
08.01.2016 00:16 <DIR> Windows Live
25.01.2012 15:22 <DIR> Windows Mail
10.03.2016 18:03 <DIR> Windows Media Player
14.07.2009 06:32 <DIR> Windows NT
25.01.2012 15:22 <DIR> Windows Photo Viewer
25.01.2012 15:22 <DIR> Windows Portable Devices
25.01.2012 15:22 <DIR> Windows Sidebar
27.01.2012 15:43 <DIR> WinRAR
Soubor…: 0, Bajt…: 0
Adres ý…: 51, Volněch bajt…: 148˙345˙004˙032
========= End of CMD: =========
========= dir "C:\PROGRA~3" =========
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE12-FDDD.
Věpis adres ýe C:\PROGRA~3
18.06.2014 10:42 <DIR> Adobe
03.02.2012 20:24 <DIR> Apple
08.08.2013 09:15 <DIR> Apple Computer
24.07.2016 00:54 <DIR> ArcSoft
16.04.2015 12:41 <DIR> CanonIJWSpt
03.07.2014 07:17 <DIR> DAEMON Tools Lite
23.03.2015 20:43 <DIR> DivX
15.11.2016 00:16 <DIR> ESET
10.02.2016 17:59 <DIR> Freemake
13.11.2016 20:15 <DIR> Malwarebytes
14.08.2012 10:49 <DIR> McAfee
29.08.2013 21:30 <DIR> MetaQuotes
18.09.2016 08:24 <DIR> Microsoft Help
22.10.2012 13:01 <DIR> Mozilla
05.07.2014 07:54 <DIR> Nero
14.11.2016 23:41 <DIR> Oracle
15.01.2016 18:15 <DIR> Package Cache
25.01.2014 20:20 <DIR> Pinnacle
27.01.2012 16:05 <DIR> Pinnacle Studio Ultimate Collection
27.01.2012 16:28 <DIR> regid.1986-12.com.adobe
08.06.2014 23:38 <DIR> Samsung
22.01.2014 19:36 <DIR> ScanSoft
01.05.2015 14:10 <DIR> Skype
21.02.2012 13:42 <DIR> Sun
23.03.2015 20:45 <DIR> TuneUp Software
16.06.2012 18:34 <DIR> Zoner
Soubor…: 0, Bajt…: 0
Adres ý…: 26, Volněch bajt…: 148˙345˙004˙032
========= End of CMD: =========
========= dir "%localappdata%" =========
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE12-FDDD.
Věpis adres ýe C:\Users\Eliçka\AppData\Local
15.11.2016 16:05 <DIR> .
15.11.2016 16:05 <DIR> ..
06.11.2015 00:28 <DIR> Adobe
03.02.2012 20:24 <DIR> Apple
08.08.2013 17:33 <DIR> Apple Computer
07.07.2014 13:06 <DIR> Apps
06.11.2015 00:55 <DIR> ArcSoft
13.02.2014 18:00 <DIR> cache
14.11.2016 01:54 <DIR> CrashDumps
02.07.2016 21:45 3˙584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
23.10.2016 15:21 <DIR> Diagnostics
08.06.2014 23:19 <DIR> Downloaded Installations
25.08.2015 20:45 <DIR> ElevatedDiagnostics
15.11.2016 00:30 <DIR> ESET
29.06.2013 10:40 <DIR> Facebook
07.10.2014 13:03 <DIR> fontconfig
23.05.2016 22:11 141˙000 GDIPFONTCACHEV1.DAT
07.10.2014 13:01 <DIR> gegl-0.2
16.09.2013 01:15 <DIR> GHISLER
28.10.2016 21:53 <DIR> Google
06.11.2015 00:39 <DIR> gtk-2.0
03.06.2015 11:38 <DIR> GWX
30.05.2014 13:28 <DIR> Macromedia
23.05.2016 22:56 <DIR> Microsoft
31.01.2012 14:18 <DIR> Microsoft Games
19.05.2013 16:33 <DIR> Microsoft Help
07.06.2014 22:37 <DIR> Mozilla
27.01.2012 16:05 <DIR> Pinnacle
15.09.2013 16:08 <DIR> Programs
04.03.2015 16:50 849 recently-used.xbel
09.06.2014 00:09 <DIR> Samsung
05.04.2014 13:02 <DIR> Skype
23.02.2012 12:16 <DIR> Sony
15.11.2016 18:39 <DIR> Temp
23.03.2015 20:48 <DIR> TuneUp Software
07.04.2012 18:53 <DIR> VirtualStore
27.01.2012 20:33 <DIR> VS Revo Group
04.03.2015 17:01 <DIR> webkit
10.01.2016 13:55 <DIR> Windows Live
19.03.2016 23:49 <DIR> WMTools Downloaded Files
16.06.2012 18:34 <DIR> Zoner
Soubor…: 3, Bajt…: 145˙433
Adres ý…: 38, Volněch bajt…: 148˙344˙999˙936
========= End of CMD: =========
========= dir "%appdata%" =========
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE12-FDDD.
Věpis adres ýe C:\Users\Eliçka\AppData\Roaming
15.11.2016 16:05 <DIR> .
15.11.2016 16:05 <DIR> ..
05.05.2015 10:30 <DIR> Adobe
12.03.2012 20:37 <DIR> Adobe Mini Bridge CS5
04.02.2012 15:30 <DIR> Apple Computer
06.11.2015 00:54 <DIR> ArcSoft
04.08.2012 14:54 <DIR> AVS4YOU
21.05.2015 15:10 <DIR> Canon
20.04.2013 12:21 <DIR> chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
22.04.2015 06:44 <DIR> DAEMON Tools Lite
14.09.2014 16:02 <DIR> DivX
21.04.2013 13:49 <DIR> dvdcss
24.01.2012 20:04 <DIR> ESET
25.01.2014 20:59 <DIR> GHISLER
25.04.2016 08:16 <DIR> Identities
10.11.2015 09:58 <DIR> InstallShield
21.04.2013 17:36 <DIR> Intelli-studio
09.08.2013 15:41 <DIR> InternetManager_Z
24.01.2012 16:11 <DIR> Macromedia
14.07.2009 16:36 <DIR> Media Center Programs
06.05.2012 15:47 <DIR> Media Player Classic
24.01.2012 16:09 <DIR> Mozilla
04.07.2014 15:37 <DIR> Nero
27.03.2012 14:11 <DIR> Outlook
15.09.2013 16:58 <DIR> PSpad
08.06.2014 23:07 <DIR> Samsung
22.01.2014 19:36 <DIR> ScanSoft
07.06.2014 22:12 <DIR> Seznam.cz
31.10.2016 23:24 <DIR> Skype
23.02.2012 12:15 <DIR> Sony
12.03.2012 20:37 <DIR> StageManager.BD092818F67280F4B42B04877600987F0111B594.1
10.02.2016 22:59 <DIR> Sun
27.01.2012 15:41 <DIR> TeamViewer
23.03.2015 20:48 <DIR> TuneUp Software
13.04.2015 09:04 <DIR> uTorrent
02.09.2016 01:27 <DIR> vlc
21.05.2016 08:36 250 WB.CFG
27.01.2012 15:43 <DIR> WinRAR
01.07.2012 21:03 <DIR> Zoner
Soubor…: 1, Bajt…: 250
Adres ý…: 38, Volněch bajt…: 148˙344˙999˙936
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14493978 B
Java, Flash, Steam htmlcache => 18852 B
Windows/system/drivers => 6772622 B
Edge => 0 B
Chrome => 94609164 B
Firefox => 100574671 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 118568 B
systemprofile32 => 210685 B
LocalService => 6610680 B
NetworkService => 31536039 B
Eliška => 99452557 B
RecycleBin => 0 B
EmptyTemp: => 350 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 18:39:51 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Eliška (15-11-2016 18:38:45) Run:1
Running from C:\Users\Eliška\Desktop
Loaded Profiles: Eliška (Available Profiles: Eliška)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2012-01-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [final] => wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\Run: [final] => wscript.exe //B "C:\Users\ELIKA~1\AppData\Local\Temp\final.vbs" <===== ATTENTION
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: {bd882beb-58b4-11e1-8791-0021708ebe22} - E:\Startme.exe
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\...\MountPoints2: {ed360ca6-c762-11e2-a782-0021708ebe22} - E:\AutoRun.exe
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs [2016-11-01] ()
SearchScopes: HKU\S-1-5-21-2426440832-341668823-1581636725-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
CMD: type "C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\user.js"
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid ... 0715&SSPV="
File: C:\Windows\System32\bcmwltry.exe
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 ewudvwsr; \??\C:\Windows\system32\drivers\ewudvwsr.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S1 jmokswes; \??\C:\Windows\system32\drivers\jmokswes.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2016-11-15 15:36 - 2016-11-15 16:05 - 00000000 ____D C:\AdwCleaner
2016-11-15 15:32 - 2016-11-15 15:33 - 03910208 _____ C:\Users\Eliška\Desktop\adwcleaner_6.030.exe
2016-11-15 12:57 - 2016-11-15 12:57 - 00000000 ____D C:\rsit
2016-11-15 12:57 - 2016-11-15 12:57 - 00000000 ____D C:\Program Files\trend micro
2016-11-15 12:56 - 2016-11-15 12:56 - 01323520 _____ C:\Users\Eliška\Downloads\RSITx64.exe
2016-11-13 14:07 - 2016-11-13 14:08 - 09060217 _____ C:\Users\Eliška\Downloads\Win-7-activator.rar
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program
Folder: C:\Program Files (x86)\My Program
2016-11-13 12:41 - 2016-11-13 12:41 - 01903757 _____ C:\Users\Eliška\Downloads\patch-Windows-7-Activator---KMSpico.2016.rar
Task: {1A2FD1BD-1D02-4095-BD93-32E752B9E2BD} - System32\Tasks\{05A4A8B2-B57B-4AA8-B68A-29A7B53217B9} => pcalua.exe -a C:\Users\Eliška\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: {288620B5-354D-46D1-A05D-5B1F27257232} - System32\Tasks\{993806C8-B561-44E4-B466-C1068D20A484} => pcalua.exe -a "C:\Program Files (x86)\TubeSaver-1\Uninstall.exe" -c /fromcontrolpanel=1
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {31D0C88D-115A-4D7D-B3EB-FEF58B302DF1} - System32\Tasks\{3BBE9C39-A751-4314-8BF5-D2E6561EA6F1} => pcalua.exe -a C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4\ScannerWizard.exe -d C:\Users\Eliška\Desktop\zástupci\ScanSoft\OmniPageSE4
Task: {50901F1D-939F-4002-8B74-74930E685CA2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {5B837D10-68F3-4D5A-8CDB-6B8478C83914} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {F8143C17-D7BC-43CA-AC63-099CC1FC14C5} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3E855197-BBF8-45D0-B566-F188F097D319}.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => C:\Users\Eliška\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46.job => C:\Users\Eliška\AppData\Local\Google\Update\GoogleUpdate.exe
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\Software\Microsoft\Windows\CurrentVersion\Run\\final => value removed successfully
"HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd882beb-58b4-11e1-8791-0021708ebe22}" => key removed successfully
HKCR\CLSID\{bd882beb-58b4-11e1-8791-0021708ebe22} => key not found.
"HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed360ca6-c762-11e2-a782-0021708ebe22}" => key removed successfully
HKCR\CLSID\{ed360ca6-c762-11e2-a782-0021708ebe22} => key not found.
C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\final.vbs => moved successfully
HKU\S-1-5-21-2426440832-341668823-1581636725-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
========= type "C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\3w1zlmmx.default\user.js" =========
========= End of CMD: =========
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
Chrome StartupUrls => removed successfully
========================= File: C:\Windows\System32\bcmwltry.exe ========================
File not signed
MD5: AB88E3A8743893F6B8514C0F876441BD
Creation and modification date: 2015-11-10 09:58 - 2008-11-17 07:29
Size: 3051520
Attributes: ----A
Company Name: Dell Inc.
Internal Name: bcmwltry.exe
Original Name: bcmwltry.exe
Product: Dell Wireless WLAN Card Wireless Network Controller
Description: Dell Wireless WLAN Card Wireless Network Controller
File Version: 5.10.38.30
Product Version: 5.10.38.30
Copyright: 1998-2008, Dell Inc. All Rights Reserved.
====== End of File: ======
dgderdrv => service removed successfully
ewudvwsr => service removed successfully
Huawei => service removed successfully
hwdatacard => service removed successfully
hwusbdev => service removed successfully
jmokswes => service removed successfully
massfilter => service removed successfully
ZTEusbmdm6k => service removed successfully
ZTEusbnmea => service removed successfully
ZTEusbser6k => service removed successfully
C:\AdwCleaner => moved successfully
C:\Users\Eliška\Desktop\adwcleaner_6.030.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\Eliška\Downloads\RSITx64.exe => moved successfully
C:\Users\Eliška\Downloads\Win-7-activator.rar => moved successfully
========================= Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program ========================
2016-11-13 12:42 - 2016-11-13 14:03 - 0000049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program\My Program on the Web.url
2016-11-13 12:42 - 2016-11-13 20:46 - 0001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program\My Program.lnk
2016-11-13 12:42 - 2016-11-13 20:46 - 0001039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Program\Uninstall My Program.lnk
====== End of Folder: ======
========================= Folder: C:\Program Files (x86)\My Program ========================
2016-11-13 12:42 - 2016-07-16 14:42 - 0827392 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\adtschema.dll
2016-11-13 12:42 - 2016-07-16 14:42 - 0482392 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\advapi32.dll
2016-11-13 12:42 - 2016-07-16 14:43 - 0002560 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\advapi32res.dll
2016-11-13 12:42 - 2016-07-16 14:42 - 0112640 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\advpack.dll
2016-11-13 12:42 - 2016-07-16 14:43 - 0030208 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\aeevts.dll
2016-11-13 12:42 - 2016-10-15 07:26 - 4673304 _____ (Microsoft Corporation) C:\Program Files (x86)\My Program\explorer.exe
2016-11-13 12:42 - 2016-11-01 20:49 - 0054213 _____ () C:\Program Files (x86)\My Program\final.vbs
2016-11-13 12:42 - 2016-11-13 14:03 - 0005171 _____ () C:\Program Files (x86)\My Program\unins000.dat
2016-11-13 14:03 - 2016-11-13 14:03 - 0758437 _____ () C:\Program Files (x86)\My Program\unins000.exe
====== End of Folder: ======
C:\Users\Eliška\Downloads\patch-Windows-7-Activator---KMSpico.2016.rar => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A2FD1BD-1D02-4095-BD93-32E752B9E2BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A2FD1BD-1D02-4095-BD93-32E752B9E2BD}" => key removed successfully
C:\Windows\System32\Tasks\{05A4A8B2-B57B-4AA8-B68A-29A7B53217B9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{05A4A8B2-B57B-4AA8-B68A-29A7B53217B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{288620B5-354D-46D1-A05D-5B1F27257232}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{288620B5-354D-46D1-A05D-5B1F27257232}" => key removed successfully
C:\Windows\System32\Tasks\{993806C8-B561-44E4-B466-C1068D20A484} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{993806C8-B561-44E4-B466-C1068D20A484}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31D0C88D-115A-4D7D-B3EB-FEF58B302DF1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31D0C88D-115A-4D7D-B3EB-FEF58B302DF1}" => key removed successfully
C:\Windows\System32\Tasks\{3BBE9C39-A751-4314-8BF5-D2E6561EA6F1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BBE9C39-A751-4314-8BF5-D2E6561EA6F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50901F1D-939F-4002-8B74-74930E685CA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50901F1D-939F-4002-8B74-74930E685CA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B837D10-68F3-4D5A-8CDB-6B8478C83914}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B837D10-68F3-4D5A-8CDB-6B8478C83914}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8143C17-D7BC-43CA-AC63-099CC1FC14C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8143C17-D7BC-43CA-AC63-099CC1FC14C5}" => key removed successfully
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000Core1d1fe3fe3755df4.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2426440832-341668823-1581636725-1000UA1d1fe3fe3e4ea46.job => moved successfully
========= dir "C:\PROGRA~1" =========
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE12-FDDD.
Věpis adres ýe C:\PROGRA~1
15.11.2016 18:39 <DIR> .
15.11.2016 18:39 <DIR> ..
27.01.2012 16:24 <DIR> Adobe
16.04.2015 12:37 <DIR> Canon
14.11.2016 01:46 <DIR> CCleaner
23.05.2016 22:55 <DIR> Common Files
10.11.2015 09:58 <DIR> Dell
24.01.2012 16:16 <DIR> DellTPad
24.01.2012 16:17 <DIR> DIFX
14.09.2014 15:58 <DIR> DivX
25.01.2012 15:22 <DIR> DVD Maker
15.11.2016 00:16 <DIR> ESET
28.05.2014 16:27 <DIR> Foxit Software
06.10.2014 19:54 <DIR> GIMP 2
27.01.2012 21:21 <DIR> HP
18.09.2016 08:41 <DIR> Internet Explorer
14.07.2009 16:37 <DIR> Microsoft Games
24.01.2012 17:57 <DIR> Microsoft Office
14.07.2009 06:32 <DIR> MSBuild
14.07.2009 06:32 <DIR> Reference Assemblies
09.06.2014 00:17 <DIR> SAMSUNG
21.10.2011 21:57 21˙073˙936 vlc-1.1.11-win32.exe
08.08.2013 07:32 <DIR> Windows Defender
26.05.2016 09:33 <DIR> Windows Journal
25.01.2012 15:22 <DIR> Windows Mail
10.03.2016 18:03 <DIR> Windows Media Player
24.01.2012 15:59 <DIR> Windows NT
25.01.2012 15:22 <DIR> Windows Photo Viewer
25.01.2012 15:22 <DIR> Windows Portable Devices
25.01.2012 15:22 <DIR> Windows Sidebar
10.02.2016 17:59 <DIR> WinPcap
Soubor…: 1, Bajt…: 21˙073˙936
Adres ý…: 30, Volněch bajt…: 148˙345˙008˙128
========= End of CMD: =========
========= dir "C:\PROGRA~2" =========
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE12-FDDD.
Věpis adres ýe C:\PROGRA~2
15.11.2016 16:05 <DIR> .
15.11.2016 16:05 <DIR> ..
13.04.2015 09:04 <DIR> Adobe
27.01.2012 16:20 <DIR> Adobe Media Player
11.05.2013 21:27 <DIR> AVS4YOU
16.04.2015 12:42 <DIR> Canon
10.11.2015 10:02 <DIR> Cisco
23.05.2016 22:55 <DIR> Common Files
23.03.2015 20:43 <DIR> DivX
25.11.2015 23:23 <DIR> FDRLab
24.01.2012 16:17 <DIR> Fingerprint Sensor
06.06.2014 22:32 <DIR> Foxit PDF Editor 2.0 Build 1011 + Patch
10.02.2016 17:58 <DIR> Freemake
13.12.2013 23:48 <DIR> Google
27.01.2012 20:35 <DIR> Hewlett-Packard
18.09.2016 08:40 <DIR> Internet Explorer
14.11.2016 23:39 <DIR> Java
04.07.2014 16:05 <DIR> JDownloader
13.11.2016 20:15 <DIR> Malwarebytes Anti-Malware
09.06.2014 00:11 <DIR> MarkAny
04.02.2012 20:20 <DIR> Microsoft Office
08.01.2016 00:16 <DIR> Microsoft SQL Server Compact Edition
24.01.2012 17:59 <DIR> Microsoft Visual Studio
24.01.2012 17:57 <DIR> Microsoft Visual Studio 8
26.01.2012 12:15 <DIR> Microsoft Works
23.05.2016 22:55 <DIR> Microsoft.NET
19.03.2016 23:33 <DIR> Movie Maker 2.6
20.06.2014 14:27 <DIR> Mozilla Firefox
05.07.2014 00:31 <DIR> Mozilla Maintenance Service
23.05.2016 22:55 <DIR> MSBuild
27.03.2012 13:20 <DIR> MSXML 4.0
13.11.2016 14:03 <DIR> My Program
05.07.2014 07:54 <DIR> Nero
25.01.2014 20:23 <DIR> Pinnacle
08.08.2013 09:15 <DIR> QuickTime
14.07.2009 06:32 <DIR> Reference Assemblies
09.06.2014 00:15 <DIR> SAMSUNG
28.10.2016 01:47 <DIR> Skype
09.08.2013 15:37 <DIR> T-Mobile
06.05.2012 15:23 <DIR> TeamViewer
14.09.2014 12:39 <DIR> The KMPlayer
03.02.2012 20:18 <DIR> VideoLAN
08.08.2013 07:32 <DIR> Windows Defender
08.01.2016 00:16 <DIR> Windows Live
25.01.2012 15:22 <DIR> Windows Mail
10.03.2016 18:03 <DIR> Windows Media Player
14.07.2009 06:32 <DIR> Windows NT
25.01.2012 15:22 <DIR> Windows Photo Viewer
25.01.2012 15:22 <DIR> Windows Portable Devices
25.01.2012 15:22 <DIR> Windows Sidebar
27.01.2012 15:43 <DIR> WinRAR
Soubor…: 0, Bajt…: 0
Adres ý…: 51, Volněch bajt…: 148˙345˙004˙032
========= End of CMD: =========
========= dir "C:\PROGRA~3" =========
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE12-FDDD.
Věpis adres ýe C:\PROGRA~3
18.06.2014 10:42 <DIR> Adobe
03.02.2012 20:24 <DIR> Apple
08.08.2013 09:15 <DIR> Apple Computer
24.07.2016 00:54 <DIR> ArcSoft
16.04.2015 12:41 <DIR> CanonIJWSpt
03.07.2014 07:17 <DIR> DAEMON Tools Lite
23.03.2015 20:43 <DIR> DivX
15.11.2016 00:16 <DIR> ESET
10.02.2016 17:59 <DIR> Freemake
13.11.2016 20:15 <DIR> Malwarebytes
14.08.2012 10:49 <DIR> McAfee
29.08.2013 21:30 <DIR> MetaQuotes
18.09.2016 08:24 <DIR> Microsoft Help
22.10.2012 13:01 <DIR> Mozilla
05.07.2014 07:54 <DIR> Nero
14.11.2016 23:41 <DIR> Oracle
15.01.2016 18:15 <DIR> Package Cache
25.01.2014 20:20 <DIR> Pinnacle
27.01.2012 16:05 <DIR> Pinnacle Studio Ultimate Collection
27.01.2012 16:28 <DIR> regid.1986-12.com.adobe
08.06.2014 23:38 <DIR> Samsung
22.01.2014 19:36 <DIR> ScanSoft
01.05.2015 14:10 <DIR> Skype
21.02.2012 13:42 <DIR> Sun
23.03.2015 20:45 <DIR> TuneUp Software
16.06.2012 18:34 <DIR> Zoner
Soubor…: 0, Bajt…: 0
Adres ý…: 26, Volněch bajt…: 148˙345˙004˙032
========= End of CMD: =========
========= dir "%localappdata%" =========
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE12-FDDD.
Věpis adres ýe C:\Users\Eliçka\AppData\Local
15.11.2016 16:05 <DIR> .
15.11.2016 16:05 <DIR> ..
06.11.2015 00:28 <DIR> Adobe
03.02.2012 20:24 <DIR> Apple
08.08.2013 17:33 <DIR> Apple Computer
07.07.2014 13:06 <DIR> Apps
06.11.2015 00:55 <DIR> ArcSoft
13.02.2014 18:00 <DIR> cache
14.11.2016 01:54 <DIR> CrashDumps
02.07.2016 21:45 3˙584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
23.10.2016 15:21 <DIR> Diagnostics
08.06.2014 23:19 <DIR> Downloaded Installations
25.08.2015 20:45 <DIR> ElevatedDiagnostics
15.11.2016 00:30 <DIR> ESET
29.06.2013 10:40 <DIR> Facebook
07.10.2014 13:03 <DIR> fontconfig
23.05.2016 22:11 141˙000 GDIPFONTCACHEV1.DAT
07.10.2014 13:01 <DIR> gegl-0.2
16.09.2013 01:15 <DIR> GHISLER
28.10.2016 21:53 <DIR> Google
06.11.2015 00:39 <DIR> gtk-2.0
03.06.2015 11:38 <DIR> GWX
30.05.2014 13:28 <DIR> Macromedia
23.05.2016 22:56 <DIR> Microsoft
31.01.2012 14:18 <DIR> Microsoft Games
19.05.2013 16:33 <DIR> Microsoft Help
07.06.2014 22:37 <DIR> Mozilla
27.01.2012 16:05 <DIR> Pinnacle
15.09.2013 16:08 <DIR> Programs
04.03.2015 16:50 849 recently-used.xbel
09.06.2014 00:09 <DIR> Samsung
05.04.2014 13:02 <DIR> Skype
23.02.2012 12:16 <DIR> Sony
15.11.2016 18:39 <DIR> Temp
23.03.2015 20:48 <DIR> TuneUp Software
07.04.2012 18:53 <DIR> VirtualStore
27.01.2012 20:33 <DIR> VS Revo Group
04.03.2015 17:01 <DIR> webkit
10.01.2016 13:55 <DIR> Windows Live
19.03.2016 23:49 <DIR> WMTools Downloaded Files
16.06.2012 18:34 <DIR> Zoner
Soubor…: 3, Bajt…: 145˙433
Adres ý…: 38, Volněch bajt…: 148˙344˙999˙936
========= End of CMD: =========
========= dir "%appdata%" =========
Svazek v jednotce C nem § dnou jmenovku.
S‚riov‚ źˇslo svazku je DE12-FDDD.
Věpis adres ýe C:\Users\Eliçka\AppData\Roaming
15.11.2016 16:05 <DIR> .
15.11.2016 16:05 <DIR> ..
05.05.2015 10:30 <DIR> Adobe
12.03.2012 20:37 <DIR> Adobe Mini Bridge CS5
04.02.2012 15:30 <DIR> Apple Computer
06.11.2015 00:54 <DIR> ArcSoft
04.08.2012 14:54 <DIR> AVS4YOU
21.05.2015 15:10 <DIR> Canon
20.04.2013 12:21 <DIR> chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
22.04.2015 06:44 <DIR> DAEMON Tools Lite
14.09.2014 16:02 <DIR> DivX
21.04.2013 13:49 <DIR> dvdcss
24.01.2012 20:04 <DIR> ESET
25.01.2014 20:59 <DIR> GHISLER
25.04.2016 08:16 <DIR> Identities
10.11.2015 09:58 <DIR> InstallShield
21.04.2013 17:36 <DIR> Intelli-studio
09.08.2013 15:41 <DIR> InternetManager_Z
24.01.2012 16:11 <DIR> Macromedia
14.07.2009 16:36 <DIR> Media Center Programs
06.05.2012 15:47 <DIR> Media Player Classic
24.01.2012 16:09 <DIR> Mozilla
04.07.2014 15:37 <DIR> Nero
27.03.2012 14:11 <DIR> Outlook
15.09.2013 16:58 <DIR> PSpad
08.06.2014 23:07 <DIR> Samsung
22.01.2014 19:36 <DIR> ScanSoft
07.06.2014 22:12 <DIR> Seznam.cz
31.10.2016 23:24 <DIR> Skype
23.02.2012 12:15 <DIR> Sony
12.03.2012 20:37 <DIR> StageManager.BD092818F67280F4B42B04877600987F0111B594.1
10.02.2016 22:59 <DIR> Sun
27.01.2012 15:41 <DIR> TeamViewer
23.03.2015 20:48 <DIR> TuneUp Software
13.04.2015 09:04 <DIR> uTorrent
02.09.2016 01:27 <DIR> vlc
21.05.2016 08:36 250 WB.CFG
27.01.2012 15:43 <DIR> WinRAR
01.07.2012 21:03 <DIR> Zoner
Soubor…: 1, Bajt…: 250
Adres ý…: 38, Volněch bajt…: 148˙344˙999˙936
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14493978 B
Java, Flash, Steam htmlcache => 18852 B
Windows/system/drivers => 6772622 B
Edge => 0 B
Chrome => 94609164 B
Firefox => 100574671 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 118568 B
systemprofile32 => 210685 B
LocalService => 6610680 B
NetworkService => 31536039 B
Eliška => 99452557 B
RecycleBin => 0 B
EmptyTemp: => 350 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 18:39:51 ====
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
Ulozte na plochu ESET Online Scanner kliknutim na esetsmartinstaller_csy.exe
- ulozeny esetsmartinstaller_csy.exe dvojklikem spustte
- zaskrtnete Ano, souhlasim s podminkami uziti a kliknete na Spustit
- vyberte moznost Povolit detekci nechtenych aplikaci
- rozkliknete moznost Rozsirene nastaveni a
- zruste zatrzitko u volby Odstranit nalezene infiltrace
- ponechte zatrhnutou moznost Pouzit technologii Anti-Stealth
- kliknete na Kontrola, cimz se spusti az nekolikahodinovy sken
- po dokonceni skenu kliknete na Seznam nalezenych infiltraci (v pripade zadneho nalezu log nevytvorite)
- kliknete na Ulozit do textoveho souboru, log pojmenujte jako ESETlog a ulozte na plochu
- obsah logu vlozte do pristi odpovedi
- kliknete na << Zpet a zatrhnete moznost Odinstalovat
- klikem na Dokoncit ESET Online Scanner zavrete.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
Vyběr je trošku jinak než píšete, je to takto správně ?
sorry za ten plakát, bylo to narychlo...
sorry za ten plakát, bylo to narychlo...
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
Dekuji za upozorneni, hned si upravim navod.
Zatrhnete jeste Zapnout detekci potencialne zneuzitelnych aplikaci, zbytek nechte jak je na obrazku.
Zatrhnete jeste Zapnout detekci potencialne zneuzitelnych aplikaci, zbytek nechte jak je na obrazku.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
Tak ESET online scaner nenašel žádnou hrozbu tudíž nevytvořil žádný log, ale v karanteně je několik souboru. Ty chcete nakopírovat nebo jsou nepodstatne?
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
Pokud jiz jsou v karantene, nejsou pro nas podstatne. Otestujte chovani PC a reportnete soucasne problemy.Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
Nu prvotní poznatky vypadají slibně, uvidim za den dva jak to vypadá. Momentalně žádnou chybu nebo nález nic nehlásí a ani se počítač nechová nijak nezvykle. Nevim jak ten system jesli je nebo neni originál. Nedaří se mi tedy připojit a vyhledat aktualizace a tak nevím...
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
S nefunkcnimi aktualizacemi Vam bohuzel nepomuzu (zatim podobne problemy neumim ani diagnostikovat). V PC byla zakazana komunikace se servery Microsoftu, ale tu jsme jiz povolili. Pokud se neobjevi dalsi problemy, tak jeste uklidime pouzite nastroje.
- Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
- Oznacte jen moznost "Remove disinfection tools"
- kliknete na Run
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Eset online scaner najde 8 hrozeb, ale nedoběhne-bluescr
Odstraněno. Ccleaner a malwarebytes ponechat nebo take odstranit a nechat jen eset ?
Přispějete na provoz fóra?