jak mám postupovat dále. Děkuji Agatka
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Otevřel jsem asi zavirovanou přílohu v emailu.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Otevřel jsem asi zavirovanou přílohu v emailu.
Dobrý den,
jak mám postupovat dále. Děkuji Agatka
jak mám postupovat dále. Děkuji Agatka
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Andrea (administrator) on ANDREA-PC (04-04-2017 20:30:17)
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea (Available Profiles: Andrea)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(MEDIAN s.r.o.) C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Farbar) C:\Users\Andrea\Desktop\FRST (1).exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2009-01-19] (Sony Corporation)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WwwAccessConnectorUrlMonitor] => C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe [274944 2016-06-29] (MEDIAN s.r.o.)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-02-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Url Monitor.lnk [2015-09-01]
ShortcutTarget: Url Monitor.lnk -> C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe (MEDIAN s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5CDE5058-9E40-4DDC-828B-4E2609822D96}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8C900FA7-380C-46AA-AF30-5FEC3355B95F}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2008-10-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2008-10-05] ()
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default [2017-04-04]
CHR Extension: (YouTube) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-02] (ArcSoft Inc.)
S2 AudioHubWwwAccessConnector; C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnector.exe [187392 2016-06-29] (MEDIAN s.r.o.) [File not signed]
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-04] (Google)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-10-15] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-08] (Sony Corporation) [File not signed]
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-01-20] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-01-20] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
R2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-20] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
S3 lgmdbus; C:\Windows\System32\DRIVERS\lgmdbus.sys [89600 2008-07-08] (MCCI Corporation)
S3 lgmdmdfl; C:\Windows\System32\DRIVERS\lgmdmdfl.sys [14976 2008-07-08] (MCCI Corporation)
S3 lgmdmdm; C:\Windows\System32\DRIVERS\lgmdmdm.sys [121344 2008-07-08] (MCCI Corporation)
S3 lgmdmgmt; C:\Windows\System32\DRIVERS\lgmdmgmt.sys [114944 2008-07-08] (MCCI Corporation)
S3 lgmdobex; C:\Windows\System32\DRIVERS\lgmdobex.sys [111232 2008-07-08] (MCCI Corporation)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-04 20:30 - 2017-04-04 20:32 - 00013587 _____ C:\Users\Andrea\Desktop\FRST.txt
2017-04-04 20:29 - 2017-04-04 20:30 - 00000000 ____D C:\FRST
2017-04-04 20:29 - 2017-04-04 20:29 - 00015327 _____ C:\Users\Andrea\Desktop\LM.bat
2017-04-04 20:28 - 2017-04-04 20:29 - 00029696 _____ C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2017-04-04 20:26 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Desktop\FRSTLauncher.exe
2017-04-04 20:22 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Downloads\FRSTLauncher.exe
2017-04-04 20:21 - 2017-04-04 20:21 - 01766912 _____ (Farbar) C:\Users\Andrea\Desktop\FRST (1).exe
2017-04-04 20:20 - 2017-04-04 20:21 - 01766912 _____ (Farbar) C:\Users\Andrea\Downloads\FRST (1).exe
2017-04-04 18:52 - 2017-04-04 18:53 - 00364216 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-04 17:54 - 2017-04-04 17:54 - 00093232 _____ C:\Users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-04 13:04 - 2017-04-04 17:46 - 00000000 ____D C:\Users\Andrea\AppData\Local\ESET
2017-04-04 13:03 - 2017-04-04 13:04 - 06751872 _____ (ESET spol. s r.o.) C:\Users\Andrea\Downloads\esetonlinescanner_csy.exe
2017-04-04 11:04 - 2017-04-04 11:04 - 00055913 _____ C:\Users\Andrea\Documents\dl-voucher-dobrovsky-duben-2017.pdf
2017-04-04 10:06 - 2017-04-04 10:06 - 00000000 ____D C:\rsit
2017-03-28 09:42 - 2017-03-28 09:42 - 02148188 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09 (1).pdf
2017-03-28 09:40 - 2017-03-28 09:41 - 00682954 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09.pdf
2017-03-21 11:58 - 2017-03-21 14:59 - 1766320358 _____ C:\Users\Andrea\Desktop\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.) (1).avi
2017-03-21 11:11 - 2017-03-21 11:50 - 377888487 _____ C:\Users\Andrea\Downloads\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.).avi
2017-03-19 13:16 - 2017-03-19 13:17 - 07029472 _____ (Microsoft Corporation) C:\Users\Andrea\Downloads\Silverlight (2).exe
2017-03-16 21:15 - 2017-03-16 21:15 - 01136458 _____ C:\Users\Andrea\Documents\Elle.PDF
2017-03-16 21:13 - 2017-03-16 21:13 - 01136458 _____ C:\Users\Andrea\Downloads\387074.PDF
2017-03-09 13:39 - 2017-03-09 13:39 - 00017281 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx.zip
2017-03-09 13:39 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017 (1).xlsx
2017-03-09 13:38 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx
2017-03-09 12:14 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Documents\Posedlost.PDF
2017-03-09 12:13 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Downloads\626176 (1).PDF
2017-03-09 12:12 - 2017-03-09 12:12 - 00601213 _____ C:\Users\Andrea\Downloads\626176.PDF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-04 20:19 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-04 20:19 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-04 18:53 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 18:30 - 2006-11-02 15:01 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-04 17:46 - 2015-09-01 12:33 - 01576960 _____ C:\Windows\system32\tempResults.db
2017-04-04 17:44 - 2013-12-11 10:19 - 00000000 ____D C:\AdwCleaner
2017-04-04 10:07 - 2014-02-18 10:39 - 00000000 ____D C:\Program Files\trend micro
2017-03-28 09:36 - 2009-03-09 20:09 - 03010488 _____ C:\Windows\system32\perfh005.dat
2017-03-28 09:36 - 2009-03-09 20:09 - 00983764 _____ C:\Windows\system32\perfc005.dat
2017-03-28 09:36 - 2006-11-02 12:33 - 00006606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-27 12:56 - 2016-11-19 11:24 - 1431435272 _____ C:\Users\Andrea\Desktop\Kočka-na-rozpálené-plechové-střeše---Cat-on-a-Hot-Tin-Roof-1958,-CZ-tit.avi
2017-03-27 12:56 - 2011-02-08 12:50 - 00073216 _____ C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-14 12:27 - 2013-03-25 09:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 12:27 - 2013-03-25 09:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-14 12:26 - 2011-01-28 22:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-12 11:17 - 2016-09-13 13:06 - 00006836 _____ C:\Users\Andrea\AppData\Local\d3d9caps.dat
==================== Files in the root of some directories =======
2011-11-21 13:45 - 2011-11-21 13:45 - 0000600 _____ () C:\Users\Andrea\AppData\Roaming\winscp.rnd
2011-02-24 12:47 - 2014-12-02 09:18 - 0001218 _____ () C:\Users\Andrea\AppData\Roaming\wklnhst.dat
2016-09-13 13:06 - 2017-03-12 11:17 - 0006836 _____ () C:\Users\Andrea\AppData\Local\d3d9caps.dat
2011-02-08 12:50 - 2017-03-27 12:56 - 0073216 _____ () C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-04 20:28 - 2017-04-04 20:29 - 0029696 _____ () C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2011-02-04 18:44 - 2011-02-04 18:47 - 0000184 _____ () C:\Users\Andrea\AppData\Local\setup.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-04 20:19
==================== End of FRST.txt ============================
Ran by Andrea (administrator) on ANDREA-PC (04-04-2017 20:30:17)
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea (Available Profiles: Andrea)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(MEDIAN s.r.o.) C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Farbar) C:\Users\Andrea\Desktop\FRST (1).exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2009-01-19] (Sony Corporation)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WwwAccessConnectorUrlMonitor] => C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe [274944 2016-06-29] (MEDIAN s.r.o.)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-02-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Url Monitor.lnk [2015-09-01]
ShortcutTarget: Url Monitor.lnk -> C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe (MEDIAN s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5CDE5058-9E40-4DDC-828B-4E2609822D96}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8C900FA7-380C-46AA-AF30-5FEC3355B95F}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2008-10-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2008-10-05] ()
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default [2017-04-04]
CHR Extension: (YouTube) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-02] (ArcSoft Inc.)
S2 AudioHubWwwAccessConnector; C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnector.exe [187392 2016-06-29] (MEDIAN s.r.o.) [File not signed]
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-04] (Google)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-10-15] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-08] (Sony Corporation) [File not signed]
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-01-20] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-01-20] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
R2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-20] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
S3 lgmdbus; C:\Windows\System32\DRIVERS\lgmdbus.sys [89600 2008-07-08] (MCCI Corporation)
S3 lgmdmdfl; C:\Windows\System32\DRIVERS\lgmdmdfl.sys [14976 2008-07-08] (MCCI Corporation)
S3 lgmdmdm; C:\Windows\System32\DRIVERS\lgmdmdm.sys [121344 2008-07-08] (MCCI Corporation)
S3 lgmdmgmt; C:\Windows\System32\DRIVERS\lgmdmgmt.sys [114944 2008-07-08] (MCCI Corporation)
S3 lgmdobex; C:\Windows\System32\DRIVERS\lgmdobex.sys [111232 2008-07-08] (MCCI Corporation)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-04 20:30 - 2017-04-04 20:32 - 00013587 _____ C:\Users\Andrea\Desktop\FRST.txt
2017-04-04 20:29 - 2017-04-04 20:30 - 00000000 ____D C:\FRST
2017-04-04 20:29 - 2017-04-04 20:29 - 00015327 _____ C:\Users\Andrea\Desktop\LM.bat
2017-04-04 20:28 - 2017-04-04 20:29 - 00029696 _____ C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2017-04-04 20:26 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Desktop\FRSTLauncher.exe
2017-04-04 20:22 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Downloads\FRSTLauncher.exe
2017-04-04 20:21 - 2017-04-04 20:21 - 01766912 _____ (Farbar) C:\Users\Andrea\Desktop\FRST (1).exe
2017-04-04 20:20 - 2017-04-04 20:21 - 01766912 _____ (Farbar) C:\Users\Andrea\Downloads\FRST (1).exe
2017-04-04 18:52 - 2017-04-04 18:53 - 00364216 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-04 17:54 - 2017-04-04 17:54 - 00093232 _____ C:\Users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-04 13:04 - 2017-04-04 17:46 - 00000000 ____D C:\Users\Andrea\AppData\Local\ESET
2017-04-04 13:03 - 2017-04-04 13:04 - 06751872 _____ (ESET spol. s r.o.) C:\Users\Andrea\Downloads\esetonlinescanner_csy.exe
2017-04-04 11:04 - 2017-04-04 11:04 - 00055913 _____ C:\Users\Andrea\Documents\dl-voucher-dobrovsky-duben-2017.pdf
2017-04-04 10:06 - 2017-04-04 10:06 - 00000000 ____D C:\rsit
2017-03-28 09:42 - 2017-03-28 09:42 - 02148188 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09 (1).pdf
2017-03-28 09:40 - 2017-03-28 09:41 - 00682954 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09.pdf
2017-03-21 11:58 - 2017-03-21 14:59 - 1766320358 _____ C:\Users\Andrea\Desktop\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.) (1).avi
2017-03-21 11:11 - 2017-03-21 11:50 - 377888487 _____ C:\Users\Andrea\Downloads\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.).avi
2017-03-19 13:16 - 2017-03-19 13:17 - 07029472 _____ (Microsoft Corporation) C:\Users\Andrea\Downloads\Silverlight (2).exe
2017-03-16 21:15 - 2017-03-16 21:15 - 01136458 _____ C:\Users\Andrea\Documents\Elle.PDF
2017-03-16 21:13 - 2017-03-16 21:13 - 01136458 _____ C:\Users\Andrea\Downloads\387074.PDF
2017-03-09 13:39 - 2017-03-09 13:39 - 00017281 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx.zip
2017-03-09 13:39 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017 (1).xlsx
2017-03-09 13:38 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx
2017-03-09 12:14 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Documents\Posedlost.PDF
2017-03-09 12:13 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Downloads\626176 (1).PDF
2017-03-09 12:12 - 2017-03-09 12:12 - 00601213 _____ C:\Users\Andrea\Downloads\626176.PDF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-04 20:19 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-04 20:19 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-04 18:53 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 18:30 - 2006-11-02 15:01 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-04 17:46 - 2015-09-01 12:33 - 01576960 _____ C:\Windows\system32\tempResults.db
2017-04-04 17:44 - 2013-12-11 10:19 - 00000000 ____D C:\AdwCleaner
2017-04-04 10:07 - 2014-02-18 10:39 - 00000000 ____D C:\Program Files\trend micro
2017-03-28 09:36 - 2009-03-09 20:09 - 03010488 _____ C:\Windows\system32\perfh005.dat
2017-03-28 09:36 - 2009-03-09 20:09 - 00983764 _____ C:\Windows\system32\perfc005.dat
2017-03-28 09:36 - 2006-11-02 12:33 - 00006606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-27 12:56 - 2016-11-19 11:24 - 1431435272 _____ C:\Users\Andrea\Desktop\Kočka-na-rozpálené-plechové-střeše---Cat-on-a-Hot-Tin-Roof-1958,-CZ-tit.avi
2017-03-27 12:56 - 2011-02-08 12:50 - 00073216 _____ C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-14 12:27 - 2013-03-25 09:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 12:27 - 2013-03-25 09:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-14 12:26 - 2011-01-28 22:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-12 11:17 - 2016-09-13 13:06 - 00006836 _____ C:\Users\Andrea\AppData\Local\d3d9caps.dat
==================== Files in the root of some directories =======
2011-11-21 13:45 - 2011-11-21 13:45 - 0000600 _____ () C:\Users\Andrea\AppData\Roaming\winscp.rnd
2011-02-24 12:47 - 2014-12-02 09:18 - 0001218 _____ () C:\Users\Andrea\AppData\Roaming\wklnhst.dat
2016-09-13 13:06 - 2017-03-12 11:17 - 0006836 _____ () C:\Users\Andrea\AppData\Local\d3d9caps.dat
2011-02-08 12:50 - 2017-03-27 12:56 - 0073216 _____ () C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-04 20:28 - 2017-04-04 20:29 - 0029696 _____ () C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2011-02-04 18:44 - 2011-02-04 18:47 - 0000184 _____ () C:\Users\Andrea\AppData\Local\setup.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-04 20:19
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Na ploše se objevil soubor LM. Dávkový soubor systému Windows (.bat).
Co je to ?
Děkuji
# AdwCleaner v6.045 - Logfile created 05/04/2017 at 09:12:13
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : Andrea - ANDREA-PC
# Running from : C:\Users\Andrea\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: DrvAgent32
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Andrea\AppData\Local\VirtualStore\Program Files\Free Offers from Freeze.com
***** [ Files ] *****
[-] File deleted: C:\Windows\system32\drivers\DrvAgent32.sys
[-] File deleted: C:\user.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: IHUninstallTrackingTASK
[-] Task deleted: ihuninstalltrackingtask
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6565F37-655B-4c9e-AA5F-0307AC976ED4}
[-] Key deleted: HKLM\SOFTWARE\Classes\OpcMp4.OpcMp4Player
[-] Key deleted: HKLM\SOFTWARE\Classes\OpcMp4.OpcMp4Player.1
***** [ Web browsers ] *****
[-] [C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: arriva-vychodnicechy.cz
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2855 Bytes] - [30/03/2016 10:47:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [2281 Bytes] - [06/07/2016 19:18:55]
C:\AdwCleaner\AdwCleaner[C3].txt - [1797 Bytes] - [04/04/2017 10:01:55]
C:\AdwCleaner\AdwCleaner[C4].txt - [1635 Bytes] - [04/04/2017 17:44:31]
C:\AdwCleaner\AdwCleaner[C5].txt - [1768 Bytes] - [05/04/2017 09:12:13]
C:\AdwCleaner\AdwCleaner[R0].txt - [7737 Bytes] - [11/12/2013 10:20:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [8008 Bytes] - [11/12/2013 10:22:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [2752 Bytes] - [30/03/2016 10:45:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [2565 Bytes] - [06/07/2016 19:17:29]
C:\AdwCleaner\AdwCleaner[S3].txt - [1605 Bytes] - [04/04/2017 09:58:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [1451 Bytes] - [04/04/2017 17:42:52]
C:\AdwCleaner\AdwCleaner[S5].txt - [2344 Bytes] - [05/04/2017 09:09:15]
########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2352 Bytes] ##########
Co je to ?
Děkuji
# AdwCleaner v6.045 - Logfile created 05/04/2017 at 09:12:13
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Username : Andrea - ANDREA-PC
# Running from : C:\Users\Andrea\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: DrvAgent32
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Andrea\AppData\Local\VirtualStore\Program Files\Free Offers from Freeze.com
***** [ Files ] *****
[-] File deleted: C:\Windows\system32\drivers\DrvAgent32.sys
[-] File deleted: C:\user.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: IHUninstallTrackingTASK
[-] Task deleted: ihuninstalltrackingtask
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6565F37-655B-4c9e-AA5F-0307AC976ED4}
[-] Key deleted: HKLM\SOFTWARE\Classes\OpcMp4.OpcMp4Player
[-] Key deleted: HKLM\SOFTWARE\Classes\OpcMp4.OpcMp4Player.1
***** [ Web browsers ] *****
[-] [C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: arriva-vychodnicechy.cz
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2855 Bytes] - [30/03/2016 10:47:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [2281 Bytes] - [06/07/2016 19:18:55]
C:\AdwCleaner\AdwCleaner[C3].txt - [1797 Bytes] - [04/04/2017 10:01:55]
C:\AdwCleaner\AdwCleaner[C4].txt - [1635 Bytes] - [04/04/2017 17:44:31]
C:\AdwCleaner\AdwCleaner[C5].txt - [1768 Bytes] - [05/04/2017 09:12:13]
C:\AdwCleaner\AdwCleaner[R0].txt - [7737 Bytes] - [11/12/2013 10:20:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [8008 Bytes] - [11/12/2013 10:22:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [2752 Bytes] - [30/03/2016 10:45:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [2565 Bytes] - [06/07/2016 19:17:29]
C:\AdwCleaner\AdwCleaner[S3].txt - [1605 Bytes] - [04/04/2017 09:58:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [1451 Bytes] - [04/04/2017 17:42:52]
C:\AdwCleaner\AdwCleaner[S5].txt - [2344 Bytes] - [05/04/2017 09:09:15]
########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2352 Bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Andrea (administrator) on ANDREA-PC (06-04-2017 14:12:10)
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea (Available Profiles: Andrea)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(MEDIAN s.r.o.) C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(MEDIAN s.r.o.) C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnector.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Farbar) C:\Users\Andrea\Desktop\FRST (2).exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2009-01-19] (Sony Corporation)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WwwAccessConnectorUrlMonitor] => C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe [274944 2016-06-29] (MEDIAN s.r.o.)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-02-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Url Monitor.lnk [2015-09-01]
ShortcutTarget: Url Monitor.lnk -> C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe (MEDIAN s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5CDE5058-9E40-4DDC-828B-4E2609822D96}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8C900FA7-380C-46AA-AF30-5FEC3355B95F}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2008-10-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2008-10-05] ()
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default [2017-04-06]
CHR Extension: (YouTube) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-02] (ArcSoft Inc.)
R2 AudioHubWwwAccessConnector; C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnector.exe [187392 2016-06-29] (MEDIAN s.r.o.) [File not signed]
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-04] (Google)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-10-15] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-08] (Sony Corporation) [File not signed]
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-01-20] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-01-20] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
R2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-20] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
S3 lgmdbus; C:\Windows\System32\DRIVERS\lgmdbus.sys [89600 2008-07-08] (MCCI Corporation)
S3 lgmdmdfl; C:\Windows\System32\DRIVERS\lgmdmdfl.sys [14976 2008-07-08] (MCCI Corporation)
S3 lgmdmdm; C:\Windows\System32\DRIVERS\lgmdmdm.sys [121344 2008-07-08] (MCCI Corporation)
S3 lgmdmgmt; C:\Windows\System32\DRIVERS\lgmdmgmt.sys [114944 2008-07-08] (MCCI Corporation)
S3 lgmdobex; C:\Windows\System32\DRIVERS\lgmdobex.sys [111232 2008-07-08] (MCCI Corporation)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-06 14:12 - 2017-04-06 14:13 - 00013871 _____ C:\Users\Andrea\Desktop\FRST.txt
2017-04-06 14:11 - 2017-04-06 14:11 - 00015327 _____ C:\Users\Andrea\Desktop\LM.bat
2017-04-05 19:42 - 2017-04-05 19:42 - 00093232 _____ C:\Users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 19:42 - 2017-04-05 19:42 - 00002042 _____ C:\Users\Andrea\Desktop\ulice.txt
2017-04-05 19:40 - 2017-04-05 19:40 - 00364216 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-05 10:38 - 2017-04-05 12:13 - 852641850 _____ C:\Users\Andrea\Desktop\Sladký-pták-mládí---Sweet-Bird-of-Youth-1962,-CZ-tit (1).avi
2017-04-05 10:05 - 2017-04-05 10:35 - 201818956 _____ C:\Users\Andrea\Downloads\Sladký-pták-mládí---Sweet-Bird-of-Youth-1962,-CZ-tit.avi
2017-04-05 09:07 - 2017-04-05 09:06 - 04089296 _____ C:\Users\Andrea\Desktop\adwcleaner_6.045.exe
2017-04-05 09:06 - 2017-04-05 09:06 - 04089296 _____ C:\Users\Andrea\Downloads\adwcleaner_6.045.exe
2017-04-04 20:48 - 2017-04-04 20:47 - 01766912 _____ (Farbar) C:\Users\Andrea\Desktop\FRST (2).exe
2017-04-04 20:47 - 2017-04-04 20:47 - 01766912 _____ (Farbar) C:\Users\Andrea\Downloads\FRST (2).exe
2017-04-04 20:44 - 2017-04-04 20:44 - 00000000 ____D C:\Users\Andrea\Desktop\Nová složka (2)
2017-04-04 20:43 - 2017-04-04 20:43 - 02424832 _____ (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2017-04-04 20:29 - 2017-04-06 14:12 - 00000000 ____D C:\FRST
2017-04-04 20:28 - 2017-04-06 14:11 - 00029696 _____ C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2017-04-04 20:26 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Desktop\FRSTLauncher.exe
2017-04-04 20:22 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Downloads\FRSTLauncher.exe
2017-04-04 20:20 - 2017-04-04 20:21 - 01766912 _____ (Farbar) C:\Users\Andrea\Downloads\FRST (1).exe
2017-04-04 13:04 - 2017-04-04 17:46 - 00000000 ____D C:\Users\Andrea\AppData\Local\ESET
2017-04-04 13:03 - 2017-04-04 13:04 - 06751872 _____ (ESET spol. s r.o.) C:\Users\Andrea\Downloads\esetonlinescanner_csy.exe
2017-04-04 11:04 - 2017-04-04 11:04 - 00055913 _____ C:\Users\Andrea\Documents\dl-voucher-dobrovsky-duben-2017.pdf
2017-04-04 10:06 - 2017-04-04 10:06 - 00000000 ____D C:\rsit
2017-03-28 09:42 - 2017-03-28 09:42 - 02148188 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09 (1).pdf
2017-03-28 09:40 - 2017-03-28 09:41 - 00682954 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09.pdf
2017-03-21 11:58 - 2017-03-21 14:59 - 1766320358 _____ C:\Users\Andrea\Desktop\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.) (1).avi
2017-03-21 11:11 - 2017-03-21 11:50 - 377888487 _____ C:\Users\Andrea\Downloads\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.).avi
2017-03-19 13:16 - 2017-03-19 13:17 - 07029472 _____ (Microsoft Corporation) C:\Users\Andrea\Downloads\Silverlight (2).exe
2017-03-16 21:15 - 2017-03-16 21:15 - 01136458 _____ C:\Users\Andrea\Documents\Elle.PDF
2017-03-16 21:13 - 2017-03-16 21:13 - 01136458 _____ C:\Users\Andrea\Downloads\387074.PDF
2017-03-09 13:39 - 2017-03-09 13:39 - 00017281 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx.zip
2017-03-09 13:39 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017 (1).xlsx
2017-03-09 13:38 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx
2017-03-09 12:14 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Documents\Posedlost.PDF
2017-03-09 12:13 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Downloads\626176 (1).PDF
2017-03-09 12:12 - 2017-03-09 12:12 - 00601213 _____ C:\Users\Andrea\Downloads\626176.PDF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-06 13:52 - 2015-09-01 12:33 - 01586176 _____ C:\Windows\system32\tempResults.db
2017-04-06 13:51 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-06 13:51 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-06 13:51 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-06 13:36 - 2006-11-02 15:01 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-06 09:52 - 2009-03-09 20:09 - 03037236 _____ C:\Windows\system32\perfh005.dat
2017-04-06 09:52 - 2009-03-09 20:09 - 00993344 _____ C:\Windows\system32\perfc005.dat
2017-04-06 09:52 - 2006-11-02 12:33 - 00006606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-05 19:39 - 2013-12-11 10:19 - 00000000 ____D C:\AdwCleaner
2017-04-05 19:36 - 2011-02-08 12:50 - 00075776 _____ C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-04 10:07 - 2014-02-18 10:39 - 00000000 ____D C:\Program Files\trend micro
2017-03-27 12:56 - 2016-11-19 11:24 - 1431435272 _____ C:\Users\Andrea\Desktop\Kočka-na-rozpálené-plechové-střeše---Cat-on-a-Hot-Tin-Roof-1958,-CZ-tit.avi
2017-03-14 12:27 - 2013-03-25 09:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 12:27 - 2013-03-25 09:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-14 12:26 - 2011-01-28 22:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-12 11:17 - 2016-09-13 13:06 - 00006836 _____ C:\Users\Andrea\AppData\Local\d3d9caps.dat
==================== Files in the root of some directories =======
2011-11-21 13:45 - 2011-11-21 13:45 - 0000600 _____ () C:\Users\Andrea\AppData\Roaming\winscp.rnd
2011-02-24 12:47 - 2014-12-02 09:18 - 0001218 _____ () C:\Users\Andrea\AppData\Roaming\wklnhst.dat
2016-09-13 13:06 - 2017-03-12 11:17 - 0006836 _____ () C:\Users\Andrea\AppData\Local\d3d9caps.dat
2011-02-08 12:50 - 2017-04-05 19:36 - 0075776 _____ () C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-04 20:28 - 2017-04-06 14:11 - 0029696 _____ () C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2011-02-04 18:44 - 2011-02-04 18:47 - 0000184 _____ () C:\Users\Andrea\AppData\Local\setup.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-06 13:58
==================== End of FRST.txt ============================
Ran by Andrea (administrator) on ANDREA-PC (06-04-2017 14:12:10)
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea (Available Profiles: Andrea)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(MEDIAN s.r.o.) C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(MEDIAN s.r.o.) C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnector.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Motive Communications, Inc.) C:\Program Files\Common Files\Motive\McciCMService.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Farbar) C:\Users\Andrea\Desktop\FRST (2).exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll [2009-01-19] (Sony Corporation)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WwwAccessConnectorUrlMonitor] => C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe [274944 2016-06-29] (MEDIAN s.r.o.)
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-02-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Url Monitor.lnk [2015-09-01]
ShortcutTarget: Url Monitor.lnk -> C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnectorUrlMonitor.exe (MEDIAN s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5CDE5058-9E40-4DDC-828B-4E2609822D96}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8C900FA7-380C-46AA-AF30-5FEC3355B95F}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-10] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2008-10-28] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2008-10-05] ()
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default [2017-04-06]
CHR Extension: (YouTube) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-02] (ArcSoft Inc.)
R2 AudioHubWwwAccessConnector; C:\Program Files\Median\WwwAccessConnector\AudioHUB.Processing.WwwAccessConnector.exe [187392 2016-06-29] (MEDIAN s.r.o.) [File not signed]
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [114688 2013-02-13] (Brio) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-04] (Google)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2007-10-15] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-08] (Sony Corporation) [File not signed]
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-01-20] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-01-20] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
R2 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-20] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-25] (ArcSoft, Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
S3 lgmdbus; C:\Windows\System32\DRIVERS\lgmdbus.sys [89600 2008-07-08] (MCCI Corporation)
S3 lgmdmdfl; C:\Windows\System32\DRIVERS\lgmdmdfl.sys [14976 2008-07-08] (MCCI Corporation)
S3 lgmdmdm; C:\Windows\System32\DRIVERS\lgmdmdm.sys [121344 2008-07-08] (MCCI Corporation)
S3 lgmdmgmt; C:\Windows\System32\DRIVERS\lgmdmgmt.sys [114944 2008-07-08] (MCCI Corporation)
S3 lgmdobex; C:\Windows\System32\DRIVERS\lgmdobex.sys [111232 2008-07-08] (MCCI Corporation)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-03-29] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-06 14:12 - 2017-04-06 14:13 - 00013871 _____ C:\Users\Andrea\Desktop\FRST.txt
2017-04-06 14:11 - 2017-04-06 14:11 - 00015327 _____ C:\Users\Andrea\Desktop\LM.bat
2017-04-05 19:42 - 2017-04-05 19:42 - 00093232 _____ C:\Users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-05 19:42 - 2017-04-05 19:42 - 00002042 _____ C:\Users\Andrea\Desktop\ulice.txt
2017-04-05 19:40 - 2017-04-05 19:40 - 00364216 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-05 10:38 - 2017-04-05 12:13 - 852641850 _____ C:\Users\Andrea\Desktop\Sladký-pták-mládí---Sweet-Bird-of-Youth-1962,-CZ-tit (1).avi
2017-04-05 10:05 - 2017-04-05 10:35 - 201818956 _____ C:\Users\Andrea\Downloads\Sladký-pták-mládí---Sweet-Bird-of-Youth-1962,-CZ-tit.avi
2017-04-05 09:07 - 2017-04-05 09:06 - 04089296 _____ C:\Users\Andrea\Desktop\adwcleaner_6.045.exe
2017-04-05 09:06 - 2017-04-05 09:06 - 04089296 _____ C:\Users\Andrea\Downloads\adwcleaner_6.045.exe
2017-04-04 20:48 - 2017-04-04 20:47 - 01766912 _____ (Farbar) C:\Users\Andrea\Desktop\FRST (2).exe
2017-04-04 20:47 - 2017-04-04 20:47 - 01766912 _____ (Farbar) C:\Users\Andrea\Downloads\FRST (2).exe
2017-04-04 20:44 - 2017-04-04 20:44 - 00000000 ____D C:\Users\Andrea\Desktop\Nová složka (2)
2017-04-04 20:43 - 2017-04-04 20:43 - 02424832 _____ (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2017-04-04 20:29 - 2017-04-06 14:12 - 00000000 ____D C:\FRST
2017-04-04 20:28 - 2017-04-06 14:11 - 00029696 _____ C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2017-04-04 20:26 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Desktop\FRSTLauncher.exe
2017-04-04 20:22 - 2017-04-04 20:26 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Downloads\FRSTLauncher.exe
2017-04-04 20:20 - 2017-04-04 20:21 - 01766912 _____ (Farbar) C:\Users\Andrea\Downloads\FRST (1).exe
2017-04-04 13:04 - 2017-04-04 17:46 - 00000000 ____D C:\Users\Andrea\AppData\Local\ESET
2017-04-04 13:03 - 2017-04-04 13:04 - 06751872 _____ (ESET spol. s r.o.) C:\Users\Andrea\Downloads\esetonlinescanner_csy.exe
2017-04-04 11:04 - 2017-04-04 11:04 - 00055913 _____ C:\Users\Andrea\Documents\dl-voucher-dobrovsky-duben-2017.pdf
2017-04-04 10:06 - 2017-04-04 10:06 - 00000000 ____D C:\rsit
2017-03-28 09:42 - 2017-03-28 09:42 - 02148188 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09 (1).pdf
2017-03-28 09:40 - 2017-03-28 09:41 - 00682954 _____ C:\Users\Andrea\Downloads\program_DivadlaKolin_2017_2017-03-27-15-09.pdf
2017-03-21 11:58 - 2017-03-21 14:59 - 1766320358 _____ C:\Users\Andrea\Desktop\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.) (1).avi
2017-03-21 11:11 - 2017-03-21 11:50 - 377888487 _____ C:\Users\Andrea\Downloads\ŠTVANICE-(1966,-eng,-tit.-cz-vlož.).avi
2017-03-19 13:16 - 2017-03-19 13:17 - 07029472 _____ (Microsoft Corporation) C:\Users\Andrea\Downloads\Silverlight (2).exe
2017-03-16 21:15 - 2017-03-16 21:15 - 01136458 _____ C:\Users\Andrea\Documents\Elle.PDF
2017-03-16 21:13 - 2017-03-16 21:13 - 01136458 _____ C:\Users\Andrea\Downloads\387074.PDF
2017-03-09 13:39 - 2017-03-09 13:39 - 00017281 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx.zip
2017-03-09 13:39 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017 (1).xlsx
2017-03-09 13:38 - 2017-03-09 13:39 - 00017075 _____ C:\Users\Andrea\Downloads\planovaci_kalendar_2017.xlsx
2017-03-09 12:14 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Documents\Posedlost.PDF
2017-03-09 12:13 - 2017-03-09 12:14 - 00601213 _____ C:\Users\Andrea\Downloads\626176 (1).PDF
2017-03-09 12:12 - 2017-03-09 12:12 - 00601213 _____ C:\Users\Andrea\Downloads\626176.PDF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-06 13:52 - 2015-09-01 12:33 - 01586176 _____ C:\Windows\system32\tempResults.db
2017-04-06 13:51 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-06 13:51 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-06 13:51 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-06 13:36 - 2006-11-02 15:01 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-06 09:52 - 2009-03-09 20:09 - 03037236 _____ C:\Windows\system32\perfh005.dat
2017-04-06 09:52 - 2009-03-09 20:09 - 00993344 _____ C:\Windows\system32\perfc005.dat
2017-04-06 09:52 - 2006-11-02 12:33 - 00006606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-05 19:39 - 2013-12-11 10:19 - 00000000 ____D C:\AdwCleaner
2017-04-05 19:36 - 2011-02-08 12:50 - 00075776 _____ C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-04 10:07 - 2014-02-18 10:39 - 00000000 ____D C:\Program Files\trend micro
2017-03-27 12:56 - 2016-11-19 11:24 - 1431435272 _____ C:\Users\Andrea\Desktop\Kočka-na-rozpálené-plechové-střeše---Cat-on-a-Hot-Tin-Roof-1958,-CZ-tit.avi
2017-03-14 12:27 - 2013-03-25 09:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 12:27 - 2013-03-25 09:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-14 12:26 - 2011-01-28 22:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-12 11:17 - 2016-09-13 13:06 - 00006836 _____ C:\Users\Andrea\AppData\Local\d3d9caps.dat
==================== Files in the root of some directories =======
2011-11-21 13:45 - 2011-11-21 13:45 - 0000600 _____ () C:\Users\Andrea\AppData\Roaming\winscp.rnd
2011-02-24 12:47 - 2014-12-02 09:18 - 0001218 _____ () C:\Users\Andrea\AppData\Roaming\wklnhst.dat
2016-09-13 13:06 - 2017-03-12 11:17 - 0006836 _____ () C:\Users\Andrea\AppData\Local\d3d9caps.dat
2011-02-08 12:50 - 2017-04-05 19:36 - 0075776 _____ () C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-04 20:28 - 2017-04-06 14:11 - 0029696 _____ () C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2011-02-04 18:44 - 2011-02-04 18:47 - 0000184 _____ () C:\Users\Andrea\AppData\Local\setup.log
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-06 13:58
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
C:\Program Files\McAfee Security Scan
C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Andrea (07-04-2017 09:06:59) Run:1
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea (Available Profiles: Andrea)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
C:\Program Files\McAfee Security Scan
C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
EmptyTemp:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
C:\Program Files\Google\Google Toolbar => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => key removed successfully.
"C:\Program Files\McAfee Security Scan" => not found.
C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8386643 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 487412 B
Edge => 0 B
Chrome => 92861636 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 51546 B
LocalService => 180402201 B
NetworkService => 120644922 B
Andrea => 1580013 B
RecycleBin => 3102752 B
EmptyTemp: => 396.7 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:07:44 ====
Ran by Andrea (07-04-2017 09:06:59) Run:1
Running from C:\Users\Andrea\Desktop
Loaded Profiles: Andrea (Available Profiles: Andrea)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-229735995-3260258197-3374296045-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-02] (Google Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
C:\Program Files\McAfee Security Scan
C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
EmptyTemp:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key removed successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found.
C:\Program Files\Google\Google Toolbar => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-229735995-3260258197-3374296045-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => key removed successfully.
"C:\Program Files\McAfee Security Scan" => not found.
C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8386643 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 487412 B
Edge => 0 B
Chrome => 92861636 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 51546 B
LocalService => 180402201 B
NetworkService => 120644922 B
Andrea => 1580013 B
RecycleBin => 3102752 B
EmptyTemp: => 396.7 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:07:44 ====
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Smazáno. PC by již měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Super, a Telefony, tablety taky ,,uklizite'' ? Dekuji moc ! !
!-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Zatím ne. Nemáme tu odborníka na jiné oper. systémy, nežli Windows.agata píše:Super, a Telefony, tablety taky ,,uklizite'' ? Dekuji moc !
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
A nevíte na koho se obrátit ? Děkuji !
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Lituji, ale nevím. Linux má své fórum, ale jestli i ty ostatní OS, nevím. Zkuste Google.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Otevřel jsem asi zavirovanou přílohu v emailu.
Dobry den,
dnes mi PC zkolabovalo
Po spusteni se sam restartuje a objevi se modra obrazovka, pak se spusti a porad dokola... Dekuji
dnes mi PC zkolabovalo
Po spusteni se sam restartuje a objevi se modra obrazovka, pak se spusti a porad dokola... Dekuji
Přispějete na provoz fóra?