Zdravím, kamarád mi přinesl NTB s tím že je pomalý a dělá si co chce, po nějaké době se mi jej povedlo alespoň připojit do sítě a stáhnout vše potřebné k provedení logu, moc prosím o projítí a devastaci záškoďáků, asi tu toho bude až na půdu.
Díky moc!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-06-2017
Ran by Justyn (administrator) on PC-LILI (12-06-2017 15:40:47)
Running from C:\Users\Justyn\Desktop
Loaded Profiles: Justyn (Available Profiles: Justyn)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SODATSW spol. s .r.o.) C:\Program Files (x86)\StartW8\bin\StartW8Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
() C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SODATSW spol. s r.o.) C:\Program Files (x86)\StartW8\bin\StartW8Button.exe
(SODATSW spol. s r. o.) C:\Program Files (x86)\StartW8\bin\StartW8Menu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
() C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Users\Justyn\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Justyn\AppData\Local\Temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Users\Justyn\AppData\Local\Temp\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Users\Justyn\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe
(forum.viry.cz) C:\Users\Justyn\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507144 2014-09-02] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartW8Button] => C:\Program Files (x86)\StartW8\bin\StartW8Button.exe [59752 2014-12-15] (SODATSW spol. s r.o.)
HKU\S-1-5-21-3831987021-1878366243-36960002-1001\...\Run: [background_fault] => "C:\Users\Justyn\AppData\Local\background_fault\aswRD.exe" "C:\Users\Justyn\AppData\Local\background_fault\bf.dll",background_fault_collector <===== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 217.197.152.132 217.197.144.22
Tcpip\..\Interfaces\{C2B89B16-654E-414A-BBEA-41ED9D75DDF2}: [DhcpNameServer] 217.197.152.132 217.197.144.22
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130980600304516098&GUID=4DB39B01-54F4-43AF-B1E8-5AC25F5EFE74
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {89B91A4E-F7B1-4FF6-A92E-3BDAEDCB9492} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3831987021-1878366243-36960002-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3831987021-1878366243-36960002-1001 -> {89B91A4E-F7B1-4FF6-A92E-3BDAEDCB9492} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: uybexp8f.default
FF ProfilePath: C:\Users\Justyn\AppData\Roaming\Mozilla\Firefox\Profiles\uybexp8f.default [2017-06-12]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\uybexp8f.default -> luck
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\uybexp8f.default -> luck
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\uybexp8f.default -> luck
FF Homepage: Mozilla\Firefox\Profiles\uybexp8f.default -> www.seznam.cz
FF Extension: (Firefox Hotfix) - C:\Users\Justyn\AppData\Roaming\Mozilla\Firefox\Profiles\uybexp8f.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-05-26]
FF ProfilePath: C:\Users\Justyn\AppData\Roaming\Firefox\Firefox\Profiles\uybexp8f.default [2017-05-26]
FF DefaultSearchEngine: Firefox\Firefox\Profiles\uybexp8f.default -> nice
FF SelectedSearchEngine: Firefox\Firefox\Profiles\uybexp8f.default -> nice
FF Homepage: Firefox\Firefox\Profiles\uybexp8f.default -> www.seznam.cz
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Justyn\AppData\Roaming\Firefox\Firefox\Profiles\uybexp8f.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-05-26]
FF SearchPlugin: C:\Users\Justyn\AppData\Roaming\Firefox\Firefox\Profiles\uybexp8f.default\searchplugins\so-v.xml [2016-04-18]
FF SearchPlugin: C:\Users\Justyn\AppData\Roaming\Firefox\Firefox\Profiles\uybexp8f.default\searchplugins\yoursites123.xml [2016-03-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default [2016-10-23]
CHR Extension: (Prezentace Google) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-16]
CHR Extension: (Dokumenty Google) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Disk Google) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (YouTube) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-16]
CHR Extension: (Gmail) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16]
CHR HKU\S-1-5-21-3831987021-1878366243-36960002-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-3831987021-1878366243-36960002-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Setleaf\Application\chrome.exe (Google Inc.) <==== ATTENTION
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () [File not signed]
R2 EOF; C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe [2981888 2016-08-23] () [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [509192 2014-09-02] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 MSLN; C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll [501248 2017-01-18] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-09] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-19] (Realtek Semiconductor)
R2 StartW8Service; C:\Program Files (x86)\StartW8\bin\StartW8Service.exe [620392 2014-12-15] (SODATSW spol. s .r.o.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-09-17] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-10-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-10-28] (Microsoft Corporation)
S2 BIT; C:\ProgramData\BIT\BIT.dll [X] <==== ATTENTION
S2 ceQeekg_protect; "C:\ProgramData\ceQeekg\protect\protect.exe" [X]
S2 ceQeekg_update; "C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe" [X]
S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== ATTENTION
S2 snare; C:\Users\Justyn\AppData\Local\snare\Snare.dll [X] <==== ATTENTION
S2 vreXjvX_protect; "C:\ProgramData\vreXjvX\protect\protect.exe" [X]
S2 vreXjvX_update; "C:\Program Files (x86)\vreXjvX\vreXjvX\bin\vreXjvX_server.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-08-20] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-08] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [32496 2014-09-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-09-17] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-10-28] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-10-28] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-10-28] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2014-03-18] (Microsoft Corporation)
R1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae64.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
R0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-12 15:40 - 2017-06-12 15:41 - 00017441 _____ C:\Users\Justyn\Desktop\FRST.txt
2017-06-12 15:40 - 2017-06-12 15:40 - 00000000 ____D C:\FRST
2017-06-12 15:39 - 2017-06-12 15:39 - 00112640 _____ (forum.viry.cz) C:\Users\Justyn\Desktop\FRSTLauncher.exe
2017-06-12 15:36 - 2017-06-12 15:36 - 02438656 _____ (Farbar) C:\Users\Justyn\Desktop\FRST64.exe
2017-06-12 15:33 - 2017-06-12 15:33 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\TeamViewer
2017-06-12 15:32 - 2017-06-12 15:33 - 12024848 _____ (TeamViewer) C:\Users\Justyn\Desktop\TeamViewerQS.exe
2017-06-06 20:58 - 2017-06-07 14:59 - 983089688 _____ C:\Users\Justyn\Desktop\Suburra.2015.CZ.dabing.avi
2017-06-05 22:14 - 2017-06-05 22:14 - 00000000 ____D C:\Users\Justyn\AppData\Local\GHISLER
2017-05-25 18:01 - 2017-05-25 18:06 - 00000000 ____D C:\Program Files (x86)\5926FFD2tmp
2017-05-24 20:21 - 2017-05-24 20:21 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-24 20:21 - 2017-05-24 20:21 - 00000000 ____D C:\Program Files (x86)\Setleaf
2017-05-24 20:21 - 2017-05-24 20:21 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-05-24 20:20 - 2017-05-24 20:20 - 00000042 _____ C:\Windows\SysWOW64\GZ
2017-05-22 22:04 - 2017-05-22 22:13 - 00000000 ____D C:\Program Files (x86)\59234467tmp
2017-05-20 19:50 - 2017-05-20 19:50 - 00000000 ____D C:\Users\Justyn\AppData\Local\Macromedia
2017-05-19 11:50 - 2017-05-19 11:56 - 00000000 ____D C:\Program Files (x86)\591EBFE6tmp
2017-05-19 11:49 - 2017-06-12 15:16 - 00000000 ____D C:\Users\Justyn\Documents\Youcam
2017-05-19 11:46 - 2017-05-19 11:46 - 00000000 ____D C:\Users\Public\Documents\vreXjvX
2017-05-19 11:45 - 2017-05-26 20:44 - 00000000 ____D C:\Users\Justyn\AppData\LocalLow\Mozilla
2017-05-19 11:44 - 2017-05-19 11:44 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\Synaptics
2017-05-19 11:44 - 2017-05-19 11:44 - 00000000 ____D C:\Users\Justyn\AppData\Local\VirtualStore
2017-05-19 11:44 - 2017-05-19 11:44 - 00000000 ____D C:\Users\Justyn\AppData\Local\CEF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-12 15:35 - 2015-10-26 16:40 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3831987021-1878366243-36960002-1001
2017-06-12 15:28 - 2016-08-23 09:25 - 00000000 ____D C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f
2017-06-12 15:11 - 2016-09-06 16:47 - 00000476 _____ C:\Users\Public\Documents\temp.dat
2017-06-12 15:10 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-12 15:09 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-06-12 15:06 - 2016-11-11 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-11 22:23 - 2015-10-26 16:56 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8509869C-5BA8-4B35-B282-7EA43BE45921}
2017-06-11 13:47 - 2015-10-27 17:15 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\vlc
2017-06-10 22:14 - 2015-11-25 11:37 - 00000000 ____D C:\Users\Justyn\AppData\Local\CrashDumps
2017-06-07 14:59 - 2015-11-29 00:29 - 00966144 ___SH C:\Users\Justyn\Desktop\Thumbs.db
2017-06-06 22:05 - 2015-10-27 17:09 - 00000000 ____D C:\Users\Justyn\Desktop\Filmy
2017-06-05 22:07 - 2014-10-28 12:00 - 00768392 _____ C:\Windows\system32\perfh005.dat
2017-06-05 22:07 - 2014-10-28 12:00 - 00166490 _____ C:\Windows\system32\perfc005.dat
2017-06-05 22:07 - 2014-03-18 11:53 - 01883040 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-26 22:56 - 2017-04-07 12:27 - 00000000 ____D C:\Users\Justyn\AppData\Local\AMD
2017-05-26 22:56 - 2017-03-01 19:06 - 00000000 ____D C:\Program Files (x86)\Explorer
2017-05-26 22:56 - 2016-07-25 14:05 - 00000000 ____D C:\Program Files (x86)\WinZipper
2017-05-26 22:56 - 2016-04-08 13:16 - 00000000 ____D C:\Program Files (x86)\qksee
2017-05-26 22:49 - 2017-03-01 19:06 - 00001888 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
2017-05-26 22:49 - 2016-04-29 22:31 - 00002298 _____ C:\Users\Justyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-26 22:49 - 2015-10-27 17:11 - 00002007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-26 22:49 - 2015-10-26 16:34 - 00002388 _____ C:\Users\Justyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-26 22:46 - 2017-02-07 17:46 - 00000000 ____D C:\Users\Justyn\AppData\Local\3
2017-05-26 22:46 - 2017-02-07 15:45 - 00000000 ____D C:\Users\Justyn\AppData\Local\1
2017-05-26 21:55 - 2016-08-23 09:24 - 00000000 ____D C:\Program Files (x86)\_SSpm
2017-05-26 21:53 - 2016-08-18 11:10 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\setup1
2017-05-26 21:10 - 2017-04-26 16:07 - 00000000 ____D C:\Users\Justyn\AppData\Local\background_fault
2017-05-26 20:41 - 2017-04-20 22:48 - 00000000 _____ C:\Windows\SysWOW64\4
2017-05-26 20:39 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-26 20:25 - 2016-06-07 14:02 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-05-26 20:10 - 2015-10-26 16:34 - 00000000 ____D C:\Users\Justyn
2017-05-26 19:53 - 2017-05-09 18:25 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-26 19:53 - 2017-03-14 12:18 - 00000000 ____D C:\Program Files (x86)\n1
2017-05-24 20:21 - 2017-01-18 22:09 - 00002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-19 11:45 - 2015-10-27 17:11 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\Mozilla
2017-05-19 11:44 - 2015-10-26 16:34 - 00000000 ____D C:\Users\Justyn\AppData\Local\NVIDIA Corporation
2017-05-19 11:42 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-18 23:24 - 2017-04-20 23:00 - 00000000 _____ C:\Windows\SysWOW64\22
2017-05-17 22:55 - 2017-05-11 22:16 - 00000000 _____ C:\Windows\SysWOW64\3333333
2017-05-17 22:55 - 2017-05-11 22:16 - 00000000 _____ C:\Windows\SysWOW64\00
2017-05-17 22:55 - 2017-05-02 14:23 - 00000000 _____ C:\Windows\SysWOW64\11
2017-05-17 22:55 - 2017-04-27 15:46 - 00000000 _____ C:\Windows\SysWOW64\1111111
==================== Files in the root of some directories =======
2017-01-20 11:54 - 2017-01-20 11:54 - 0000000 _____ () C:\Program Files (x86)\metadata
2017-01-20 11:54 - 2017-03-21 14:16 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2015-10-27 17:17 - 2016-03-17 15:47 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Some files in TEMP:
====================
2015-11-23 10:34 - 2015-11-23 10:34 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\Justyn\AppData\Local\Temp\COMAP.EXE
2016-09-19 09:41 - 2016-09-19 09:41 - 20466368 _____ (Adobe Systems Incorporated) C:\Users\Justyn\AppData\Local\Temp\download-1474270910553-247728.exe
2016-09-19 09:42 - 2016-09-19 09:42 - 20466368 _____ (Adobe Systems Incorporated) C:\Users\Justyn\AppData\Local\Temp\download-1474270957697-110173.exe
2015-10-25 11:27 - 2015-10-25 11:27 - 0964259 _____ (Software Installer ) C:\Users\Justyn\AppData\Local\Temp\ICSW1.14_0S2Z1T1C2Z2Wzz1.14.exe
2016-06-29 12:12 - 2016-06-29 12:12 - 0352768 _____ () C:\Users\Justyn\AppData\Local\Temp\inject.dll
2015-06-04 12:45 - 2015-06-04 12:45 - 0119312 _____ (McAfee, Inc.) C:\Users\Justyn\AppData\Local\Temp\McCSPInstall.dll
2015-10-27 17:06 - 2015-06-04 12:45 - 0161528 _____ (McAfee Inc.) C:\Users\Justyn\AppData\Local\Temp\mccspuninstall.exe
2016-06-28 15:11 - 2016-06-28 15:11 - 30533688 _____ () C:\Users\Justyn\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-12-16 12:18 - 2016-12-16 12:18 - 0778752 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct1352.tmp.dll
2016-12-22 10:44 - 2016-12-22 10:44 - 0785408 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct1E47.tmp.dll
2016-12-27 23:49 - 2016-12-27 23:49 - 0788480 _____ () C:\Users\Justyn\AppData\Local\Temp\~ct23A.tmp.dll
2016-12-23 16:44 - 2016-12-23 16:44 - 0792064 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct4893.tmp.dll
2016-12-28 21:51 - 2016-12-28 21:51 - 0792064 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct601C.tmp.dll
2016-12-31 10:55 - 2016-12-31 10:55 - 0461824 _____ () C:\Users\Justyn\AppData\Local\Temp\~ct933.tmp.dll
2016-12-29 15:41 - 2016-12-29 15:41 - 0788480 _____ () C:\Users\Justyn\AppData\Local\Temp\~ctAEDE.tmp.dll
2017-01-05 18:26 - 2017-01-05 18:26 - 0361472 _____ (update) C:\Users\Justyn\AppData\Local\Temp\~ctC0E7.tmp.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Justyn\Desktop" je 198984 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola NTB, přesměrování domovské stránky atd
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola NTB, přesměrování domovské stránky atd
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola NTB, přesměrování domovské stránky atd
# AdwCleaner v6.047 - Log vytvořen 12/06/2017 v 16:53:47
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-06-10.1 [Místní]
# Operační systém : Windows 8.1 (X64)
# Uživatelské jméno : Justyn - PC-LILI
# Spuštěno z : C:\Users\Justyn\Desktop\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Justyn\AppData\Local\Firefox
[-] Složka smazána: C:\ProgramData\BIT
***** [ Soubory ] *****
[-] Soubor smazán: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[#] Soubor smazán: C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] Soubor smazán: C:\Users\Justyn\AppData\Local\Temp\BigFarm.lnk
[-] Soubor smazán: C:\Users\Justyn\AppData\Local\Temp\big_bang_empire.lnk
[-] Soubor smazán: C:\Program Files (x86)\settings.dat
[-] Soubor smazán: C:\Users\Public\Documents\cfg.ini
[-] Soubor smazán: C:\Users\Public\Documents\cc.ini
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
[-] Soubor smazán: C:\Users\Justyn\AppData\Roaming\Mozilla\Firefox\Profiles\uybexp8f.default\invalidprefs.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[-] Klíč smazán: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\Classes\vreXjvXHTM
[#] Klíč smazán po restartu: HKCU\Software\Classes\vreXjvXHTM
[-] Klíč smazán: HKLM\SOFTWARE\Classes\qkseeViewer.jpeg
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\vreXjvXHTM
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.jpeg
[-] Klíč smazán: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\Mozilla\Extends
[-] Klíč smazán: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\PRODUCTSETUP
[-] Klíč smazán: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\deskapp
[-] Klíč smazán: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\Everness
[#] Klíč smazán po restartu: HKCU\Software\Mozilla\Extends
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\deskapp
[#] Klíč smazán po restartu: HKCU\Software\Everness
[-] Klíč smazán: HKLM\SOFTWARE\FFPluginHp
[-] Klíč smazán: HKLM\SOFTWARE\hdcode
[-] Klíč smazán: HKLM\SOFTWARE\istartsurfSoftware
[-] Klíč smazán: HKLM\SOFTWARE\TSv
[-] Klíč smazán: HKLM\SOFTWARE\WdsManPro
[-] Klíč smazán: HKLM\SOFTWARE\yoursites123Software
[-] Klíč smazán: HKLM\SOFTWARE\qkseeSvc
[-] Klíč smazán: HKLM\SOFTWARE\qksee
[-] Klíč smazán: HKLM\SOFTWARE\vreXjvX
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\WinZiper
[-] Klíč smazán: HKLM\SOFTWARE\WinSaberSvc
[-] Klíč smazán: HKLM\SOFTWARE\InterHop
[-] Klíč smazán: HKLM\SOFTWARE\WinArcher
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\UvConverter
[-] Klíč smazán: HKLM\SOFTWARE\UvConv
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\ourluckysitesSoftware
[-] Klíč smazán: HKLM\SOFTWARE\Everness
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee
[#] Klíč smazán po restartu: [x64] HKCU\Software\Mozilla\Extends
[#] Klíč smazán po restartu: [x64] HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: [x64] HKCU\Software\deskapp
[#] Klíč smazán po restartu: [x64] HKCU\Software\Everness
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C767D9D7BB3F9C4B839FF09B6C80DCF
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EE2F0310EBEC29A0C48C035C43786AA
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2A47D6F1D42DD81A292C027724D291
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29993591C160B8E40935701B5703A34F
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA0118CE95AE0D70F14E7E8A72452C8
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
[-] Hodnota smazána: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Klíč smazán: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]
[-] Klíč smazán: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [3DM]
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
***** [ Prohlížeče ] *****
[-] Firefox předvolby vyčištěny: "browser.search.searchengine.iconURL" - "hxxp://www.luckysearch123.com/favicon.ico?t=1"
[-] Firefox předvolby vyčištěny: "browser.search.searchengine.url" - "hxxp://www.luckysearch123.com/search.php?type= ... earchTerms}"
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [9948 Bajty] - [12/06/2017 16:53:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [12046 Bajty] - [12/06/2017 16:14:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [10652 Bajty] - [12/06/2017 16:17:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [9866 Bajty] - [12/06/2017 16:32:51]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10242 Bajty] ##########
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-06-10.1 [Místní]
# Operační systém : Windows 8.1 (X64)
# Uživatelské jméno : Justyn - PC-LILI
# Spuštěno z : C:\Users\Justyn\Desktop\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Justyn\AppData\Local\Firefox
[-] Složka smazána: C:\ProgramData\BIT
***** [ Soubory ] *****
[-] Soubor smazán: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán: C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[#] Soubor smazán: C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] Soubor smazán: C:\Users\Justyn\AppData\Local\Temp\BigFarm.lnk
[-] Soubor smazán: C:\Users\Justyn\AppData\Local\Temp\big_bang_empire.lnk
[-] Soubor smazán: C:\Program Files (x86)\settings.dat
[-] Soubor smazán: C:\Users\Public\Documents\cfg.ini
[-] Soubor smazán: C:\Users\Public\Documents\cc.ini
[-] Soubor smazán: C:\Users\Public\Documents\temp.dat
[-] Soubor smazán: C:\Users\Public\Documents\report.dat
[-] Soubor smazán: C:\Users\Justyn\AppData\Roaming\Mozilla\Firefox\Profiles\uybexp8f.default\invalidprefs.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Klíč smazán po restartu: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[#] Klíč smazán po restartu: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[-] Klíč smazán: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\Classes\vreXjvXHTM
[#] Klíč smazán po restartu: HKCU\Software\Classes\vreXjvXHTM
[-] Klíč smazán: HKLM\SOFTWARE\Classes\qkseeViewer.jpeg
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\vreXjvXHTM
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\qkseeViewer.jpeg
[-] Klíč smazán: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\Mozilla\Extends
[-] Klíč smazán: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\PRODUCTSETUP
[-] Klíč smazán: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\deskapp
[-] Klíč smazán: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\Everness
[#] Klíč smazán po restartu: HKCU\Software\Mozilla\Extends
[#] Klíč smazán po restartu: HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: HKCU\Software\deskapp
[#] Klíč smazán po restartu: HKCU\Software\Everness
[-] Klíč smazán: HKLM\SOFTWARE\FFPluginHp
[-] Klíč smazán: HKLM\SOFTWARE\hdcode
[-] Klíč smazán: HKLM\SOFTWARE\istartsurfSoftware
[-] Klíč smazán: HKLM\SOFTWARE\TSv
[-] Klíč smazán: HKLM\SOFTWARE\WdsManPro
[-] Klíč smazán: HKLM\SOFTWARE\yoursites123Software
[-] Klíč smazán: HKLM\SOFTWARE\qkseeSvc
[-] Klíč smazán: HKLM\SOFTWARE\qksee
[-] Klíč smazán: HKLM\SOFTWARE\vreXjvX
[-] Klíč smazán: HKLM\SOFTWARE\ScreenShot
[-] Klíč smazán: HKLM\SOFTWARE\WinZiper
[-] Klíč smazán: HKLM\SOFTWARE\WinSaberSvc
[-] Klíč smazán: HKLM\SOFTWARE\InterHop
[-] Klíč smazán: HKLM\SOFTWARE\WinArcher
[-] Klíč smazán: HKLM\SOFTWARE\amule-custom
[-] Klíč smazán: HKLM\SOFTWARE\UvConverter
[-] Klíč smazán: HKLM\SOFTWARE\UvConv
[-] Klíč smazán: HKLM\SOFTWARE\startpageing123Software
[-] Klíč smazán: HKLM\SOFTWARE\ourluckysitesSoftware
[-] Klíč smazán: HKLM\SOFTWARE\Everness
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee
[#] Klíč smazán po restartu: [x64] HKCU\Software\Mozilla\Extends
[#] Klíč smazán po restartu: [x64] HKCU\Software\PRODUCTSETUP
[#] Klíč smazán po restartu: [x64] HKCU\Software\deskapp
[#] Klíč smazán po restartu: [x64] HKCU\Software\Everness
[-] Klíč smazán: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C767D9D7BB3F9C4B839FF09B6C80DCF
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EE2F0310EBEC29A0C48C035C43786AA
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2A47D6F1D42DD81A292C027724D291
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29993591C160B8E40935701B5703A34F
[-] Klíč smazán: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA0118CE95AE0D70F14E7E8A72452C8
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
[-] Hodnota smazána: HKU\S-1-5-21-3831987021-1878366243-36960002-1001\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
[#] Hodnota smazána po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
[#] Hodnota smazána po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [background_fault]
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Klíč smazán: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubedZLGroupEx]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [GubZLGroEx]
[-] Klíč smazán: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [3DM]
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
***** [ Prohlížeče ] *****
[-] Firefox předvolby vyčištěny: "browser.search.searchengine.iconURL" - "hxxp://www.luckysearch123.com/favicon.ico?t=1"
[-] Firefox předvolby vyčištěny: "browser.search.searchengine.url" - "hxxp://www.luckysearch123.com/search.php?type= ... earchTerms}"
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [9948 Bajty] - [12/06/2017 16:53:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [12046 Bajty] - [12/06/2017 16:14:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [10652 Bajty] - [12/06/2017 16:17:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [9866 Bajty] - [12/06/2017 16:32:51]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10242 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola NTB, přesměrování domovské stránky atd
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola NTB, přesměrování domovské stránky atd
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2017
Ran by Justyn (administrator) on PC-LILI (13-06-2017 09:06:57)
Running from C:\Users\Justyn\Desktop
Loaded Profiles: Justyn (Available Profiles: Justyn)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SODATSW spol. s .r.o.) C:\Program Files (x86)\StartW8\bin\StartW8Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
() C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SODATSW spol. s r.o.) C:\Program Files (x86)\StartW8\bin\StartW8Button.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SODATSW spol. s r. o.) C:\Program Files (x86)\StartW8\bin\StartW8Menu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\Justyn\Desktop\FRST-OlderVersion\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507144 2014-09-02] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartW8Button] => C:\Program Files (x86)\StartW8\bin\StartW8Button.exe [59752 2014-12-15] (SODATSW spol. s r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 217.197.152.132 217.197.144.22
Tcpip\..\Interfaces\{C2B89B16-654E-414A-BBEA-41ED9D75DDF2}: [DhcpNameServer] 217.197.152.132 217.197.144.22
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130980600304516098&GUID=4DB39B01-54F4-43AF-B1E8-5AC25F5EFE74
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {89B91A4E-F7B1-4FF6-A92E-3BDAEDCB9492} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3831987021-1878366243-36960002-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3831987021-1878366243-36960002-1001 -> {89B91A4E-F7B1-4FF6-A92E-3BDAEDCB9492} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: uybexp8f.default
FF ProfilePath: C:\Users\Justyn\AppData\Roaming\Mozilla\Firefox\Profiles\uybexp8f.default [2017-06-12]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\uybexp8f.default -> luck
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\uybexp8f.default -> luck
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\uybexp8f.default -> luck
FF Homepage: Mozilla\Firefox\Profiles\uybexp8f.default -> www.seznam.cz
FF Extension: (Firefox Hotfix) - C:\Users\Justyn\AppData\Roaming\Mozilla\Firefox\Profiles\uybexp8f.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-05-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default [2016-10-23]
CHR Extension: (Prezentace Google) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-16]
CHR Extension: (Dokumenty Google) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Disk Google) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (YouTube) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-16]
CHR Extension: (Gmail) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16]
CHR HKU\S-1-5-21-3831987021-1878366243-36960002-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () [File not signed]
R2 EOF; C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe [2981888 2016-08-23] () [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [509192 2014-09-02] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-09] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-19] (Realtek Semiconductor)
R2 StartW8Service; C:\Program Files (x86)\StartW8\bin\StartW8Service.exe [620392 2014-12-15] (SODATSW spol. s .r.o.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-09-17] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-10-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-10-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-08-20] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-08] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [32496 2014-09-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-09-17] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-10-28] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-10-28] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-10-28] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2014-03-18] (Microsoft Corporation)
S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae64.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-13 09:06 - 2017-06-13 09:07 - 00015275 _____ C:\Users\Justyn\Desktop\FRST.txt
2017-06-13 09:06 - 2017-06-13 09:06 - 00000000 ____D C:\Users\Justyn\Desktop\FRST-OlderVersion
2017-06-12 16:12 - 2017-06-12 16:53 - 00000000 ____D C:\AdwCleaner
2017-06-12 16:11 - 2017-06-12 16:11 - 04110280 _____ C:\Users\Justyn\Desktop\adwcleaner_6.047.exe
2017-06-12 15:40 - 2017-06-13 09:06 - 00000000 ____D C:\FRST
2017-06-12 15:36 - 2017-06-13 09:06 - 02438656 _____ (Farbar) C:\Users\Justyn\Desktop\FRST64.exe
2017-06-12 15:33 - 2017-06-12 15:33 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\TeamViewer
2017-06-12 15:32 - 2017-06-12 15:33 - 12024848 _____ (TeamViewer) C:\Users\Justyn\Desktop\TeamViewerQS.exe
2017-06-06 20:58 - 2017-06-07 14:59 - 983089688 _____ C:\Users\Justyn\Desktop\Suburra.2015.CZ.dabing.avi
2017-06-05 22:14 - 2017-06-05 22:14 - 00000000 ____D C:\Users\Justyn\AppData\Local\GHISLER
2017-05-25 18:01 - 2017-05-25 18:06 - 00000000 ____D C:\Program Files (x86)\5926FFD2tmp
2017-05-24 20:21 - 2017-05-24 20:21 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-24 20:20 - 2017-05-24 20:20 - 00000042 _____ C:\Windows\SysWOW64\GZ
2017-05-22 22:04 - 2017-05-22 22:13 - 00000000 ____D C:\Program Files (x86)\59234467tmp
2017-05-20 19:50 - 2017-05-20 19:50 - 00000000 ____D C:\Users\Justyn\AppData\Local\Macromedia
2017-05-19 11:50 - 2017-05-19 11:56 - 00000000 ____D C:\Program Files (x86)\591EBFE6tmp
2017-05-19 11:49 - 2017-06-13 07:28 - 00000000 ____D C:\Users\Justyn\Documents\Youcam
2017-05-19 11:45 - 2017-05-26 20:44 - 00000000 ____D C:\Users\Justyn\AppData\LocalLow\Mozilla
2017-05-19 11:44 - 2017-05-19 11:44 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\Synaptics
2017-05-19 11:44 - 2017-05-19 11:44 - 00000000 ____D C:\Users\Justyn\AppData\Local\VirtualStore
2017-05-19 11:44 - 2017-05-19 11:44 - 00000000 ____D C:\Users\Justyn\AppData\Local\CEF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-13 07:32 - 2015-10-26 16:56 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8509869C-5BA8-4B35-B282-7EA43BE45921}
2017-06-13 07:24 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-13 07:24 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-06-12 16:52 - 2016-03-23 22:36 - 00000000 ____D C:\Windows\system32\log
2017-06-12 16:15 - 2016-08-23 09:25 - 00000000 ____D C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f
2017-06-12 16:15 - 2015-11-25 11:37 - 00000000 ____D C:\Users\Justyn\AppData\Local\CrashDumps
2017-06-12 15:53 - 2015-10-26 16:40 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3831987021-1878366243-36960002-1001
2017-06-12 15:09 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-06-12 15:06 - 2016-11-11 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-11 13:47 - 2015-10-27 17:15 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\vlc
2017-06-07 14:59 - 2015-11-29 00:29 - 00966144 ___SH C:\Users\Justyn\Desktop\Thumbs.db
2017-06-06 22:05 - 2015-10-27 17:09 - 00000000 ____D C:\Users\Justyn\Desktop\Filmy
2017-06-05 22:07 - 2014-10-28 12:00 - 00768392 _____ C:\Windows\system32\perfh005.dat
2017-06-05 22:07 - 2014-10-28 12:00 - 00166490 _____ C:\Windows\system32\perfc005.dat
2017-06-05 22:07 - 2014-03-18 11:53 - 01883040 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-26 22:56 - 2017-04-07 12:27 - 00000000 ____D C:\Users\Justyn\AppData\Local\AMD
2017-05-26 22:49 - 2017-03-01 19:06 - 00001888 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
2017-05-26 22:49 - 2016-04-29 22:31 - 00002298 _____ C:\Users\Justyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-26 22:49 - 2015-10-27 17:11 - 00002007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-26 22:49 - 2015-10-26 16:34 - 00002388 _____ C:\Users\Justyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-26 22:46 - 2017-02-07 17:46 - 00000000 ____D C:\Users\Justyn\AppData\Local\3
2017-05-26 22:46 - 2017-02-07 15:45 - 00000000 ____D C:\Users\Justyn\AppData\Local\1
2017-05-26 21:53 - 2016-08-18 11:10 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\setup1
2017-05-26 20:41 - 2017-04-20 22:48 - 00000000 _____ C:\Windows\SysWOW64\4
2017-05-26 20:10 - 2015-10-26 16:34 - 00000000 ____D C:\Users\Justyn
2017-05-26 19:53 - 2017-05-09 18:25 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-26 19:53 - 2017-03-14 12:18 - 00000000 ____D C:\Program Files (x86)\n1
2017-05-24 20:21 - 2017-01-18 22:09 - 00002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-19 11:45 - 2015-10-27 17:11 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\Mozilla
2017-05-19 11:44 - 2015-10-26 16:34 - 00000000 ____D C:\Users\Justyn\AppData\Local\NVIDIA Corporation
2017-05-19 11:42 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-18 23:24 - 2017-04-20 23:00 - 00000000 _____ C:\Windows\SysWOW64\22
2017-05-17 22:55 - 2017-05-11 22:16 - 00000000 _____ C:\Windows\SysWOW64\3333333
2017-05-17 22:55 - 2017-05-11 22:16 - 00000000 _____ C:\Windows\SysWOW64\00
2017-05-17 22:55 - 2017-05-02 14:23 - 00000000 _____ C:\Windows\SysWOW64\11
2017-05-17 22:55 - 2017-04-27 15:46 - 00000000 _____ C:\Windows\SysWOW64\1111111
==================== Files in the root of some directories =======
2017-01-20 11:54 - 2017-01-20 11:54 - 0000000 _____ () C:\Program Files (x86)\metadata
Some files in TEMP:
====================
2015-11-23 10:34 - 2015-11-23 10:34 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\Justyn\AppData\Local\Temp\COMAP.EXE
2016-09-19 09:41 - 2016-09-19 09:41 - 20466368 _____ (Adobe Systems Incorporated) C:\Users\Justyn\AppData\Local\Temp\download-1474270910553-247728.exe
2016-09-19 09:42 - 2016-09-19 09:42 - 20466368 _____ (Adobe Systems Incorporated) C:\Users\Justyn\AppData\Local\Temp\download-1474270957697-110173.exe
2015-10-25 11:27 - 2015-10-25 11:27 - 0964259 _____ (Software Installer ) C:\Users\Justyn\AppData\Local\Temp\ICSW1.14_0S2Z1T1C2Z2Wzz1.14.exe
2016-06-29 12:12 - 2016-06-29 12:12 - 0352768 _____ () C:\Users\Justyn\AppData\Local\Temp\inject.dll
2015-06-04 12:45 - 2015-06-04 12:45 - 0119312 _____ (McAfee, Inc.) C:\Users\Justyn\AppData\Local\Temp\McCSPInstall.dll
2015-10-27 17:06 - 2015-06-04 12:45 - 0161528 _____ (McAfee Inc.) C:\Users\Justyn\AppData\Local\Temp\mccspuninstall.exe
2016-06-28 15:11 - 2016-06-28 15:11 - 30533688 _____ () C:\Users\Justyn\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-12-16 12:18 - 2016-12-16 12:18 - 0778752 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct1352.tmp.dll
2016-12-22 10:44 - 2016-12-22 10:44 - 0785408 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct1E47.tmp.dll
2016-12-27 23:49 - 2016-12-27 23:49 - 0788480 _____ () C:\Users\Justyn\AppData\Local\Temp\~ct23A.tmp.dll
2016-12-23 16:44 - 2016-12-23 16:44 - 0792064 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct4893.tmp.dll
2016-12-28 21:51 - 2016-12-28 21:51 - 0792064 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct601C.tmp.dll
2016-12-31 10:55 - 2016-12-31 10:55 - 0461824 _____ () C:\Users\Justyn\AppData\Local\Temp\~ct933.tmp.dll
2016-12-29 15:41 - 2016-12-29 15:41 - 0788480 _____ () C:\Users\Justyn\AppData\Local\Temp\~ctAEDE.tmp.dll
2017-01-05 18:26 - 2017-01-05 18:26 - 0361472 _____ (update) C:\Users\Justyn\AppData\Local\Temp\~ctC0E7.tmp.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-08 11:45
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (WINDOWS) (Fixed) (Total:909.28 GB) (Free:645.88 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.21 GB) (Free:2.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Available physical RAM: 6264.73 MB
Total physical RAM: 8078.27 MB
Percentage of memory in use: 22%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9B9D0EB4)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Justyn\Desktop" je 198990 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Justyn (administrator) on PC-LILI (13-06-2017 09:06:57)
Running from C:\Users\Justyn\Desktop
Loaded Profiles: Justyn (Available Profiles: Justyn)
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SODATSW spol. s .r.o.) C:\Program Files (x86)\StartW8\bin\StartW8Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
() C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SODATSW spol. s r.o.) C:\Program Files (x86)\StartW8\bin\StartW8Button.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SODATSW spol. s r. o.) C:\Program Files (x86)\StartW8\bin\StartW8Menu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\Justyn\Desktop\FRST-OlderVersion\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-09-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507144 2014-09-02] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartW8Button] => C:\Program Files (x86)\StartW8\bin\StartW8Button.exe [59752 2014-12-15] (SODATSW spol. s r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 217.197.152.132 217.197.144.22
Tcpip\..\Interfaces\{C2B89B16-654E-414A-BBEA-41ED9D75DDF2}: [DhcpNameServer] 217.197.152.132 217.197.144.22
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130980600304516098&GUID=4DB39B01-54F4-43AF-B1E8-5AC25F5EFE74
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {89B91A4E-F7B1-4FF6-A92E-3BDAEDCB9492} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3831987021-1878366243-36960002-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3831987021-1878366243-36960002-1001 -> {89B91A4E-F7B1-4FF6-A92E-3BDAEDCB9492} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: uybexp8f.default
FF ProfilePath: C:\Users\Justyn\AppData\Roaming\Mozilla\Firefox\Profiles\uybexp8f.default [2017-06-12]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\uybexp8f.default -> luck
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\uybexp8f.default -> luck
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\uybexp8f.default -> luck
FF Homepage: Mozilla\Firefox\Profiles\uybexp8f.default -> www.seznam.cz
FF Extension: (Firefox Hotfix) - C:\Users\Justyn\AppData\Roaming\Mozilla\Firefox\Profiles\uybexp8f.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-05-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default [2016-10-23]
CHR Extension: (Prezentace Google) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-16]
CHR Extension: (Dokumenty Google) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-18]
CHR Extension: (Disk Google) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-18]
CHR Extension: (YouTube) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-16]
CHR Extension: (Gmail) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-18]
CHR Extension: (Chrome Media Router) - C:\Users\Justyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16]
CHR HKU\S-1-5-21-3831987021-1878366243-36960002-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () [File not signed]
R2 EOF; C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe [2981888 2016-08-23] () [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [509192 2014-09-02] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-09] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-19] (Realtek Semiconductor)
R2 StartW8Service; C:\Program Files (x86)\StartW8\bin\StartW8Service.exe [620392 2014-12-15] (SODATSW spol. s .r.o.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-09-17] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-10-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-10-28] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-08-20] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-08] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [32496 2014-09-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-09-17] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-10-28] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-10-28] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-10-28] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [268288 2014-03-18] (Microsoft Corporation)
S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae64.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-13 09:06 - 2017-06-13 09:07 - 00015275 _____ C:\Users\Justyn\Desktop\FRST.txt
2017-06-13 09:06 - 2017-06-13 09:06 - 00000000 ____D C:\Users\Justyn\Desktop\FRST-OlderVersion
2017-06-12 16:12 - 2017-06-12 16:53 - 00000000 ____D C:\AdwCleaner
2017-06-12 16:11 - 2017-06-12 16:11 - 04110280 _____ C:\Users\Justyn\Desktop\adwcleaner_6.047.exe
2017-06-12 15:40 - 2017-06-13 09:06 - 00000000 ____D C:\FRST
2017-06-12 15:36 - 2017-06-13 09:06 - 02438656 _____ (Farbar) C:\Users\Justyn\Desktop\FRST64.exe
2017-06-12 15:33 - 2017-06-12 15:33 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\TeamViewer
2017-06-12 15:32 - 2017-06-12 15:33 - 12024848 _____ (TeamViewer) C:\Users\Justyn\Desktop\TeamViewerQS.exe
2017-06-06 20:58 - 2017-06-07 14:59 - 983089688 _____ C:\Users\Justyn\Desktop\Suburra.2015.CZ.dabing.avi
2017-06-05 22:14 - 2017-06-05 22:14 - 00000000 ____D C:\Users\Justyn\AppData\Local\GHISLER
2017-05-25 18:01 - 2017-05-25 18:06 - 00000000 ____D C:\Program Files (x86)\5926FFD2tmp
2017-05-24 20:21 - 2017-05-24 20:21 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-24 20:20 - 2017-05-24 20:20 - 00000042 _____ C:\Windows\SysWOW64\GZ
2017-05-22 22:04 - 2017-05-22 22:13 - 00000000 ____D C:\Program Files (x86)\59234467tmp
2017-05-20 19:50 - 2017-05-20 19:50 - 00000000 ____D C:\Users\Justyn\AppData\Local\Macromedia
2017-05-19 11:50 - 2017-05-19 11:56 - 00000000 ____D C:\Program Files (x86)\591EBFE6tmp
2017-05-19 11:49 - 2017-06-13 07:28 - 00000000 ____D C:\Users\Justyn\Documents\Youcam
2017-05-19 11:45 - 2017-05-26 20:44 - 00000000 ____D C:\Users\Justyn\AppData\LocalLow\Mozilla
2017-05-19 11:44 - 2017-05-19 11:44 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\Synaptics
2017-05-19 11:44 - 2017-05-19 11:44 - 00000000 ____D C:\Users\Justyn\AppData\Local\VirtualStore
2017-05-19 11:44 - 2017-05-19 11:44 - 00000000 ____D C:\Users\Justyn\AppData\Local\CEF
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-13 07:32 - 2015-10-26 16:56 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8509869C-5BA8-4B35-B282-7EA43BE45921}
2017-06-13 07:24 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-13 07:24 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-06-12 16:52 - 2016-03-23 22:36 - 00000000 ____D C:\Windows\system32\log
2017-06-12 16:15 - 2016-08-23 09:25 - 00000000 ____D C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f
2017-06-12 16:15 - 2015-11-25 11:37 - 00000000 ____D C:\Users\Justyn\AppData\Local\CrashDumps
2017-06-12 15:53 - 2015-10-26 16:40 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3831987021-1878366243-36960002-1001
2017-06-12 15:09 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-06-12 15:06 - 2016-11-11 09:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-11 13:47 - 2015-10-27 17:15 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\vlc
2017-06-07 14:59 - 2015-11-29 00:29 - 00966144 ___SH C:\Users\Justyn\Desktop\Thumbs.db
2017-06-06 22:05 - 2015-10-27 17:09 - 00000000 ____D C:\Users\Justyn\Desktop\Filmy
2017-06-05 22:07 - 2014-10-28 12:00 - 00768392 _____ C:\Windows\system32\perfh005.dat
2017-06-05 22:07 - 2014-10-28 12:00 - 00166490 _____ C:\Windows\system32\perfc005.dat
2017-06-05 22:07 - 2014-03-18 11:53 - 01883040 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-26 22:56 - 2017-04-07 12:27 - 00000000 ____D C:\Users\Justyn\AppData\Local\AMD
2017-05-26 22:49 - 2017-03-01 19:06 - 00001888 _____ C:\Users\Public\Desktop\Internet Explorer.lnk
2017-05-26 22:49 - 2016-04-29 22:31 - 00002298 _____ C:\Users\Justyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-26 22:49 - 2015-10-27 17:11 - 00002007 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-26 22:49 - 2015-10-26 16:34 - 00002388 _____ C:\Users\Justyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-26 22:46 - 2017-02-07 17:46 - 00000000 ____D C:\Users\Justyn\AppData\Local\3
2017-05-26 22:46 - 2017-02-07 15:45 - 00000000 ____D C:\Users\Justyn\AppData\Local\1
2017-05-26 21:53 - 2016-08-18 11:10 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\setup1
2017-05-26 20:41 - 2017-04-20 22:48 - 00000000 _____ C:\Windows\SysWOW64\4
2017-05-26 20:10 - 2015-10-26 16:34 - 00000000 ____D C:\Users\Justyn
2017-05-26 19:53 - 2017-05-09 18:25 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-26 19:53 - 2017-03-14 12:18 - 00000000 ____D C:\Program Files (x86)\n1
2017-05-24 20:21 - 2017-01-18 22:09 - 00002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-19 11:45 - 2015-10-27 17:11 - 00000000 ____D C:\Users\Justyn\AppData\Roaming\Mozilla
2017-05-19 11:44 - 2015-10-26 16:34 - 00000000 ____D C:\Users\Justyn\AppData\Local\NVIDIA Corporation
2017-05-19 11:42 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-18 23:24 - 2017-04-20 23:00 - 00000000 _____ C:\Windows\SysWOW64\22
2017-05-17 22:55 - 2017-05-11 22:16 - 00000000 _____ C:\Windows\SysWOW64\3333333
2017-05-17 22:55 - 2017-05-11 22:16 - 00000000 _____ C:\Windows\SysWOW64\00
2017-05-17 22:55 - 2017-05-02 14:23 - 00000000 _____ C:\Windows\SysWOW64\11
2017-05-17 22:55 - 2017-04-27 15:46 - 00000000 _____ C:\Windows\SysWOW64\1111111
==================== Files in the root of some directories =======
2017-01-20 11:54 - 2017-01-20 11:54 - 0000000 _____ () C:\Program Files (x86)\metadata
Some files in TEMP:
====================
2015-11-23 10:34 - 2015-11-23 10:34 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\Justyn\AppData\Local\Temp\COMAP.EXE
2016-09-19 09:41 - 2016-09-19 09:41 - 20466368 _____ (Adobe Systems Incorporated) C:\Users\Justyn\AppData\Local\Temp\download-1474270910553-247728.exe
2016-09-19 09:42 - 2016-09-19 09:42 - 20466368 _____ (Adobe Systems Incorporated) C:\Users\Justyn\AppData\Local\Temp\download-1474270957697-110173.exe
2015-10-25 11:27 - 2015-10-25 11:27 - 0964259 _____ (Software Installer ) C:\Users\Justyn\AppData\Local\Temp\ICSW1.14_0S2Z1T1C2Z2Wzz1.14.exe
2016-06-29 12:12 - 2016-06-29 12:12 - 0352768 _____ () C:\Users\Justyn\AppData\Local\Temp\inject.dll
2015-06-04 12:45 - 2015-06-04 12:45 - 0119312 _____ (McAfee, Inc.) C:\Users\Justyn\AppData\Local\Temp\McCSPInstall.dll
2015-10-27 17:06 - 2015-06-04 12:45 - 0161528 _____ (McAfee Inc.) C:\Users\Justyn\AppData\Local\Temp\mccspuninstall.exe
2016-06-28 15:11 - 2016-06-28 15:11 - 30533688 _____ () C:\Users\Justyn\AppData\Local\Temp\vlc-2.2.4-win32.exe
2016-12-16 12:18 - 2016-12-16 12:18 - 0778752 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct1352.tmp.dll
2016-12-22 10:44 - 2016-12-22 10:44 - 0785408 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct1E47.tmp.dll
2016-12-27 23:49 - 2016-12-27 23:49 - 0788480 _____ () C:\Users\Justyn\AppData\Local\Temp\~ct23A.tmp.dll
2016-12-23 16:44 - 2016-12-23 16:44 - 0792064 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct4893.tmp.dll
2016-12-28 21:51 - 2016-12-28 21:51 - 0792064 _____ (Fun Dw) C:\Users\Justyn\AppData\Local\Temp\~ct601C.tmp.dll
2016-12-31 10:55 - 2016-12-31 10:55 - 0461824 _____ () C:\Users\Justyn\AppData\Local\Temp\~ct933.tmp.dll
2016-12-29 15:41 - 2016-12-29 15:41 - 0788480 _____ () C:\Users\Justyn\AppData\Local\Temp\~ctAEDE.tmp.dll
2017-01-05 18:26 - 2017-01-05 18:26 - 0361472 _____ (update) C:\Users\Justyn\AppData\Local\Temp\~ctC0E7.tmp.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-08 11:45
==================== End of FRST.txt ============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (WINDOWS) (Fixed) (Total:909.28 GB) (Free:645.88 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.21 GB) (Free:2.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Available physical RAM: 6264.73 MB
Total physical RAM: 8078.27 MB
Percentage of memory in use: 22%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9B9D0EB4)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Justyn\Desktop" je 198990 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola NTB, přesměrování domovské stránky atd
Otevřte poznámkový blok a zkopírujte do něj:
Z logu:
Uložte do C:\Users\4 yrs worth of savin\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3831987021-1878366243-36960002-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
C:\Program Files (x86)\59234467tmp
C:\Program Files (x86)\5926FFD2tmp
C:\Program Files (x86)\591EBFE6tmp
C:\Windows\SysWOW64\22
C:\Windows\SysWOW64\3333333
C:\Windows\SysWOW64\00
C:\Windows\SysWOW64\11
C:\Windows\SysWOW64\1111111
C:\Users\Justyn\AppData\Local\Temp
EmptyTemp:
End
Z logu:
To je poříliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\Justyn novou složku, do které přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.Velikost slozky "C:\Users\Justyn\Desktop" je 198990 MB.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola NTB, přesměrování domovské stránky atd
Uložte do C:\Users\4 yrs worth of savin\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
tohle je prosím určitě dobře ta cesta? já to zatím uložil na plochu hned vedle FRST ...
tohle je prosím určitě dobře ta cesta? já to zatím uložil na plochu hned vedle FRST ...
Re: kontrola NTB, přesměrování domovské stránky atd
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017
Ran by Justyn (13-06-2017 09:29:16) Run:1
Running from C:\Users\Justyn\Desktop
Loaded Profiles: Justyn (Available Profiles: Justyn)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3831987021-1878366243-36960002-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
C:\Program Files (x86)\59234467tmp
C:\Program Files (x86)\5926FFD2tmp
C:\Program Files (x86)\591EBFE6tmp
C:\Windows\SysWOW64\22
C:\Windows\SysWOW64\3333333
C:\Windows\SysWOW64\00
C:\Windows\SysWOW64\11
C:\Windows\SysWOW64\1111111
C:\Users\Justyn\AppData\Local\Temp
EmptyTemp:
End
*****************
C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f => moved successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3831987021-1878366243-36960002-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Program Files (x86)\59234467tmp => moved successfully
C:\Program Files (x86)\5926FFD2tmp => moved successfully
C:\Program Files (x86)\591EBFE6tmp => moved successfully
C:\Windows\SysWOW64\22 => moved successfully
C:\Windows\SysWOW64\3333333 => moved successfully
C:\Windows\SysWOW64\00 => moved successfully
C:\Windows\SysWOW64\11 => moved successfully
C:\Windows\SysWOW64\1111111 => moved successfully
"C:\Users\Justyn\AppData\Local\Temp" folder move:
Could not move "C:\Users\Justyn\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14879172 B
Java, Flash, Steam htmlcache => 10058 B
Windows/system/drivers => 151511019 B
Edge => 0 B
Chrome => 12054765 B
Firefox => 380556968 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6012 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 204387 B
systemprofile32 => 486954486 B
LocalService => 0 B
NetworkService => 0 B
Justyn => 1457963651 B
RecycleBin => 0 B
EmptyTemp: => 2.3 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-06-2017 09:33:02)
C:\Users\Justyn\AppData\Local\Temp => moved successfully
==== End of Fixlog 09:33:04 ====
Ran by Justyn (13-06-2017 09:29:16) Run:1
Running from C:\Users\Justyn\Desktop
Loaded Profiles: Justyn (Available Profiles: Justyn)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3831987021-1878366243-36960002-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
C:\Program Files (x86)\59234467tmp
C:\Program Files (x86)\5926FFD2tmp
C:\Program Files (x86)\591EBFE6tmp
C:\Windows\SysWOW64\22
C:\Windows\SysWOW64\3333333
C:\Windows\SysWOW64\00
C:\Windows\SysWOW64\11
C:\Windows\SysWOW64\1111111
C:\Users\Justyn\AppData\Local\Temp
EmptyTemp:
End
*****************
C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f => moved successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3831987021-1878366243-36960002-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Program Files (x86)\59234467tmp => moved successfully
C:\Program Files (x86)\5926FFD2tmp => moved successfully
C:\Program Files (x86)\591EBFE6tmp => moved successfully
C:\Windows\SysWOW64\22 => moved successfully
C:\Windows\SysWOW64\3333333 => moved successfully
C:\Windows\SysWOW64\00 => moved successfully
C:\Windows\SysWOW64\11 => moved successfully
C:\Windows\SysWOW64\1111111 => moved successfully
"C:\Users\Justyn\AppData\Local\Temp" folder move:
Could not move "C:\Users\Justyn\AppData\Local\Temp" => Scheduled to move on reboot.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14879172 B
Java, Flash, Steam htmlcache => 10058 B
Windows/system/drivers => 151511019 B
Edge => 0 B
Chrome => 12054765 B
Firefox => 380556968 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6012 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 204387 B
systemprofile32 => 486954486 B
LocalService => 0 B
NetworkService => 0 B
Justyn => 1457963651 B
RecycleBin => 0 B
EmptyTemp: => 2.3 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-06-2017 09:33:02)
C:\Users\Justyn\AppData\Local\Temp => moved successfully
==== End of Fixlog 09:33:04 ====
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola NTB, přesměrování domovské stránky atd
Omlouvám se, správná cesta je na plochu. 
Vše bylo smazáno. Nastala nějaká zmněna?
Vše bylo smazáno. Nastala nějaká zmněna?Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola NTB, přesměrování domovské stránky atd
No přesunul jsem ty soubory atd, zkusil pár restartů a spuštění aplikací a vypadá to OK, nikde nic nevyskakuje a je to podstatně rychlejší ... takže super, díky =)
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola NTB, přesměrování domovské stránky atd
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?