Dobrý den,
chtěl jsem přeinstalovat pocitac vsechno od zacatku a neotravovat Vas, ale ... Mame tu docela dulezity program na EET a nedari se me ho zalohovat bez cizi podbory. Proto bych prosil o kontrolu logu. Pokud napisete ze lepsi by bylo opravdu preinstalovat Windows udelam to pozdeji az se spojim s podporou toho programu... No Uvidime, predem dekuji za ochotu
log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by Babicka (administrator) on BABICKA-PC (09-09-2017 08:08:26)
Running from C:\Users\Babicka\Desktop
Loaded Profiles: Babicka & DefaultAppPool (Available Profiles: Babicka & DefaultAppPool)
Platform: Microsoft Windows 10 Pro Version 1703 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11707.1001.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [485280 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2448171358-1871930041-1244657789-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515072 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\Babicka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-12-10]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 84.16.111.129 84.16.96.2
Tcpip\..\Interfaces\{5d029f76-0fec-4b7e-acab-42fa21d0f130}: [DhcpNameServer] 84.16.111.129 84.16.96.2
Tcpip\..\Interfaces\{634924f9-7e72-4f65-895e-4f0d61dae811}: [DhcpNameServer] 84.16.111.129 84.16.96.2
Internet Explorer:
==================
HKU\S-1-5-21-2448171358-1871930041-1244657789-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> DefaultScope {95F8A083-7ED5-4FB9-904A-1CC3DB72DF98} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> {95F8A083-7ED5-4FB9-904A-1CC3DB72DF98} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://mysearch.avg.com/?cid={099F5101-C5BE-4765-B8FB-E1C5272CC5AA}&mid=b213616f3a1947d3a7b6318208cc0d31-3b3d42feedb44151909a582940600e561c9be51e&lang=en&ds=jd011&pr=sa&d=2013-08-13 13:21:24&v=15.4.0.5&pid=safeguard&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
CHR Extension: (Prezentace Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Dokumenty Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Disk Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Vyhledávání Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Zwinky) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei [2015-02-14]
CHR Extension: (Tabulky Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-05]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2015-07-09]
CHR Extension: (Дополнительные параметры 11.45) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hechgbfeikpcbpienlgplipnhffkdkmc [2017-03-21]
CHR Extension: (FormApps Extension) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2017-06-14]
CHR Extension: (iLivid) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-07-09]
CHR Extension: (AVG Secure Search) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-11]
CHR Extension: (MyWebFace) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\njienacjggibaeolcbbjfnigbojkcggj [2015-02-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR Profile: C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-04-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-05-04] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2069424 2017-03-09] (ESET)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-05-04] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [179968 2014-03-11] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-19] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-07-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [113512 2017-09-03] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [90656 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14368 2017-03-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [139384 2017-03-09] (ESET)
R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [67712 2017-03-09] (ESET)
R0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [526392 2012-11-19] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation)
S3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [41216 2011-09-23] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-09 08:08 - 2017-09-09 08:09 - 000015793 _____ C:\Users\Babicka\Desktop\FRST.txt
2017-09-09 08:08 - 2017-09-09 08:08 - 000000000 ____D C:\FRST
2017-09-09 08:06 - 2017-09-09 08:06 - 000112640 _____ (forum.viry.cz) C:\Users\Babicka\Desktop\FRSTLauncher.exe
2017-09-09 08:05 - 2017-09-09 08:05 - 001792512 _____ (Farbar) C:\Users\Babicka\Desktop\FRST.exe
2017-09-07 21:21 - 2017-09-07 21:21 - 000084083 _____ C:\Users\Babicka\Desktop\AAA Absolutně nejlepší naložené KOZÍ ROHY na světě! recept - Labužník.pdf
2017-09-07 09:20 - 2017-09-07 09:20 - 010656509 _____ C:\Users\Babicka\Downloads\USA-50_států_podle_abecedy.ppsx
2017-09-05 19:42 - 2017-09-05 19:43 - 001243586 _____ C:\Users\Babicka\Desktop\Provoz Bystrice-20170901123445.pdf
2017-09-04 16:27 - 2017-09-04 16:27 - 010461184 _____ C:\Users\Babicka\Downloads\Venetia_fara_apa.pps
2017-09-01 18:47 - 2017-09-01 18:47 - 000152555 _____ C:\Users\Babicka\Downloads\0000000120393013_20170831_D_008_000_M_C.pdf
2017-09-01 16:33 - 2017-09-01 16:33 - 000091722 _____ C:\Users\Babicka\Downloads\17153471.pdf
2017-08-31 12:41 - 2017-08-31 12:41 - 006365696 _____ C:\Users\Babicka\Downloads\Wieliczka-Svetovy_unikat_MV (2).pps
2017-08-31 12:39 - 2017-08-31 12:39 - 006365696 _____ C:\Users\Babicka\Downloads\Wieliczka-Svetovy_unikat_MV (1).pps
2017-08-31 12:14 - 2017-08-31 12:14 - 006365696 _____ C:\Users\Babicka\Downloads\Wieliczka-Svetovy_unikat_MV.pps
2017-08-31 10:47 - 2017-08-31 10:47 - 005466624 _____ C:\Users\Babicka\Downloads\Moje_nadherne__Slovensko.pps
2017-08-30 11:39 - 2017-08-30 11:39 - 008227840 _____ C:\Users\Babicka\Downloads\Krasy_Skotska_.pps
2017-08-29 21:06 - 2017-08-29 21:06 - 004005888 _____ C:\Users\Babicka\Downloads\zázraÄná_mÃ-sta.pps
2017-08-29 20:55 - 2017-08-29 20:55 - 007872000 _____ C:\Users\Babicka\Downloads\Brno,_hezké_město.pps
2017-08-25 13:39 - 2017-08-25 13:39 - 000091030 _____ C:\Users\Babicka\Downloads\17151538.pdf
2017-08-22 19:51 - 2017-08-22 19:51 - 004947968 _____ C:\Users\Babicka\Downloads\MoravskA1_Kras.pps
2017-08-22 09:37 - 2017-08-22 09:37 - 010735616 _____ C:\Users\Babicka\Downloads\25_najkrajších_dedín_Európy (1).pps
2017-08-10 16:22 - 2017-08-10 16:22 - 004086784 _____ C:\Users\Babicka\Downloads\Plus_qu'une_photo1.pps
2017-08-10 16:20 - 2017-08-10 16:20 - 004383721 _____ C:\Users\Babicka\Downloads\Sochy_Luhačovice_2017.ppsx
2017-08-10 07:24 - 2017-08-10 07:24 - 000000000 ____D C:\Users\Babicka\AppData\Local\DBG
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-09 07:46 - 2015-01-08 23:11 - 000000000 ____D C:\Program Files\Steam
2017-09-09 07:33 - 2015-01-08 23:11 - 000000000 ____D C:\Program Files\Common Files\Steam
2017-09-09 07:31 - 2017-03-16 08:08 - 000000000 __SHD C:\Users\Babicka\IntelGraphicsProfiles
2017-09-08 21:20 - 2017-07-20 08:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-07 14:47 - 2017-03-18 20:23 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-07 14:47 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-07 09:22 - 2017-03-18 14:28 - 000004608 _____ C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-07 07:09 - 2016-07-29 22:49 - 000002437 _____ C:\Users\Babicka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-07 07:09 - 2016-07-29 22:49 - 000000000 ___RD C:\Users\Babicka\OneDrive
2017-09-06 06:54 - 2017-06-27 06:37 - 000000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-09-06 06:54 - 2017-06-27 06:37 - 000000986 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-09-06 06:54 - 2017-06-27 06:37 - 000000000 ____D C:\Program Files\TeamViewer
2017-09-05 20:58 - 2015-01-09 21:07 - 000000000 ____D C:\Users\Babicka\AppData\Roaming\Skype
2017-09-05 20:22 - 2016-11-04 12:12 - 000001143 _____ C:\Users\Babicka\Desktop\Pokladnička EET.lnk
2017-09-03 08:18 - 2017-03-18 20:21 - 000000000 ____D C:\WINDOWS\INF
2017-09-03 08:17 - 2017-03-09 21:55 - 000113512 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-09-01 20:36 - 2015-12-26 12:20 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-09-01 07:28 - 2015-05-07 09:07 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 07:27 - 2015-01-08 22:55 - 000002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-17 10:23 - 2017-07-20 08:19 - 002199734 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-17 10:23 - 2017-03-19 10:56 - 000930948 _____ C:\WINDOWS\system32\perfh005.dat
2017-08-17 10:23 - 2017-03-19 10:56 - 000215952 _____ C:\WINDOWS\system32\perfc005.dat
2017-08-17 10:18 - 2017-07-20 08:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-15 21:57 - 2017-07-20 08:20 - 000000000 ____D C:\Users\Babicka
2017-08-12 09:21 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\rescache
==================== Files in the root of some directories =======
2017-03-18 14:28 - 2017-09-07 09:22 - 000004608 _____ () C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2017-08-13 10:52 - 2017-08-13 10:53 - 058782680 _____ (Skype Technologies S.A.) C:\Users\Babicka\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-09-06 09:05
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zaneradeny PC od deti a babicky :P
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zaneradeny PC od deti a babicky :P
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zaneradeny PC od deti a babicky :P
Nevim zda je to spravny log.. nejak se mi to nezda...
# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 10 17:49:31 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 10 Pro (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
No malicious registry entries deleted.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
Plugin deleted: AVG Secure Search -
Plugin deleted: iLivid -
SearchProvider deleted: search.ask.com - search.ask.com
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [1230 B] - [2017/9/10 17:37:40]
C:/AdwCleaner/AdwCleaner[S1].txt - [1298 B] - [2017/9/10 17:46:43]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 10 17:49:31 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 10 Pro (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
No malicious registry entries deleted.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
Plugin deleted: AVG Secure Search -
Plugin deleted: iLivid -
SearchProvider deleted: search.ask.com - search.ask.com
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [1230 B] - [2017/9/10 17:37:40]
C:/AdwCleaner/AdwCleaner[S1].txt - [1298 B] - [2017/9/10 17:46:43]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zaneradeny PC od deti a babicky :P
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zaneradeny PC od deti a babicky :P
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2017
Ran by Babicka (administrator) on BABICKA-PC (10-09-2017 20:24:57)
Running from C:\Users\Babicka\Desktop
Loaded Profiles: Babicka (Available Profiles: Babicka & DefaultAppPool)
Platform: Microsoft Windows 10 Pro Version 1703 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [485280 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2448171358-1871930041-1244657789-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
Startup: C:\Users\Babicka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-12-10]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 84.16.111.129 84.16.96.2
Tcpip\..\Interfaces\{5d029f76-0fec-4b7e-acab-42fa21d0f130}: [DhcpNameServer] 84.16.111.129 84.16.96.2
Tcpip\..\Interfaces\{634924f9-7e72-4f65-895e-4f0d61dae811}: [DhcpNameServer] 84.16.111.129 84.16.96.2
Internet Explorer:
==================
HKU\S-1-5-21-2448171358-1871930041-1244657789-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> DefaultScope {95F8A083-7ED5-4FB9-904A-1CC3DB72DF98} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> {95F8A083-7ED5-4FB9-904A-1CC3DB72DF98} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://mysearch.avg.com/?cid={099F5101-C5BE-4765-B8FB-E1C5272CC5AA}&mid=b213616f3a1947d3a7b6318208cc0d31-3b3d42feedb44151909a582940600e561c9be51e&lang=en&ds=jd011&pr=sa&d=2013-08-13 13:21:24&v=15.4.0.5&pid=safeguard&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default [2017-09-10]
CHR Extension: (Prezentace Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Dokumenty Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Disk Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Vyhledávání Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-05]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2015-07-09]
CHR Extension: (Дополнительные параметры 11.45) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hechgbfeikpcbpienlgplipnhffkdkmc [2017-03-21]
CHR Extension: (FormApps Extension) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2017-06-14]
CHR Extension: (AVG Secure Search) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2017-09-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR Profile: C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-04-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-05-04] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2069936 2017-09-03] (ESET)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-05-04] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [179968 2014-03-11] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-19] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-07-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [113512 2017-09-03] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [90656 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14368 2017-03-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [139384 2017-03-09] (ESET)
R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [67712 2017-03-09] (ESET)
R0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [526392 2012-11-19] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation)
S3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [41216 2011-09-23] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-10 20:24 - 2017-09-10 20:24 - 000000000 ____D C:\Users\Babicka\Desktop\FRST-OlderVersion
2017-09-10 19:35 - 2017-09-10 19:46 - 000000000 ____D C:\AdwCleaner
2017-09-10 19:35 - 2017-09-10 19:35 - 008182736 _____ (Malwarebytes) C:\Users\Babicka\Desktop\adwcleaner_7.0.2.1.exe
2017-09-10 19:09 - 2017-09-10 19:09 - 000255037 _____ C:\Users\Babicka\Downloads\IMG_20170910_0001.pdf
2017-09-10 19:06 - 2017-09-10 19:06 - 000255037 _____ C:\Users\Babicka\Documents\IMG_20170910_0001.pdf
2017-09-09 08:09 - 2017-09-09 08:11 - 000038891 _____ C:\Users\Babicka\Desktop\Addition.txt
2017-09-09 08:08 - 2017-09-10 20:24 - 000015181 _____ C:\Users\Babicka\Desktop\FRST.txt
2017-09-09 08:08 - 2017-09-10 20:24 - 000000000 ____D C:\FRST
2017-09-09 08:05 - 2017-09-10 20:24 - 001793024 _____ (Farbar) C:\Users\Babicka\Desktop\FRST.exe
2017-09-07 21:21 - 2017-09-07 21:21 - 000084083 _____ C:\Users\Babicka\Desktop\AAA Absolutně nejlepší naložené KOZÍ ROHY na světě! recept - Labužník.pdf
2017-09-07 09:20 - 2017-09-07 09:20 - 010656509 _____ C:\Users\Babicka\Downloads\USA-50_států_podle_abecedy.ppsx
2017-09-05 19:42 - 2017-09-05 19:43 - 001243586 _____ C:\Users\Babicka\Desktop\Provoz Bystrice-20170901123445.pdf
2017-09-04 16:27 - 2017-09-04 16:27 - 010461184 _____ C:\Users\Babicka\Downloads\Venetia_fara_apa.pps
2017-09-01 18:47 - 2017-09-01 18:47 - 000152555 _____ C:\Users\Babicka\Downloads\0000000120393013_20170831_D_008_000_M_C.pdf
2017-09-01 16:33 - 2017-09-01 16:33 - 000091722 _____ C:\Users\Babicka\Downloads\17153471.pdf
2017-08-31 12:41 - 2017-08-31 12:41 - 006365696 _____ C:\Users\Babicka\Downloads\Wieliczka-Svetovy_unikat_MV (2).pps
2017-08-31 12:39 - 2017-08-31 12:39 - 006365696 _____ C:\Users\Babicka\Downloads\Wieliczka-Svetovy_unikat_MV (1).pps
2017-08-31 12:14 - 2017-08-31 12:14 - 006365696 _____ C:\Users\Babicka\Downloads\Wieliczka-Svetovy_unikat_MV.pps
2017-08-31 10:47 - 2017-08-31 10:47 - 005466624 _____ C:\Users\Babicka\Downloads\Moje_nadherne__Slovensko.pps
2017-08-30 11:39 - 2017-08-30 11:39 - 008227840 _____ C:\Users\Babicka\Downloads\Krasy_Skotska_.pps
2017-08-29 21:06 - 2017-08-29 21:06 - 004005888 _____ C:\Users\Babicka\Downloads\zázraÄná_mÃ-sta.pps
2017-08-29 20:55 - 2017-08-29 20:55 - 007872000 _____ C:\Users\Babicka\Downloads\Brno,_hezké_město.pps
2017-08-25 13:39 - 2017-08-25 13:39 - 000091030 _____ C:\Users\Babicka\Downloads\17151538.pdf
2017-08-22 19:51 - 2017-08-22 19:51 - 004947968 _____ C:\Users\Babicka\Downloads\MoravskA1_Kras.pps
2017-08-22 09:37 - 2017-08-22 09:37 - 010735616 _____ C:\Users\Babicka\Downloads\25_najkrajších_dedín_Európy (1).pps
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-10 20:02 - 2017-07-20 08:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-10 19:57 - 2017-07-20 08:19 - 002226444 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-10 19:57 - 2017-03-19 10:56 - 000944492 _____ C:\WINDOWS\system32\perfh005.dat
2017-09-10 19:57 - 2017-03-19 10:56 - 000220134 _____ C:\WINDOWS\system32\perfc005.dat
2017-09-10 19:52 - 2015-01-08 23:11 - 000000000 ____D C:\Program Files\Steam
2017-09-10 19:51 - 2017-03-16 08:08 - 000000000 __SHD C:\Users\Babicka\IntelGraphicsProfiles
2017-09-10 19:50 - 2017-07-20 08:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-10 19:50 - 2017-03-18 08:02 - 002359296 _____ C:\WINDOWS\system32\config\BBI
2017-09-10 19:07 - 2015-12-26 12:20 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-09-10 19:00 - 2017-06-27 06:37 - 000000000 ____D C:\Program Files\TeamViewer
2017-09-10 08:25 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-10 08:23 - 2015-01-08 23:11 - 000000000 ____D C:\Program Files\Common Files\Steam
2017-09-09 10:13 - 2017-03-18 20:23 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-09 08:10 - 2017-03-18 20:21 - 000000000 ____D C:\WINDOWS\INF
2017-09-07 09:22 - 2017-03-18 14:28 - 000004608 _____ C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-07 07:09 - 2016-07-29 22:49 - 000002437 _____ C:\Users\Babicka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-07 07:09 - 2016-07-29 22:49 - 000000000 ___RD C:\Users\Babicka\OneDrive
2017-09-06 06:54 - 2017-06-27 06:37 - 000000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-09-06 06:54 - 2017-06-27 06:37 - 000000986 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-09-05 20:58 - 2015-01-09 21:07 - 000000000 ____D C:\Users\Babicka\AppData\Roaming\Skype
2017-09-05 20:22 - 2016-11-04 12:12 - 000001143 _____ C:\Users\Babicka\Desktop\Pokladnička EET.lnk
2017-09-03 08:17 - 2017-03-09 21:55 - 000113512 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-09-01 07:28 - 2015-05-07 09:07 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 07:27 - 2015-01-08 22:55 - 000002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-15 21:57 - 2017-07-20 08:20 - 000000000 ____D C:\Users\Babicka
2017-08-12 09:21 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\rescache
==================== Files in the root of some directories =======
2017-03-18 14:28 - 2017-09-07 09:22 - 000004608 _____ () C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2017-08-13 10:52 - 2017-08-13 10:53 - 058782680 _____ (Skype Technologies S.A.) C:\Users\Babicka\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-09-06 09:05
==================== End of FRST.txt ============================
Ran by Babicka (administrator) on BABICKA-PC (10-09-2017 20:24:57)
Running from C:\Users\Babicka\Desktop
Loaded Profiles: Babicka (Available Profiles: Babicka & DefaultAppPool)
Platform: Microsoft Windows 10 Pro Version 1703 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [485280 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2448171358-1871930041-1244657789-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
Startup: C:\Users\Babicka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2016-12-10]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 84.16.111.129 84.16.96.2
Tcpip\..\Interfaces\{5d029f76-0fec-4b7e-acab-42fa21d0f130}: [DhcpNameServer] 84.16.111.129 84.16.96.2
Tcpip\..\Interfaces\{634924f9-7e72-4f65-895e-4f0d61dae811}: [DhcpNameServer] 84.16.111.129 84.16.96.2
Internet Explorer:
==================
HKU\S-1-5-21-2448171358-1871930041-1244657789-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> DefaultScope {95F8A083-7ED5-4FB9-904A-1CC3DB72DF98} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> {95F8A083-7ED5-4FB9-904A-1CC3DB72DF98} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://mysearch.avg.com/?cid={099F5101-C5BE-4765-B8FB-E1C5272CC5AA}&mid=b213616f3a1947d3a7b6318208cc0d31-3b3d42feedb44151909a582940600e561c9be51e&lang=en&ds=jd011&pr=sa&d=2013-08-13 13:21:24&v=15.4.0.5&pid=safeguard&sg=0&sap=hp
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default [2017-09-10]
CHR Extension: (Prezentace Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Dokumenty Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Disk Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Vyhledávání Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-05]
CHR Extension: (Komponenta pro aplikaci SERVIS 24) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gincjcoomijeeoddomaaimknmflggfnb [2015-07-09]
CHR Extension: (Дополнительные параметры 11.45) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hechgbfeikpcbpienlgplipnhffkdkmc [2017-03-21]
CHR Extension: (FormApps Extension) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2017-06-14]
CHR Extension: (AVG Secure Search) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2017-09-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR Profile: C:\Users\Babicka\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-04-06]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [299488 2016-05-04] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2069936 2017-09-03] (ESET)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [292832 2016-05-04] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [179968 2014-03-11] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2545848 2017-03-19] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [265352 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [82488 2017-07-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [113512 2017-09-03] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [90656 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14368 2017-03-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [139384 2017-03-09] (ESET)
R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [67712 2017-03-09] (ESET)
R0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [526392 2012-11-19] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation)
S3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [41216 2011-09-23] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37464 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [243104 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [96672 2017-03-18] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-10 20:24 - 2017-09-10 20:24 - 000000000 ____D C:\Users\Babicka\Desktop\FRST-OlderVersion
2017-09-10 19:35 - 2017-09-10 19:46 - 000000000 ____D C:\AdwCleaner
2017-09-10 19:35 - 2017-09-10 19:35 - 008182736 _____ (Malwarebytes) C:\Users\Babicka\Desktop\adwcleaner_7.0.2.1.exe
2017-09-10 19:09 - 2017-09-10 19:09 - 000255037 _____ C:\Users\Babicka\Downloads\IMG_20170910_0001.pdf
2017-09-10 19:06 - 2017-09-10 19:06 - 000255037 _____ C:\Users\Babicka\Documents\IMG_20170910_0001.pdf
2017-09-09 08:09 - 2017-09-09 08:11 - 000038891 _____ C:\Users\Babicka\Desktop\Addition.txt
2017-09-09 08:08 - 2017-09-10 20:24 - 000015181 _____ C:\Users\Babicka\Desktop\FRST.txt
2017-09-09 08:08 - 2017-09-10 20:24 - 000000000 ____D C:\FRST
2017-09-09 08:05 - 2017-09-10 20:24 - 001793024 _____ (Farbar) C:\Users\Babicka\Desktop\FRST.exe
2017-09-07 21:21 - 2017-09-07 21:21 - 000084083 _____ C:\Users\Babicka\Desktop\AAA Absolutně nejlepší naložené KOZÍ ROHY na světě! recept - Labužník.pdf
2017-09-07 09:20 - 2017-09-07 09:20 - 010656509 _____ C:\Users\Babicka\Downloads\USA-50_států_podle_abecedy.ppsx
2017-09-05 19:42 - 2017-09-05 19:43 - 001243586 _____ C:\Users\Babicka\Desktop\Provoz Bystrice-20170901123445.pdf
2017-09-04 16:27 - 2017-09-04 16:27 - 010461184 _____ C:\Users\Babicka\Downloads\Venetia_fara_apa.pps
2017-09-01 18:47 - 2017-09-01 18:47 - 000152555 _____ C:\Users\Babicka\Downloads\0000000120393013_20170831_D_008_000_M_C.pdf
2017-09-01 16:33 - 2017-09-01 16:33 - 000091722 _____ C:\Users\Babicka\Downloads\17153471.pdf
2017-08-31 12:41 - 2017-08-31 12:41 - 006365696 _____ C:\Users\Babicka\Downloads\Wieliczka-Svetovy_unikat_MV (2).pps
2017-08-31 12:39 - 2017-08-31 12:39 - 006365696 _____ C:\Users\Babicka\Downloads\Wieliczka-Svetovy_unikat_MV (1).pps
2017-08-31 12:14 - 2017-08-31 12:14 - 006365696 _____ C:\Users\Babicka\Downloads\Wieliczka-Svetovy_unikat_MV.pps
2017-08-31 10:47 - 2017-08-31 10:47 - 005466624 _____ C:\Users\Babicka\Downloads\Moje_nadherne__Slovensko.pps
2017-08-30 11:39 - 2017-08-30 11:39 - 008227840 _____ C:\Users\Babicka\Downloads\Krasy_Skotska_.pps
2017-08-29 21:06 - 2017-08-29 21:06 - 004005888 _____ C:\Users\Babicka\Downloads\zázraÄná_mÃ-sta.pps
2017-08-29 20:55 - 2017-08-29 20:55 - 007872000 _____ C:\Users\Babicka\Downloads\Brno,_hezké_město.pps
2017-08-25 13:39 - 2017-08-25 13:39 - 000091030 _____ C:\Users\Babicka\Downloads\17151538.pdf
2017-08-22 19:51 - 2017-08-22 19:51 - 004947968 _____ C:\Users\Babicka\Downloads\MoravskA1_Kras.pps
2017-08-22 09:37 - 2017-08-22 09:37 - 010735616 _____ C:\Users\Babicka\Downloads\25_najkrajších_dedín_Európy (1).pps
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-10 20:02 - 2017-07-20 08:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-10 19:57 - 2017-07-20 08:19 - 002226444 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-10 19:57 - 2017-03-19 10:56 - 000944492 _____ C:\WINDOWS\system32\perfh005.dat
2017-09-10 19:57 - 2017-03-19 10:56 - 000220134 _____ C:\WINDOWS\system32\perfc005.dat
2017-09-10 19:52 - 2015-01-08 23:11 - 000000000 ____D C:\Program Files\Steam
2017-09-10 19:51 - 2017-03-16 08:08 - 000000000 __SHD C:\Users\Babicka\IntelGraphicsProfiles
2017-09-10 19:50 - 2017-07-20 08:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-10 19:50 - 2017-03-18 08:02 - 002359296 _____ C:\WINDOWS\system32\config\BBI
2017-09-10 19:07 - 2015-12-26 12:20 - 000000000 ____D C:\ProgramData\CanonIJPLM
2017-09-10 19:00 - 2017-06-27 06:37 - 000000000 ____D C:\Program Files\TeamViewer
2017-09-10 08:25 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-10 08:23 - 2015-01-08 23:11 - 000000000 ____D C:\Program Files\Common Files\Steam
2017-09-09 10:13 - 2017-03-18 20:23 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-09 08:10 - 2017-03-18 20:21 - 000000000 ____D C:\WINDOWS\INF
2017-09-07 09:22 - 2017-03-18 14:28 - 000004608 _____ C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-07 07:09 - 2016-07-29 22:49 - 000002437 _____ C:\Users\Babicka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-07 07:09 - 2016-07-29 22:49 - 000000000 ___RD C:\Users\Babicka\OneDrive
2017-09-06 06:54 - 2017-06-27 06:37 - 000000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-09-06 06:54 - 2017-06-27 06:37 - 000000986 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-09-05 20:58 - 2015-01-09 21:07 - 000000000 ____D C:\Users\Babicka\AppData\Roaming\Skype
2017-09-05 20:22 - 2016-11-04 12:12 - 000001143 _____ C:\Users\Babicka\Desktop\Pokladnička EET.lnk
2017-09-03 08:17 - 2017-03-09 21:55 - 000113512 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-09-01 07:28 - 2015-05-07 09:07 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 07:27 - 2015-01-08 22:55 - 000002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-15 21:57 - 2017-07-20 08:20 - 000000000 ____D C:\Users\Babicka
2017-08-12 09:21 - 2017-03-18 20:23 - 000000000 ____D C:\WINDOWS\rescache
==================== Files in the root of some directories =======
2017-03-18 14:28 - 2017-09-07 09:22 - 000004608 _____ () C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2017-08-13 10:52 - 2017-08-13 10:53 - 058782680 _____ (Skype Technologies S.A.) C:\Users\Babicka\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-09-06 09:05
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zaneradeny PC od deti a babicky :P
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
SearchScopes: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> DefaultScope {95F8A083-7ED5-4FB9-904A-1CC3DB72DF98} URL =
U3 idsvc; no ImagePath
C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Babicka\AppData\Local\Temp
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zaneradeny PC od deti a babicky :P
Fix result of Farbar Recovery Scan Tool (x86) Version: 10-09-2017
Ran by Babicka (10-09-2017 23:25:12) Run:1
Running from C:\Users\Babicka\Desktop
Loaded Profiles: Babicka (Available Profiles: Babicka & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
SearchScopes: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> DefaultScope {95F8A083-7ED5-4FB9-904A-1CC3DB72DF98} URL =
U3 idsvc; no ImagePath
C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Babicka\AppData\Local\Temp
EmptyTemp:
End
*****************
HKU\S-1-5-21-2448171358-1871930041-1244657789-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully.
idsvc => service removed successfully.
C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Babicka\AppData\Local\Temp => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7364608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 188212573 B
Java, Flash, Steam htmlcache => 23243897 B
Windows/system/drivers => 1839852 B
Edge => 7873384 B
Chrome => 834813788 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 8162 B
NetworkService => 6134058 B
Babicka => 6688193 B
DefaultAppPool => 0 B
RecycleBin => 608418820 B
EmptyTemp: => 1.6 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 23:26:11 ====
Ran by Babicka (10-09-2017 23:25:12) Run:1
Running from C:\Users\Babicka\Desktop
Loaded Profiles: Babicka (Available Profiles: Babicka & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
SearchScopes: HKU\S-1-5-21-2448171358-1871930041-1244657789-1000 -> DefaultScope {95F8A083-7ED5-4FB9-904A-1CC3DB72DF98} URL =
U3 idsvc; no ImagePath
C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Babicka\AppData\Local\Temp
EmptyTemp:
End
*****************
HKU\S-1-5-21-2448171358-1871930041-1244657789-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully.
idsvc => service removed successfully.
C:\Users\Babicka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Babicka\AppData\Local\Temp => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 7364608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 188212573 B
Java, Flash, Steam htmlcache => 23243897 B
Windows/system/drivers => 1839852 B
Edge => 7873384 B
Chrome => 834813788 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 8162 B
NetworkService => 6134058 B
Babicka => 6688193 B
DefaultAppPool => 0 B
RecycleBin => 608418820 B
EmptyTemp: => 1.6 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 23:26:11 ====
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zaneradeny PC od deti a babicky :P
Bylo smazáno. Ještě bych doporučil kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zaneradeny PC od deti a babicky :P
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 11.09.17
Čas skenování: 21:28
Logovací soubor: 69189af0-9727-11e7-8e45-001b21569a39.json
Správce: Ano
-Informace o softwaru-
Verze: 3.2.2.2018
Verze komponentů: 1.0.188
Aktualizovat verzi balíku komponent: 1.0.2777
Licence: Zkušební
-Systémová informace-
OS: Windows 10 (Build 15063.540)
CPU: x86
Systém souborů: NTFS
Uživatel: Babicka-PC\Babicka
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 320658
Zjištěné hrozby: 0
(Nebyly zjištěny žádné škodlivé položky)
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 5 min, 26 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 11.09.17
Čas skenování: 21:28
Logovací soubor: 69189af0-9727-11e7-8e45-001b21569a39.json
Správce: Ano
-Informace o softwaru-
Verze: 3.2.2.2018
Verze komponentů: 1.0.188
Aktualizovat verzi balíku komponent: 1.0.2777
Licence: Zkušební
-Systémová informace-
OS: Windows 10 (Build 15063.540)
CPU: x86
Systém souborů: NTFS
Uživatel: Babicka-PC\Babicka
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 320658
Zjištěné hrozby: 0
(Nebyly zjištěny žádné škodlivé položky)
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 5 min, 26 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zaneradeny PC od deti a babicky :P
PC by již měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?