Ahoj, chtěl bych zde poprosit o radu. Před několika dny jsem zpozoroval neúměrný nárůst zatížení mého PC v práci. Stále je na minimálně 50% a jen zahýbání myší ho vytahuje až k 80%. Jakákoliv další práce pak zvyšuje až na 100%. Nedovedu říci, od kdy se to přesně stalo. Poslední, co jsem vědomě v PC měnil bylo nainstalování Adblock Plus do Mozily, ale to mám nyní zakázané, tak to snad vliv nemá. Těch 50% vytížení CPU je v jednom z procesů svchost.exe. Pokud ho ukončím, jede pak PC bez problémů. Zatím jsem po jeho uknočení zjistl pouze to, že mi nefunguje skeny z multifunkční tiskárny, na další účinky ukončení procesu jsem zatím nepřišel (ale jistě mohou být, netestoval jsem vše). Po spuštění PC se však proces vždy obnoví. Nevím, jak zjistit co v něm vlastně běží a k čemu je to nutné, resp. co tam tak zvyšuje zátěž.
EDIT: tak trochu změna, zjistil jsem, že se nedostanu do sítě. A to mi teď výše uvedený problémový svchost.exe běží. Akorát nevím, jestli se nějak nespustil sám (je-li to vůbec možné), protože jsem ho ráno vypínal a už si nevzpomínám, že bych pak PC restartoval.
Jako antivir používám NOD, který žádný problém nezaregistroval.
Předem děkuji za jakoukoliv radu.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:47:38, on 23.11.2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21376)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
C:\Program Files\ArcGIS\License10.1\bin\ARCGIS.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Sharp\Sharpdesk\FtpServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HSI\Updater\Updater.exe
C:\Program Files\Sharp\Sharpdesk\nsapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Bentley\PowerMap V8i\PowerMap\powermap.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
E:\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [FtpServer.exe] "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HSI Updater 11] C:\Program Files\HSI\Updater\Updater.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\Hanka\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\Hanka\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21BDB575-B48E-4072-8B20-44070B2696AB}: NameServer = 194.228.41.65,194.228.41.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{52F69C7D-D2DD-4BE5-94DF-D3F2CC31F859}: NameServer = 10.255.255.10,10.255.255.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{21BDB575-B48E-4072-8B20-44070B2696AB}: NameServer = 194.228.41.65,194.228.41.113
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ArcGIS License Manager - Flexera Software, Inc. - C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - SafeNet, Inc. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8489 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
přetížený CPU - svchost.exe
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: přetížený CPU - svchost.exe
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: přetížený CPU - svchost.exe
Díky za snahu, ale mám bohužel jen XP, na nichž tento doporučený SW nespustím.Rudy píše:Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Re: přetížený CPU - svchost.exe
pouzi v6 napr. https://www.instaluj.cz/adwcleaner/star ... aner-6-044
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: přetížený CPU - svchost.exe
Nalezeny 4 problémy, ale po jejich odstranění se nic nezměnilo.
# AdwCleaner v6.044 - Log vytvořen 24/11/2017 v 09:29:36
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Hanka - HANKA
# Spuštěno z : E:\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\Software\YahooPartnerToolbar
[#] Klíč smazán po restartu: HKCU\Software\YahooPartnerToolbar
[-] Klíč smazán: HKLM\SOFTWARE\Uniblue
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Uniblue\DriverScanner
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1070 Bajty] - [24/11/2017 09:29:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [1545 Bajty] - [24/11/2017 09:29:07]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1216 Bajty] ##########
# AdwCleaner v6.044 - Log vytvořen 24/11/2017 v 09:29:36
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-02-28.2 [Místní]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : Hanka - HANKA
# Spuštěno z : E:\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\Software\YahooPartnerToolbar
[#] Klíč smazán po restartu: HKCU\Software\YahooPartnerToolbar
[-] Klíč smazán: HKLM\SOFTWARE\Uniblue
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Uniblue\DriverScanner
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1070 Bajty] - [24/11/2017 09:29:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [1545 Bajty] - [24/11/2017 09:29:07]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1216 Bajty] ##########
- Přílohy
-
- procesy_Změnit velikost.jpg (65.93 KiB) Zobrazeno 2063 x
Re: přetížený CPU - svchost.exe
doporucujem:
1. doinstalovat MSIE8
2. vypnut aut. aktualizacie OS
1. doinstalovat MSIE8
2. vypnut aut. aktualizacie OS
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: přetížený CPU - svchost.exe
Děkuji. Nevím sice, který z těchto dvou bodů za to může (provedel jsem oba, jen v opačném pořadí, než je výše uvedeno), ale po instalaci IE8 a následném restartu už je "spotřeba" svchost.exe na nule a CPU tím pádem běží "zdravě" bez vytížení.JaRon píše:doporucujem:
1. doinstalovat MSIE8
2. vypnut aut. aktualizacie OS
Máte k tomu nějaké bližší vysvětlení, prosím? Zajímá mě to.
Je fakt, že nějaká aktualizce před pár dny přišla a je možné, že se zatížení zvýšilo právě po ní, ale to opravdu nevím, jen hádám.
EDIT:
tak né, problém je zpět. Vypadalo to dlouhé minuty v pořádkum, ale pak jsem vlezl na jednu internetovou stránku (jinak jsem byl s mozilou na webu již chvíli a bez potíží) a se zvýšením zátěže CPU od firefox.exe současně vyskočil na 50% zatížení i ten svchost.exe a již na této výši opět zůstává.
Re: přetížený CPU - svchost.exe
aby bolo mozne posudit stav PC vloz oba logy FRST
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: přetížený CPU - svchost.exe
Nějaký sken jsem provedl, program neznám a navíc mi v průběhu skenování vždy spadne, že došlo při jeho běhu k potížím a bude ukončen.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2017
Ran by Hanka (administrator) on HANKA (24-11-2017 11:49:32)
Running from E:\
Loaded Profiles: Hanka (Available Profiles: Hanka)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Flexera Software, Inc.) C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
(Macrovision) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
(Flexera Software, Inc.) C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
(ESRI) C:\Program Files\ArcGIS\License10.1\bin\ARCGIS.exe
(SafeNet, Inc.) C:\WINDOWS\system32\hasplms.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(DAEMON'S HOME) C:\Program Files\D-Tools\daemon.exe
(SHARP CORPORATION) C:\Program Files\Sharp\Sharpdesk\FTPServer.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(HSI, spol. s r. o.) C:\Program Files\HSI\Updater\Updater.exe
(SHARP CORPORATION) C:\Program Files\Sharp\Sharpdesk\nsapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE
(Bentley Systems Inc.) C:\Program Files\Bentley\PowerMap V8i\PowerMap\powermap.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [20064872 2011-08-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [3141320 2014-09-24] (ESET)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [DAEMON Tools-1033] => C:\Program Files\D-Tools\daemon.exe [81920 2004-08-22] (DAEMON'S HOME)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [FtpServer.exe] => C:\Program Files\Sharp\Sharpdesk\FtpServer.exe [820224 2013-02-11] (SHARP CORPORATION)
Winlogon\Notify\AtiExtEvent: C:\Windows\System32\Ati2evxx.dll [2008-08-01] (ATI Technologies Inc.)
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\...\Run: [HSI Updater 11] => C:\Program Files\HSI\Updater\Updater.exe [342016 2014-02-13] (HSI, spol. s r. o.)
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Hanka\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\Hanka\Data aplikací\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{21BDB575-B48E-4072-8B20-44070B2696AB}: [NameServer] 194.228.41.65,194.228.41.113
Tcpip\..\Interfaces\{52F69C7D-D2DD-4BE5-94DF-D3F2CC31F859}: [NameServer] 10.255.255.10,10.255.255.20
Internet Explorer:
==================
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1156387117-3113294518-2722567167-1008 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1156387117-3113294518-2722567167-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\9hi1ck77.default [2017-11-24]
FF Homepage: C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\9hi1ck77.default -> hxxp://www.centrum.cz/
FF Extension: (Adblock Plus) - C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\9hi1ck77.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09]
FF Extension: (Seznam lištička) - C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\9hi1ck77.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-10-09] [Lagacy]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-07] [Lagacy] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: (ESET Endpoint Security Extension) - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2014-11-05] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR Profile: C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default [2017-11-24]
CHR Extension: (Prezentace Google) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-02]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-02]
CHR Extension: (Disk Google) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-02]
CHR Extension: (Seznam Lištička - Email) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-02]
CHR Extension: (Seznam Lištička - Slovník) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-11-02]
CHR Extension: (YouTube) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-02]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-02]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-02]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-11-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-02]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-14] (Adobe Systems Incorporated) [File not signed]
R2 ArcGIS License Manager; C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe [1408904 2012-01-05] (Flexera Software, Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-07-31] () [File not signed]
R2 C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [54784 2008-12-19] (Macrovision) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [33992 2014-09-24] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [1029704 2014-09-24] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [188104 2014-09-24] (ESET)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2016-11-02] (Flexera Software, Inc.)
S3 GEST Service; C:\Program Files\GIGABYTE\GEST\GSvr.exe [47624 2007-12-14] ()
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4565832 2017-01-04] (SafeNet, Inc.)
R2 NitroDriverReadSpool2; C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [175624 2012-04-12] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [450912 2017-01-04] (SafeNet, Inc.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [266048 2017-01-04] (SafeNet, Inc.)
S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [69448 2017-01-04] (SafeNet, Inc.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [315208 2017-01-04] (SafeNet, Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 CdaC15BA; C:\WINDOWS\system32\drivers\CDAC15BA.SYS [12464 2008-12-19] (Macrovision Europe Ltd) [File not signed]
R0 d347bus; C:\WINDOWS\System32\DRIVERS\d347bus.sys [155136 2004-08-22] ( ) [File not signed]
R0 d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [5248 2004-08-22] ( ) [File not signed]
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [167184 2014-08-19] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [128056 2014-08-19] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [110552 2014-08-19] (ESET)
S3 ET5Drv; C:\WINDOWS\system32\Drivers\ET5Drv.sys [30008 2007-10-11] (Windows (R) 2000 DDK provider)
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2008-10-31] (Windows (R) 2000 DDK provider)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [627040 2017-01-04] (SafeNet, Inc.)
R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2008-10-31] (Aladdin Knowledge Systems) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed]
S4 IntelIde; no ImagePath
S3 NTIOLib_1_0_C; \??\E:\NTIOLib.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-24 11:45 - 2017-11-24 11:45 - 000000000 ____D C:\FRST
2017-11-24 10:56 - 2017-11-24 10:56 - 000000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2017-11-24 10:56 - 2017-11-24 10:56 - 000000000 __SHD C:\Documents and Settings\Hanka\IETldCache
2017-11-24 10:52 - 2017-11-24 10:53 - 000000000 __HDC C:\WINDOWS\ie8
2017-11-24 09:27 - 2017-11-24 09:29 - 000000000 ____D C:\AdwCleaner
2017-11-22 15:05 - 2017-11-22 15:05 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Nuance
2017-11-22 15:04 - 2017-11-22 15:04 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Sharpdesk
2017-11-22 15:03 - 2017-11-22 15:03 - 000000000 ____D C:\Program Files\Sharp
2017-11-22 14:47 - 2017-11-22 14:48 - 000000000 ____D C:\SKENY
2017-11-14 13:43 - 2017-11-14 13:43 - 005996544 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2017-11-02 10:06 - 2017-11-02 10:06 - 000000458 _____ C:\Documents and Settings\Hanka\Dokumenty\Conversion.txt
2017-11-02 09:41 - 2017-11-02 09:41 - 000001908 _____ C:\Documents and Settings\All Users\Plocha\DWG TrueView 2014.lnk
2017-11-02 09:40 - 2017-11-02 09:40 - 000000000 ____D C:\Documents and Settings\All Users\Dokumenty\Autodesk
2017-11-02 09:38 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-11-02 09:38 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-11-02 09:38 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-11-02 09:38 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-11-02 09:38 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-11-02 09:38 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-11-02 09:38 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-11-02 09:38 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-11-02 09:37 - 2017-11-02 09:37 - 000000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2017-11-02 09:35 - 2017-11-02 09:35 - 000000000 ____D C:\Autodesk
2017-10-26 12:16 - 2017-10-26 12:16 - 000000000 ____D C:\Documents and Settings\LocalService\Data aplikací\pdf995
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-24 11:49 - 2008-10-30 15:16 - 000000000 ____D C:\Documents and Settings\Hanka\Local Settings\Temp
2017-11-24 11:48 - 2012-06-08 13:44 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\HSI
2017-11-24 11:47 - 2008-10-31 08:52 - 000002575 _____ C:\WINDOWS\WINCMD.INI
2017-11-24 11:43 - 2017-10-18 07:35 - 000000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-11-24 11:36 - 2014-02-10 16:29 - 000000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-24 11:01 - 2016-05-17 07:43 - 000000000 ____D C:\Documents and Settings\Hanka\Data aplikací\Seznam.cz
2017-11-24 10:56 - 2014-03-28 07:54 - 000000222 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2017-11-24 10:56 - 2014-02-10 16:29 - 000000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-24 10:56 - 2008-10-30 15:16 - 000000809 _____ C:\Documents and Settings\Hanka\Nabídka Start\Programy\Internet Explorer.lnk
2017-11-24 10:56 - 2008-10-30 15:16 - 000000000 ___RD C:\Documents and Settings\Hanka\Nabídka Start\Programy
2017-11-24 10:56 - 2008-10-30 15:16 - 000000000 ___RD C:\Documents and Settings\Hanka\Dokumenty\Obrázky
2017-11-24 10:56 - 2008-10-30 15:16 - 000000000 ___RD C:\Documents and Settings\Hanka\Dokumenty\Hudba
2017-11-24 10:56 - 2008-10-30 15:16 - 000000000 ___RD C:\Documents and Settings\Hanka\Dokumenty
2017-11-24 10:56 - 2008-10-30 15:16 - 000000000 ____D C:\Documents and Settings\Hanka
2017-11-24 10:56 - 2008-10-10 09:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-24 10:56 - 2008-10-10 08:34 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-11-24 10:56 - 2008-04-14 13:00 - 000012598 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-24 10:55 - 2008-10-09 18:17 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2017-11-24 10:55 - 2008-10-09 18:17 - 000000000 ___HD C:\WINDOWS\inf
2017-11-24 10:55 - 2008-10-09 18:17 - 000000000 ____D C:\WINDOWS\Media
2017-11-24 10:55 - 2008-10-09 18:17 - 000000000 ____D C:\WINDOWS\Help
2017-11-24 10:54 - 2012-06-08 15:34 - 002479306 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1156387117-3113294518-2722567167-1008-0.dat
2017-11-24 10:54 - 2012-06-08 15:34 - 000384658 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-11-24 10:54 - 2008-10-30 15:16 - 000000272 ___SH C:\Documents and Settings\Hanka\ntuser.ini
2017-11-24 10:54 - 2008-10-10 10:25 - 000524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-11-24 10:54 - 2008-10-10 09:05 - 000032526 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-23 12:37 - 2014-07-09 08:02 - 000000000 ____D C:\Documents and Settings\Hanka\Local Settings\Data aplikací\ESET
2017-11-23 08:12 - 2011-06-14 11:15 - 000000000 ____D C:\Documents and Settings\Hanka\Plocha\SKENY SHARP
2017-11-23 08:05 - 2008-10-30 15:16 - 000000000 ____D C:\Documents and Settings\Hanka\Plocha
2017-11-22 15:05 - 2008-10-09 18:22 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací
2017-11-22 15:04 - 2008-10-09 18:22 - 000000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-11-22 15:03 - 2011-06-14 11:08 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Sharp
2017-11-22 15:03 - 2008-10-09 18:22 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-11-22 14:57 - 2011-06-14 11:08 - 000000000 ____D C:\Program Files\Common Files\Sharp Shared
2017-11-22 14:35 - 2008-10-30 15:16 - 000000000 ___HD C:\Documents and Settings\Hanka\Okolní síť
2017-11-16 08:11 - 2012-06-08 14:30 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-11-15 13:36 - 2008-10-30 15:16 - 000000000 ___HD C:\Documents and Settings\Hanka\Local Settings\Data aplikací
2017-11-15 10:35 - 2017-08-09 07:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-14 13:43 - 2013-03-15 11:45 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-11-14 13:43 - 2013-03-15 11:45 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-11-14 13:43 - 2008-10-10 08:31 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-03 15:38 - 2008-10-31 09:24 - 000000059 _____ C:\WINDOWS\wpd99.drv
2017-11-03 15:38 - 2008-10-31 09:24 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\pdf995
2017-11-02 09:44 - 2008-10-30 15:16 - 000140736 _____ C:\Documents and Settings\Hanka\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-11-02 09:43 - 2008-10-09 18:21 - 000463616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-02 09:41 - 2008-12-19 08:13 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-11-02 09:41 - 2008-12-19 08:13 - 000000000 ____D C:\Documents and Settings\Hanka\Data aplikací\Autodesk
2017-11-02 09:41 - 2008-10-09 18:22 - 000000000 ____D C:\Documents and Settings\All Users\Plocha
2017-11-02 09:40 - 2008-12-19 08:14 - 000000000 ____D C:\Program Files\Autodesk
2017-11-02 09:40 - 2008-10-09 18:22 - 000000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-11-02 09:38 - 2008-10-10 08:31 - 000000000 ____D C:\WINDOWS\system32\DirectX
2017-11-02 09:37 - 2008-10-09 18:22 - 000001374 _____ C:\WINDOWS\imsins.BAK
2017-11-02 09:37 - 2008-10-09 18:17 - 000000000 ____D C:\WINDOWS\system32\mui
2017-11-01 14:02 - 2010-03-03 11:07 - 000059202 ____H C:\TREEINFO.WC
2017-10-30 08:14 - 2008-10-09 18:22 - 001192206 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-30 08:14 - 2008-04-14 13:00 - 000492296 _____ C:\WINDOWS\system32\perfh005.dat
2017-10-30 08:14 - 2008-04-14 13:00 - 000099726 _____ C:\WINDOWS\system32\perfc005.dat
2017-10-27 09:56 - 2014-03-07 09:53 - 000000000 ____D C:\Documents and Settings\Hanka\Data aplikací\Nitro PDF
2017-10-26 12:16 - 2008-10-10 09:05 - 000000000 ____D C:\Documents and Settings\LocalService\Data aplikací
==================== Files in the root of some directories =======
2008-11-06 07:58 - 2002-04-23 17:44 - 001859072 _____ () C:\Program Files\ERCN.exe
2006-04-12 10:09 - 2006-05-03 04:48 - 000000181 _____ () C:\Program Files\hpsfx.ini
2014-03-18 09:37 - 2016-11-07 13:22 - 000007680 _____ () C:\Documents and Settings\Hanka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-10-31 12:39 - 2009-01-08 07:26 - 000003612 _____ () C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
2012-03-19 07:44 - 2012-06-11 13:54 - 000000012 _____ () C:\Documents and Settings\All Users\Data aplikací\ReminderNextRun
Some files in TEMP:
====================
2017-11-02 09:41 - 2013-01-18 22:24 - 000040328 _____ (Autodesk, Inc.) C:\Documents and Settings\Hanka\Local Settings\Temp\AcDeltree.exe
2016-03-04 13:31 - 2016-03-04 13:31 - 001004224 _____ () C:\Documents and Settings\Hanka\Local Settings\Temp\AppInstaller.exe
2011-06-24 18:05 - 2011-06-24 18:05 - 000235184 _____ (Google Inc.) C:\Documents and Settings\Hanka\Local Settings\Temp\GoogleToolbarInstaller_stub_signed.exe
2005-08-11 10:56 - 2005-08-11 10:56 - 000655432 _____ (HP) C:\Documents and Settings\Hanka\Local Settings\Temp\hpcdmc32.dll
2006-05-09 17:19 - 2006-05-09 17:19 - 000241664 _____ () C:\Documents and Settings\Hanka\Local Settings\Temp\hppapr04.dll
2006-03-10 17:23 - 2006-03-10 17:23 - 000180224 _____ (Hewlett-Packard Company) C:\Documents and Settings\Hanka\Local Settings\Temp\hppdvq01.dll
2006-04-25 06:08 - 2006-04-25 06:08 - 000253952 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpz5r43e.dll
2006-04-25 06:08 - 2006-04-25 06:08 - 001336320 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpz6r43e.dll
2006-04-25 06:07 - 2006-04-25 06:07 - 000408576 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzev43e.dll
2006-04-25 06:07 - 2006-04-25 06:07 - 001390592 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzls43e.dll
2006-04-25 06:07 - 2006-04-25 06:07 - 000069120 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzpp43e.dll
2009-01-08 07:11 - 2004-12-15 16:28 - 000757760 ____N (Hewlett-Packard) C:\Documents and Settings\Hanka\Local Settings\Temp\HPZscr01.exe
2006-04-25 03:39 - 2006-04-25 03:39 - 000562688 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzss43e.dll
2006-04-25 02:31 - 2006-04-25 02:31 - 003950592 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzst43e.dll
2006-04-25 06:07 - 2006-04-25 06:07 - 002461696 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzui43e.dll
2008-11-26 04:49 - 2008-11-26 04:49 - 000607640 _____ (Sun Microsystems, Inc.) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-6u11-windows-i586-p-iftw.exe
2009-03-25 08:02 - 2009-03-25 08:02 - 000607640 _____ (Sun Microsystems, Inc.) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
2009-08-01 18:29 - 2009-08-01 18:29 - 000714528 _____ (Sun Microsystems, Inc.) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-6u15-windows-i586-iftw.exe
2013-03-01 21:00 - 2013-03-01 21:00 - 000897448 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
2013-04-05 15:44 - 2013-04-05 15:44 - 000904104 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
2013-06-13 16:36 - 2013-06-13 16:36 - 000903592 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 19:27 - 2013-10-08 19:27 - 000915368 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
2013-12-19 18:06 - 2013-12-19 18:06 - 000921512 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
2014-04-15 21:50 - 2014-04-15 21:50 - 000921512 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-11 22:12 - 2014-07-11 22:12 - 000918952 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
2014-07-28 06:15 - 2014-07-28 06:15 - 000918440 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 18:06 - 2014-09-29 18:06 - 000937896 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
2017-07-26 06:56 - 2017-07-26 06:56 - 000739904 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-8u141-windows-au.exe
2014-12-18 18:29 - 2014-12-18 18:29 - 000641448 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-8u31-windows-au.exe
2015-08-27 15:30 - 2015-09-03 15:47 - 000585824 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-8u60-windows-au.exe
2004-07-10 03:56 - 2004-07-10 03:56 - 000169472 _____ (Microsoft Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\pclxl.dll
2004-08-04 12:26 - 2004-08-04 12:26 - 000264704 _____ (Microsoft Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\unidrv.dll
2004-08-04 12:14 - 2004-08-04 12:14 - 000197632 _____ (Microsoft Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\unidrvui.dll
2014-08-04 10:25 - 2014-08-04 10:22 - 000071554 _____ () C:\Documents and Settings\Hanka\Local Settings\Temp\Uninstall.exe
2004-08-04 12:13 - 2004-08-04 12:13 - 000619520 _____ (Microsoft Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\unires.dll
2014-02-25 13:53 - 2014-02-25 13:53 - 005169152 _____ (ImageMagick Studio) C:\Documents and Settings\Hanka\Local Settings\Temp\~convert1843834966835867283.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2017
Ran by Hanka (administrator) on HANKA (24-11-2017 11:49:32)
Running from E:\
Loaded Profiles: Hanka (Available Profiles: Hanka)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Flexera Software, Inc.) C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
(Macrovision) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
(Flexera Software, Inc.) C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe
(ESRI) C:\Program Files\ArcGIS\License10.1\bin\ARCGIS.exe
(SafeNet, Inc.) C:\WINDOWS\system32\hasplms.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(DAEMON'S HOME) C:\Program Files\D-Tools\daemon.exe
(SHARP CORPORATION) C:\Program Files\Sharp\Sharpdesk\FTPServer.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(HSI, spol. s r. o.) C:\Program Files\HSI\Updater\Updater.exe
(SHARP CORPORATION) C:\Program Files\Sharp\Sharpdesk\nsapp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE
(Bentley Systems Inc.) C:\Program Files\Bentley\PowerMap V8i\PowerMap\powermap.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-07-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [20064872 2011-08-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [3141320 2014-09-24] (ESET)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [DAEMON Tools-1033] => C:\Program Files\D-Tools\daemon.exe [81920 2004-08-22] (DAEMON'S HOME)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [FtpServer.exe] => C:\Program Files\Sharp\Sharpdesk\FtpServer.exe [820224 2013-02-11] (SHARP CORPORATION)
Winlogon\Notify\AtiExtEvent: C:\Windows\System32\Ati2evxx.dll [2008-08-01] (ATI Technologies Inc.)
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\...\Run: [HSI Updater 11] => C:\Program Files\HSI\Updater\Updater.exe [342016 2014-02-13] (HSI, spol. s r. o.)
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Hanka\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\Hanka\Data aplikací\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{21BDB575-B48E-4072-8B20-44070B2696AB}: [NameServer] 194.228.41.65,194.228.41.113
Tcpip\..\Interfaces\{52F69C7D-D2DD-4BE5-94DF-D3F2CC31F859}: [NameServer] 10.255.255.10,10.255.255.20
Internet Explorer:
==================
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-1156387117-3113294518-2722567167-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1156387117-3113294518-2722567167-1008 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1156387117-3113294518-2722567167-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\9hi1ck77.default [2017-11-24]
FF Homepage: C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\9hi1ck77.default -> hxxp://www.centrum.cz/
FF Extension: (Adblock Plus) - C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\9hi1ck77.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09]
FF Extension: (Seznam lištička) - C:\Documents and Settings\Hanka\Data aplikací\Mozilla\Firefox\Profiles\9hi1ck77.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-10-09] [Lagacy]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-07] [Lagacy] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: (ESET Endpoint Security Extension) - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2014-11-05] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR Profile: C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default [2017-11-24]
CHR Extension: (Prezentace Google) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-02]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-02]
CHR Extension: (Disk Google) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-02]
CHR Extension: (Seznam Lištička - Email) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-02]
CHR Extension: (Seznam Lištička - Slovník) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-11-02]
CHR Extension: (YouTube) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-02]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-02]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-02]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-11-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Hanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-02]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-14] (Adobe Systems Incorporated) [File not signed]
R2 ArcGIS License Manager; C:\Program Files\ArcGIS\License10.1\bin\lmgrd.exe [1408904 2012-01-05] (Flexera Software, Inc.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-07-31] () [File not signed]
R2 C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [54784 2008-12-19] (Macrovision) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [33992 2014-09-24] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [1029704 2014-09-24] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [188104 2014-09-24] (ESET)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2016-11-02] (Flexera Software, Inc.)
S3 GEST Service; C:\Program Files\GIGABYTE\GEST\GSvr.exe [47624 2007-12-14] ()
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4565832 2017-01-04] (SafeNet, Inc.)
R2 NitroDriverReadSpool2; C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [175624 2012-04-12] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [450912 2017-01-04] (SafeNet, Inc.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [266048 2017-01-04] (SafeNet, Inc.)
S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [69448 2017-01-04] (SafeNet, Inc.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [315208 2017-01-04] (SafeNet, Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 CdaC15BA; C:\WINDOWS\system32\drivers\CDAC15BA.SYS [12464 2008-12-19] (Macrovision Europe Ltd) [File not signed]
R0 d347bus; C:\WINDOWS\System32\DRIVERS\d347bus.sys [155136 2004-08-22] ( ) [File not signed]
R0 d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [5248 2004-08-22] ( ) [File not signed]
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [167184 2014-08-19] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [128056 2014-08-19] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [110552 2014-08-19] (ESET)
S3 ET5Drv; C:\WINDOWS\system32\Drivers\ET5Drv.sys [30008 2007-10-11] (Windows (R) 2000 DDK provider)
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2008-10-31] (Windows (R) 2000 DDK provider)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [627040 2017-01-04] (SafeNet, Inc.)
R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2008-10-31] (Aladdin Knowledge Systems) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed]
S4 IntelIde; no ImagePath
S3 NTIOLib_1_0_C; \??\E:\NTIOLib.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-24 11:45 - 2017-11-24 11:45 - 000000000 ____D C:\FRST
2017-11-24 10:56 - 2017-11-24 10:56 - 000000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2017-11-24 10:56 - 2017-11-24 10:56 - 000000000 __SHD C:\Documents and Settings\Hanka\IETldCache
2017-11-24 10:52 - 2017-11-24 10:53 - 000000000 __HDC C:\WINDOWS\ie8
2017-11-24 09:27 - 2017-11-24 09:29 - 000000000 ____D C:\AdwCleaner
2017-11-22 15:05 - 2017-11-22 15:05 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Nuance
2017-11-22 15:04 - 2017-11-22 15:04 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Sharpdesk
2017-11-22 15:03 - 2017-11-22 15:03 - 000000000 ____D C:\Program Files\Sharp
2017-11-22 14:47 - 2017-11-22 14:48 - 000000000 ____D C:\SKENY
2017-11-14 13:43 - 2017-11-14 13:43 - 005996544 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2017-11-02 10:06 - 2017-11-02 10:06 - 000000458 _____ C:\Documents and Settings\Hanka\Dokumenty\Conversion.txt
2017-11-02 09:41 - 2017-11-02 09:41 - 000001908 _____ C:\Documents and Settings\All Users\Plocha\DWG TrueView 2014.lnk
2017-11-02 09:40 - 2017-11-02 09:40 - 000000000 ____D C:\Documents and Settings\All Users\Dokumenty\Autodesk
2017-11-02 09:38 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-11-02 09:38 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-11-02 09:38 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-11-02 09:38 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-11-02 09:38 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-11-02 09:38 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-11-02 09:38 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-11-02 09:38 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-11-02 09:37 - 2017-11-02 09:37 - 000000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2017-11-02 09:35 - 2017-11-02 09:35 - 000000000 ____D C:\Autodesk
2017-10-26 12:16 - 2017-10-26 12:16 - 000000000 ____D C:\Documents and Settings\LocalService\Data aplikací\pdf995
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-24 11:49 - 2008-10-30 15:16 - 000000000 ____D C:\Documents and Settings\Hanka\Local Settings\Temp
2017-11-24 11:48 - 2012-06-08 13:44 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\HSI
2017-11-24 11:47 - 2008-10-31 08:52 - 000002575 _____ C:\WINDOWS\WINCMD.INI
2017-11-24 11:43 - 2017-10-18 07:35 - 000000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-11-24 11:36 - 2014-02-10 16:29 - 000000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-24 11:01 - 2016-05-17 07:43 - 000000000 ____D C:\Documents and Settings\Hanka\Data aplikací\Seznam.cz
2017-11-24 10:56 - 2014-03-28 07:54 - 000000222 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2017-11-24 10:56 - 2014-02-10 16:29 - 000000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-24 10:56 - 2008-10-30 15:16 - 000000809 _____ C:\Documents and Settings\Hanka\Nabídka Start\Programy\Internet Explorer.lnk
2017-11-24 10:56 - 2008-10-30 15:16 - 000000000 ___RD C:\Documents and Settings\Hanka\Nabídka Start\Programy
2017-11-24 10:56 - 2008-10-30 15:16 - 000000000 ___RD C:\Documents and Settings\Hanka\Dokumenty\Obrázky
2017-11-24 10:56 - 2008-10-30 15:16 - 000000000 ___RD C:\Documents and Settings\Hanka\Dokumenty\Hudba
2017-11-24 10:56 - 2008-10-30 15:16 - 000000000 ___RD C:\Documents and Settings\Hanka\Dokumenty
2017-11-24 10:56 - 2008-10-30 15:16 - 000000000 ____D C:\Documents and Settings\Hanka
2017-11-24 10:56 - 2008-10-10 09:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-24 10:56 - 2008-10-10 08:34 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-11-24 10:56 - 2008-04-14 13:00 - 000012598 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-24 10:55 - 2008-10-09 18:17 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2017-11-24 10:55 - 2008-10-09 18:17 - 000000000 ___HD C:\WINDOWS\inf
2017-11-24 10:55 - 2008-10-09 18:17 - 000000000 ____D C:\WINDOWS\Media
2017-11-24 10:55 - 2008-10-09 18:17 - 000000000 ____D C:\WINDOWS\Help
2017-11-24 10:54 - 2012-06-08 15:34 - 002479306 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1156387117-3113294518-2722567167-1008-0.dat
2017-11-24 10:54 - 2012-06-08 15:34 - 000384658 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2017-11-24 10:54 - 2008-10-30 15:16 - 000000272 ___SH C:\Documents and Settings\Hanka\ntuser.ini
2017-11-24 10:54 - 2008-10-10 10:25 - 000524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-11-24 10:54 - 2008-10-10 09:05 - 000032526 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-23 12:37 - 2014-07-09 08:02 - 000000000 ____D C:\Documents and Settings\Hanka\Local Settings\Data aplikací\ESET
2017-11-23 08:12 - 2011-06-14 11:15 - 000000000 ____D C:\Documents and Settings\Hanka\Plocha\SKENY SHARP
2017-11-23 08:05 - 2008-10-30 15:16 - 000000000 ____D C:\Documents and Settings\Hanka\Plocha
2017-11-22 15:05 - 2008-10-09 18:22 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací
2017-11-22 15:04 - 2008-10-09 18:22 - 000000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-11-22 15:03 - 2011-06-14 11:08 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\Sharp
2017-11-22 15:03 - 2008-10-09 18:22 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-11-22 14:57 - 2011-06-14 11:08 - 000000000 ____D C:\Program Files\Common Files\Sharp Shared
2017-11-22 14:35 - 2008-10-30 15:16 - 000000000 ___HD C:\Documents and Settings\Hanka\Okolní síť
2017-11-16 08:11 - 2012-06-08 14:30 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-11-15 13:36 - 2008-10-30 15:16 - 000000000 ___HD C:\Documents and Settings\Hanka\Local Settings\Data aplikací
2017-11-15 10:35 - 2017-08-09 07:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-14 13:43 - 2013-03-15 11:45 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-11-14 13:43 - 2013-03-15 11:45 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-11-14 13:43 - 2008-10-10 08:31 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-03 15:38 - 2008-10-31 09:24 - 000000059 _____ C:\WINDOWS\wpd99.drv
2017-11-03 15:38 - 2008-10-31 09:24 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\pdf995
2017-11-02 09:44 - 2008-10-30 15:16 - 000140736 _____ C:\Documents and Settings\Hanka\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-11-02 09:43 - 2008-10-09 18:21 - 000463616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-02 09:41 - 2008-12-19 08:13 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-11-02 09:41 - 2008-12-19 08:13 - 000000000 ____D C:\Documents and Settings\Hanka\Data aplikací\Autodesk
2017-11-02 09:41 - 2008-10-09 18:22 - 000000000 ____D C:\Documents and Settings\All Users\Plocha
2017-11-02 09:40 - 2008-12-19 08:14 - 000000000 ____D C:\Program Files\Autodesk
2017-11-02 09:40 - 2008-10-09 18:22 - 000000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-11-02 09:38 - 2008-10-10 08:31 - 000000000 ____D C:\WINDOWS\system32\DirectX
2017-11-02 09:37 - 2008-10-09 18:22 - 000001374 _____ C:\WINDOWS\imsins.BAK
2017-11-02 09:37 - 2008-10-09 18:17 - 000000000 ____D C:\WINDOWS\system32\mui
2017-11-01 14:02 - 2010-03-03 11:07 - 000059202 ____H C:\TREEINFO.WC
2017-10-30 08:14 - 2008-10-09 18:22 - 001192206 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-30 08:14 - 2008-04-14 13:00 - 000492296 _____ C:\WINDOWS\system32\perfh005.dat
2017-10-30 08:14 - 2008-04-14 13:00 - 000099726 _____ C:\WINDOWS\system32\perfc005.dat
2017-10-27 09:56 - 2014-03-07 09:53 - 000000000 ____D C:\Documents and Settings\Hanka\Data aplikací\Nitro PDF
2017-10-26 12:16 - 2008-10-10 09:05 - 000000000 ____D C:\Documents and Settings\LocalService\Data aplikací
==================== Files in the root of some directories =======
2008-11-06 07:58 - 2002-04-23 17:44 - 001859072 _____ () C:\Program Files\ERCN.exe
2006-04-12 10:09 - 2006-05-03 04:48 - 000000181 _____ () C:\Program Files\hpsfx.ini
2014-03-18 09:37 - 2016-11-07 13:22 - 000007680 _____ () C:\Documents and Settings\Hanka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-10-31 12:39 - 2009-01-08 07:26 - 000003612 _____ () C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
2012-03-19 07:44 - 2012-06-11 13:54 - 000000012 _____ () C:\Documents and Settings\All Users\Data aplikací\ReminderNextRun
Some files in TEMP:
====================
2017-11-02 09:41 - 2013-01-18 22:24 - 000040328 _____ (Autodesk, Inc.) C:\Documents and Settings\Hanka\Local Settings\Temp\AcDeltree.exe
2016-03-04 13:31 - 2016-03-04 13:31 - 001004224 _____ () C:\Documents and Settings\Hanka\Local Settings\Temp\AppInstaller.exe
2011-06-24 18:05 - 2011-06-24 18:05 - 000235184 _____ (Google Inc.) C:\Documents and Settings\Hanka\Local Settings\Temp\GoogleToolbarInstaller_stub_signed.exe
2005-08-11 10:56 - 2005-08-11 10:56 - 000655432 _____ (HP) C:\Documents and Settings\Hanka\Local Settings\Temp\hpcdmc32.dll
2006-05-09 17:19 - 2006-05-09 17:19 - 000241664 _____ () C:\Documents and Settings\Hanka\Local Settings\Temp\hppapr04.dll
2006-03-10 17:23 - 2006-03-10 17:23 - 000180224 _____ (Hewlett-Packard Company) C:\Documents and Settings\Hanka\Local Settings\Temp\hppdvq01.dll
2006-04-25 06:08 - 2006-04-25 06:08 - 000253952 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpz5r43e.dll
2006-04-25 06:08 - 2006-04-25 06:08 - 001336320 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpz6r43e.dll
2006-04-25 06:07 - 2006-04-25 06:07 - 000408576 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzev43e.dll
2006-04-25 06:07 - 2006-04-25 06:07 - 001390592 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzls43e.dll
2006-04-25 06:07 - 2006-04-25 06:07 - 000069120 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzpp43e.dll
2009-01-08 07:11 - 2004-12-15 16:28 - 000757760 ____N (Hewlett-Packard) C:\Documents and Settings\Hanka\Local Settings\Temp\HPZscr01.exe
2006-04-25 03:39 - 2006-04-25 03:39 - 000562688 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzss43e.dll
2006-04-25 02:31 - 2006-04-25 02:31 - 003950592 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzst43e.dll
2006-04-25 06:07 - 2006-04-25 06:07 - 002461696 _____ (Hewlett-Packard Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\hpzui43e.dll
2008-11-26 04:49 - 2008-11-26 04:49 - 000607640 _____ (Sun Microsystems, Inc.) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-6u11-windows-i586-p-iftw.exe
2009-03-25 08:02 - 2009-03-25 08:02 - 000607640 _____ (Sun Microsystems, Inc.) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
2009-08-01 18:29 - 2009-08-01 18:29 - 000714528 _____ (Sun Microsystems, Inc.) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-6u15-windows-i586-iftw.exe
2013-03-01 21:00 - 2013-03-01 21:00 - 000897448 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
2013-04-05 15:44 - 2013-04-05 15:44 - 000904104 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
2013-06-13 16:36 - 2013-06-13 16:36 - 000903592 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 19:27 - 2013-10-08 19:27 - 000915368 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
2013-12-19 18:06 - 2013-12-19 18:06 - 000921512 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
2014-04-15 21:50 - 2014-04-15 21:50 - 000921512 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
2014-07-11 22:12 - 2014-07-11 22:12 - 000918952 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
2014-07-28 06:15 - 2014-07-28 06:15 - 000918440 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 18:06 - 2014-09-29 18:06 - 000937896 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
2017-07-26 06:56 - 2017-07-26 06:56 - 000739904 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-8u141-windows-au.exe
2014-12-18 18:29 - 2014-12-18 18:29 - 000641448 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-8u31-windows-au.exe
2015-08-27 15:30 - 2015-09-03 15:47 - 000585824 _____ (Oracle Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\jre-8u60-windows-au.exe
2004-07-10 03:56 - 2004-07-10 03:56 - 000169472 _____ (Microsoft Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\pclxl.dll
2004-08-04 12:26 - 2004-08-04 12:26 - 000264704 _____ (Microsoft Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\unidrv.dll
2004-08-04 12:14 - 2004-08-04 12:14 - 000197632 _____ (Microsoft Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\unidrvui.dll
2014-08-04 10:25 - 2014-08-04 10:22 - 000071554 _____ () C:\Documents and Settings\Hanka\Local Settings\Temp\Uninstall.exe
2004-08-04 12:13 - 2004-08-04 12:13 - 000619520 _____ (Microsoft Corporation) C:\Documents and Settings\Hanka\Local Settings\Temp\unires.dll
2014-02-25 13:53 - 2014-02-25 13:53 - 005169152 _____ (ImageMagick Studio) C:\Documents and Settings\Hanka\Local Settings\Temp\~convert1843834966835867283.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
Re: přetížený CPU - svchost.exe
1. vycisti PC s CCleanerom, vcetne registrov
restart
2. skontroluj vypnutie automatických aktualizacii Win
restart
2. skontroluj vypnutie automatických aktualizacii Win
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: přetížený CPU - svchost.exe
V registrech mohu dát FIX u všech, které to proskenováním nalezlo?JaRon píše:1. vycisti PC s CCleanerom, vcetne registrov
restart
2. skontroluj vypnutie automatických aktualizacii Win
Re: přetížený CPU - svchost.exe
mozes, bez obav 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: přetížený CPU - svchost.exe
Použil jsem pouze Free verzi CCleaneru. V něm jsem použil záložku Cleaner a Registry a v obou jsem dal proskenovat z vymazat vše, co to našlo v Aplikacích i ve Windows. Po restartu PC je opět vše v pořádku, ale je otázkou na jak dlouho. Prosím o nezamykání tématu. Možná už to dnes plně neprověřím a je pravděpodobné, že v příštím týdnu se může problém vrátit (přes víkend u PC nebudu).
Děkuji.
EDIT: tak problém se navrátil dřív, než bych čekal. Cca 15 minut běželo PC v klidu a poté se začel opět vytáčet ventilátor do otáček a CPU je zase vytíženo oními 50% od svchost.exe.
Jestli to způsobuje zrovna brouzdání po internetových stránkách, to nedokážu tvrdit. Běžel mi mail na centrum.cz a listoval jsem facebookem. Kromě toho běžel ještě kreslící SW. Jinak jsem nic nespouštěl.
Děkuji.
EDIT: tak problém se navrátil dřív, než bych čekal. Cca 15 minut běželo PC v klidu a poté se začel opět vytáčet ventilátor do otáček a CPU je zase vytíženo oními 50% od svchost.exe.
Jestli to způsobuje zrovna brouzdání po internetových stránkách, to nedokážu tvrdit. Běžel mi mail na centrum.cz a listoval jsem facebookem. Kromě toho běžel ještě kreslící SW. Jinak jsem nic nespouštěl.
Re: přetížený CPU - svchost.exe
Prescanuj PC s MBAM v 1.75
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: přetížený CPU - svchost.exe
Dnes od rána asi 15 minut běhu PC v pohodě a pak se to zase rozjelo. A to aniž bych spouštěl jakýkoliv SW, který by viditelně pracoval s internetem. Pomocí MBAM proskenován následně PC, nalezeno 7 podezřelých souborů, které však mám v PC už hódně let a nikdy problém nedělaly.
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2017.11.27.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Hanka :: HANKA [administrátor]
Ochrana: Povolena
27.11.2017 8:29:25
MBAM-log-2017-11-27 (13-42-24).txt
Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 602688
Uplynulý čas: 3 hodin, 46 minut, 36 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 7
D:\ostatní\Atlas podnebí ČR\arun.exe (Trojan.Oficla.H) -> Nebyla provedena žádná instrukce.
D:\X5.Designer.5.7.7\X5.Designer.5.7.7\keygen\wssetupkg.exe (HackTool.FilePatcher) -> Nebyla provedena žádná instrukce.
D:\X5.Designer.5.7.7\X5.Designer.5.7.7\keygen-CORE\CORE10k.EXE (PUP.Optional.IntroKeygen) -> Nebyla provedena žádná instrukce.
D:\Programy\BPS Spyware Adware Remover 8.2.10\bpssr.exe (Rogue.BulletProofSoftware) -> Nebyla provedena žádná instrukce.
E:\ostatní\arcsoft-panorama-maker-6-60094_ODxCracK.zip (Adware.InstallMonster) -> Nebyla provedena žádná instrukce.
E:\ostatní\HIpPlatkey.rar (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\ostatní\winamp563_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
(konec)
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
Verze: v2017.11.27.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Hanka :: HANKA [administrátor]
Ochrana: Povolena
27.11.2017 8:29:25
MBAM-log-2017-11-27 (13-42-24).txt
Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 602688
Uplynulý čas: 3 hodin, 46 minut, 36 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 7
D:\ostatní\Atlas podnebí ČR\arun.exe (Trojan.Oficla.H) -> Nebyla provedena žádná instrukce.
D:\X5.Designer.5.7.7\X5.Designer.5.7.7\keygen\wssetupkg.exe (HackTool.FilePatcher) -> Nebyla provedena žádná instrukce.
D:\X5.Designer.5.7.7\X5.Designer.5.7.7\keygen-CORE\CORE10k.EXE (PUP.Optional.IntroKeygen) -> Nebyla provedena žádná instrukce.
D:\Programy\BPS Spyware Adware Remover 8.2.10\bpssr.exe (Rogue.BulletProofSoftware) -> Nebyla provedena žádná instrukce.
E:\ostatní\arcsoft-panorama-maker-6-60094_ODxCracK.zip (Adware.InstallMonster) -> Nebyla provedena žádná instrukce.
E:\ostatní\HIpPlatkey.rar (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\ostatní\winamp563_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
(konec)
Přispějete na provoz fóra?