Dobrý den, nějakým způsobem se mi do pc dostal omniboxes, prosím o kontrolu logu z FRST a radu co s tím.. Log Addition v příloze.
Díky za odpověď.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Miroslav (administrator) on PC-KANCELAR on 11-03-2015 16:40:21
Running from C:\Users\Miroslav\Desktop
Loaded Profiles: Miroslav (Available profiles: Miroslav)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\41.0.2272.41\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\41.0.2272.41\remoting_host.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
(razercfg MFC Application) C:\Program Files (x86)\Razer\Lachesis\OSD.exe
() C:\Program Files (x86)\Razer\Lachesis\razertra.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ghisler Software GmbH) C:\Program Files\TotalCMD\TOTALCMD64.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Miroslav\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-07] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-07] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-01-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Lachesis] => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [248320 2009-11-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Policies\Explorer: []
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {bcdf6e9e-43ae-11e4-8267-a0d3c13f7eff} - "G:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
SearchScopes: HKLM -> {707BC4A0-FB7A-4131-9DA5-14E54F088308} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
SearchScopes: HKLM-x32 -> {707BC4A0-FB7A-4131-9DA5-14E54F088308} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-931785541-2971233630-2540198836-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
SearchScopes: HKU\S-1-5-21-931785541-2971233630-2540198836-1001 -> {707BC4A0-FB7A-4131-9DA5-14E54F088308} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKU\S-1-5-21-931785541-2971233630-2540198836-1001 -> {EE804AE7-BB17-460D-8D8D-EB05F6A35E55} URL = https://search.yahoo.com/search?fr=chr- ... earchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{D8B99B1A-27EA-46D5-877A-68647B777EB8}: [NameServer] 10.0.0.138
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
Chrome:
=======
CHR HomePage: Profile 1 -> https://www.google.cz/
CHR StartupUrls: Profile 1 -> "hxxp://google.cz/"
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Translate) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-01-05]
CHR Extension: (Google Drive) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]
CHR Extension: (YouTube) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]
CHR Extension: (Google Search) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]
CHR Extension: (Google Sheets) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]
CHR Extension: (Page Analytics (by Google)) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2015-01-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-05]
CHR Extension: (AdBlock) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-05]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-01-05]
CHR Extension: (Dropbox) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-01-05]
CHR Extension: (Type Sample) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jobccjjaffckfoggljonehppmldgmkmh [2015-02-27]
CHR Extension: (Wordpress Admin Bar Control) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\joldejophkhmeajgjenfnfdpfjkalckn [2015-01-20]
CHR Extension: (Převod měn) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjehaadplpgckpgeoddpnijogjaldela [2015-01-05]
CHR Extension: (Google Maps) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-01-05]
CHR Extension: (Google Mail Checker) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-05]
CHR Extension: (Hangouts) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-01-05]
CHR Extension: (Save to Pocket) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-01-06]
CHR Extension: (Google Wallet) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-03-02]
CHR Extension: (Gmail) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\41.0.2272.41\remoting_host.exe [56648 2015-02-01] (Google Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-07] (IDT, Inc.) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 Update Air Globe; "C:\Program Files (x86)\Air Globe\updateAirGlobe.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-11-28] (Alcohol Soft Development Team)
S3 lachesis35g; C:\Windows\System32\drivers\lachesis35g.sys [11776 2012-12-10] (Razer USA Ltd) [File not signed]
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-04] (Duplex Secure Ltd.)
R3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-11 16:40 - 2015-03-11 16:40 - 00023235 _____ () C:\Users\Miroslav\Desktop\FRST.txt
2015-03-11 16:39 - 2015-03-11 16:40 - 00000000 ____D () C:\FRST
2015-03-11 16:37 - 2015-03-11 16:37 - 00112640 _____ (forum.viry.cz) C:\Users\Miroslav\Desktop\FRSTLauncher.exe
2015-03-11 16:35 - 2015-03-11 16:35 - 02095616 _____ (Farbar) C:\Users\Miroslav\Desktop\FRST64.exe
2015-03-11 16:29 - 2015-03-11 16:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Miroslav\Downloads\hijackthis.exe
2015-03-11 16:29 - 2015-03-11 16:29 - 00010296 _____ () C:\Users\Miroslav\Downloads\hijackthis.log
2015-03-11 16:21 - 2015-03-11 16:21 - 01720017 _____ () C:\Users\Miroslav\Desktop\Romotop_KV662.skp
2015-03-11 16:10 - 2015-03-11 16:10 - 01272937 _____ () C:\Users\Miroslav\Downloads\kv662.skp
2015-03-11 16:10 - 2015-03-11 16:10 - 01083835 _____ () C:\Users\Miroslav\Desktop\prislusenstvi.rar
2015-03-11 15:42 - 2015-03-11 15:44 - 00000000 ____D () C:\AdwCleaner
2015-03-11 15:31 - 2015-03-11 15:32 - 00000000 ____D () C:\Users\Miroslav\Desktop\kv
2015-03-11 15:31 - 2015-03-11 15:31 - 00000788 _____ () C:\windows\setupact.log
2015-03-11 15:31 - 2015-03-11 15:31 - 00000000 _____ () C:\windows\setuperr.log
2015-03-11 15:24 - 2015-03-11 15:25 - 02171392 _____ () C:\Users\Miroslav\Desktop\adwcleaner_4.112.exe
2015-03-11 15:05 - 2015-03-11 15:18 - 00000000 ____D () C:\ProgramData\ASGVIS
2015-03-11 15:05 - 2015-03-11 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group
2015-03-11 14:57 - 2015-01-12 07:39 - 00002139 _____ () C:\Users\Miroslav\Desktop\AutoCAD 2015.lnk
2015-03-11 14:51 - 2015-03-11 14:51 - 00003120 _____ () C:\windows\SysWOW64\ALLFSAF14a.ocx
2015-03-11 14:51 - 2015-03-11 14:51 - 00002040 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2015-03-11 14:51 - 2015-03-11 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014
2015-03-11 14:33 - 2015-03-11 14:33 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-11 13:09 - 2015-03-11 13:23 - 00000000 ____D () C:\Program Files (x86)\Air Globe
2015-03-11 13:09 - 2015-03-11 13:09 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\QuickScan
2015-03-11 13:09 - 2015-03-11 13:09 - 00000000 ____D () C:\Program Files (x86)\b8d73ad6-1476-4f63-b012-bb37923f070e
2015-03-11 13:08 - 2015-03-11 15:45 - 00001720 _____ () C:\windows\Tasks\IHYDARN.job
2015-03-11 13:08 - 2015-03-11 13:20 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.8cV11.03
2015-03-11 13:08 - 2015-03-11 13:08 - 01958400 _____ (Cinema PlusV11.03) C:\Users\Miroslav\AppData\Roaming\IHYDARN.exe
2015-03-11 13:08 - 2015-03-11 13:08 - 00004738 _____ () C:\windows\System32\Tasks\IHYDARN
2015-03-11 13:08 - 2015-03-11 13:08 - 00000000 ____D () C:\Program Files (x86)\76c74ff0-07f5-4709-90c9-c05f8fa9bdac
2015-03-10 12:43 - 2015-03-10 12:39 - 00001282 _____ () C:\Users\Miroslav\Desktop\Adobe Dreamweaver CC 2014.lnk
2015-03-10 12:40 - 2015-03-10 12:40 - 00003514 _____ () C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mirdos@outlook.cz
2015-03-10 12:39 - 2015-03-10 12:39 - 00001282 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
2015-03-10 12:28 - 2015-03-11 15:44 - 00007650 _____ () C:\windows\PFRO.log
2015-03-10 12:24 - 2015-03-10 17:24 - 00000000 ____D () C:\Users\Miroslav\Desktop\text
2015-03-10 10:47 - 2015-03-10 10:47 - 12518229 _____ () C:\Users\Miroslav\Downloads\Suntiware_13-2-DEMO.zip
2015-03-10 10:34 - 2015-03-10 12:04 - 00000000 ____D () C:\Program Files\Adobe
2015-03-10 10:31 - 2015-03-10 10:32 - 20613771 _____ () C:\Users\Miroslav\Downloads\suntiware_14-1.zip
2015-03-10 10:29 - 2015-03-10 10:29 - 00000000 ___RD () C:\Users\Miroslav\Creative Cloud Files
2015-03-10 10:13 - 2015-03-10 10:13 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\PDAppFlex
2015-03-10 10:02 - 2015-03-10 12:39 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-10 09:48 - 2015-03-10 09:48 - 00000000 ____D () C:\Users\Miroslav\DO~CUWG5
2015-03-09 22:30 - 2015-03-09 22:30 - 00005487 _____ () C:\Users\Miroslav\AppData\Roaming\IHYDARN
2015-03-09 10:07 - 2015-03-09 10:07 - 00002997 _____ () C:\Users\Miroslav\Desktop\XML Viewer.lnk
2015-03-09 10:05 - 2015-03-09 10:05 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer
2015-03-09 10:05 - 2015-03-09 10:05 - 00000000 ____D () C:\Program Files (x86)\MindFusion Limited
2015-03-02 07:16 - 2015-03-02 07:16 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2015-02-20 08:52 - 2015-02-20 08:52 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\NetDirect
2015-02-16 07:13 - 2015-03-11 15:56 - 01679951 _____ () C:\windows\WindowsUpdate.log
2015-02-14 11:00 - 2015-02-27 09:34 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\PioneerLog
2015-02-14 10:59 - 2015-02-14 10:59 - 00000000 ____D () C:\Users\Miroslav\Documents\rekordbox
2015-02-14 10:59 - 2015-02-14 10:59 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Pioneer
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-11 16:36 - 2014-08-05 06:28 - 00000000 ____D () C:\Users\Miroslav\Documents\Soubory aplikace Outlook
2015-03-11 16:32 - 2014-08-04 09:07 - 00003994 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3DB0DA44-4792-493B-82B8-028069F1D3CB}
2015-03-11 16:28 - 2014-08-04 09:08 - 00000984 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-11 16:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-03-11 15:54 - 2014-08-04 09:04 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-931785541-2971233630-2540198836-1001
2015-03-11 15:49 - 2014-07-11 10:28 - 00724228 _____ () C:\windows\system32\perfh005.dat
2015-03-11 15:49 - 2014-07-11 10:28 - 00167054 _____ () C:\windows\system32\perfc005.dat
2015-03-11 15:49 - 2014-03-18 16:32 - 01748858 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-11 15:47 - 2014-08-04 09:08 - 00002482 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-11 15:45 - 2014-08-04 09:08 - 00000980 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 15:45 - 2014-08-04 09:01 - 00000000 __RDO () C:\Users\Miroslav\OneDrive
2015-03-11 15:44 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-11 15:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-03-11 15:08 - 2014-11-28 11:32 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\uTorrent
2015-03-11 15:04 - 2014-11-28 12:12 - 00000000 ____D () C:\Users\Miroslav\Downloads\torrent
2015-03-11 14:53 - 2014-08-04 12:33 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\SketchUp
2015-03-11 14:51 - 2014-08-04 12:31 - 00000000 ____D () C:\ProgramData\SketchUp
2015-03-11 14:51 - 2014-08-04 12:31 - 00000000 ____D () C:\Program Files (x86)\SketchUp
2015-03-11 14:37 - 2014-09-25 10:42 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\vlc
2015-03-11 14:37 - 2014-08-05 08:12 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\Adobe
2015-03-11 14:35 - 2014-08-04 13:56 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-11 14:35 - 2014-08-04 08:59 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Adobe
2015-03-11 14:33 - 2014-08-04 13:56 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-11 13:35 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-03-11 13:20 - 2014-08-06 09:00 - 02481664 ___SH () C:\Users\Miroslav\Desktop\Thumbs.db
2015-03-11 13:20 - 2013-08-22 15:44 - 00497864 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-11 13:10 - 2014-08-04 08:59 - 00001641 _____ () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-11 13:10 - 2013-08-22 14:25 - 00000301 _____ () C:\windows\win.ini
2015-03-11 13:08 - 2014-08-04 11:55 - 00000000 ____D () C:\Program Files (x86)\Alcohol Soft
2015-03-11 13:01 - 2014-08-14 13:53 - 03885568 ___SH () C:\Users\Miroslav\Downloads\Thumbs.db
2015-03-10 17:27 - 2014-08-18 08:27 - 00000000 ___RD () C:\Users\Miroslav\Dropbox
2015-03-10 17:27 - 2014-08-04 08:59 - 00000000 ____D () C:\Users\Miroslav
2015-03-10 17:25 - 2014-08-18 08:26 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Dropbox
2015-03-06 13:55 - 2015-01-09 11:01 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\ViberPC
2015-03-06 13:55 - 2015-01-09 11:01 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\Viber
2015-03-03 14:17 - 2014-08-11 07:18 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-27 17:32 - 2014-08-04 12:50 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\XnView
2015-02-27 17:24 - 2014-09-03 06:55 - 00000000 ____D () C:\Users\Miroslav\Documents\Reg
2015-02-26 15:09 - 2014-08-04 12:19 - 00000000 ____D () C:\Users\Miroslav\Desktop\Údržba
2015-02-20 10:22 - 2015-01-19 07:45 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\netDirect
2015-02-14 10:24 - 2014-08-18 08:26 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 12:29 - 2014-08-04 09:08 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-09 07:23 - 2014-08-04 09:08 - 00003956 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 07:23 - 2014-08-04 09:08 - 00003720 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2014-02-18 05:12 - 2014-02-18 05:12 - 0121306 _____ () C:\Program Files\Acknowledgements.rtf
2014-10-15 05:42 - 2014-10-15 05:42 - 3022480 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_dsp.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0145040 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_link.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 1556112 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_manager.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0538768 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_musicid.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0273040 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_submit.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 2084648 _____ (Apple, Inc) C:\Program Files\iAdCore.dll
2014-02-18 05:07 - 2014-02-18 05:07 - 0112968 _____ (Apple Inc.) C:\Program Files\ITDetector.ocx
2014-10-15 05:42 - 2014-10-15 05:42 - 27444520 _____ (Apple Inc.) C:\Program Files\iTunes.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 4175144 _____ (Apple Inc.) C:\Program Files\iTunes.exe
2014-10-15 05:42 - 2014-10-15 05:42 - 0440104 _____ (Apple Inc.) C:\Program Files\iTunesAdmin.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0173352 _____ (Apple Inc.) C:\Program Files\iTunesHelper.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0157480 _____ (Apple Inc.) C:\Program Files\iTunesHelper.exe
2014-10-15 05:42 - 2014-10-15 05:42 - 0310568 _____ (Apple Inc.) C:\Program Files\iTunesOutlookAddIn.dll
2015-03-09 22:30 - 2015-03-09 22:30 - 0005487 _____ () C:\Users\Miroslav\AppData\Roaming\IHYDARN
2015-03-11 13:08 - 2015-03-11 13:08 - 1958400 _____ (Cinema PlusV11.03) C:\Users\Miroslav\AppData\Roaming\IHYDARN.exe
2015-01-06 17:06 - 2015-01-06 17:06 - 0000017 _____ () C:\Users\Miroslav\AppData\Local\resmon.resmoncfg
2014-08-18 15:02 - 2014-08-18 15:02 - 0000445 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Miroslav\AppData\Local\Temp\8205.exe
C:\Users\Miroslav\AppData\Local\Temp\8414.exe
C:\Users\Miroslav\AppData\Local\Temp\8950.exe
C:\Users\Miroslav\AppData\Local\Temp\b_setup.exe
C:\Users\Miroslav\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdt4wio.dll
C:\Users\Miroslav\AppData\Local\Temp\Quarantine.exe
C:\Users\Miroslav\AppData\Local\Temp\sqlite3.dll
C:\Users\Miroslav\AppData\Local\Temp\vcredist_vs2005_x86.exe
C:\Users\Miroslav\AppData\Local\Temp\vcredist_vs2010_x64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-04 07:30
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Windows) (Fixed) (Total:226.35 GB) (Free:143.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.65 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DATADRIVE) (Fixed) (Total:2794.39 GB) (Free:2656.16 GB) NTFS
Available physical RAM: 14386.18 MB
Total physical RAM: 16337.06 MB
Percentage of memory in use: 11%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 238.5 GB) (Disk ID: 14418506)
Disk: 1 (Size: 2794.5 GB) (Disk ID: 73CFCDB3)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\IHYDARN.job => C:\Users\Miroslav\AppData\Roaming\IHYDARN.exe <==== ATTENTION
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\Miroslav\OneDrive:ms-properties
==================== Security Center ==================
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Miroslav\Desktop" je 80 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Chrome - malware omniboxes
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Chrome - malware omniboxes
- Přílohy
-
- Addition.zip
- (7.87 KiB) Staženo 132 x
Re: Chrome - malware omniboxes
Zdravim 
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Po spusteni probehne stazeni databaze
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
- Do okna vlozte skript nize
Kód: Vybrat vše
autoclean; resethosts; emptyclsid; IEdefaults; FFdefaults; CHRdefaults; emptyIEcache; emptyFFcache; emptyCHRcache; emptyalltemp; emptyflash; emptyjava; emptyrecycle.bin;- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Chrome - malware omniboxes
AdwCleaner jsem zkoušel již dopoledne sám, poslední log teď tedy neobsahuje moc informací, v příloze zasílám všechny logy z dneška z AswCleaneru.
AdwCleaner
# AdwCleaner v4.112 - Logfile created 11/03/2015 at 17:32:04
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Miroslav - PC-KANCELAR
# Running from : C:\Users\Miroslav\Desktop\adwcleaner_4.112.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Google Chrome v41.0.2272.89
*************************
AdwCleaner[R0].txt - [7321 bytes] - [11/03/2015 15:42:57]
AdwCleaner[R1].txt - [899 bytes] - [11/03/2015 17:26:59]
AdwCleaner[R2].txt - [967 bytes] - [11/03/2015 17:31:19]
AdwCleaner[S0].txt - [7353 bytes] - [11/03/2015 15:44:21]
AdwCleaner[S1].txt - [966 bytes] - [11/03/2015 17:27:55]
AdwCleaner[S2].txt - [895 bytes] - [11/03/2015 17:32:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [953 bytes] ##########
AdwCleaner
# AdwCleaner v4.112 - Logfile created 11/03/2015 at 17:32:04
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Miroslav - PC-KANCELAR
# Running from : C:\Users\Miroslav\Desktop\adwcleaner_4.112.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Google Chrome v41.0.2272.89
*************************
AdwCleaner[R0].txt - [7321 bytes] - [11/03/2015 15:42:57]
AdwCleaner[R1].txt - [899 bytes] - [11/03/2015 17:26:59]
AdwCleaner[R2].txt - [967 bytes] - [11/03/2015 17:31:19]
AdwCleaner[S0].txt - [7353 bytes] - [11/03/2015 15:44:21]
AdwCleaner[S1].txt - [966 bytes] - [11/03/2015 17:27:55]
AdwCleaner[S2].txt - [895 bytes] - [11/03/2015 17:32:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [953 bytes] ##########
- Přílohy
-
- AdwCleaner.zip
- (5.97 KiB) Staženo 129 x
Re: Chrome - malware omniboxes
zoek
Zoek.exe v5.0.0.0 Updated 10-March-2015
Tool run by Miroslav on st 11. 03. 2015 at 17:35:18,20.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Miroslav\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11. 3. 2015 17:35:37 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Air Globe deleted successfully
C:\PROGRA~2\CinemaP-1.8cV11.03 deleted successfully
C:\PROGRA~2\COMMON~1\PDF Architect deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Users\Miroslav\AppData\Roaming\QuickScan deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Internet Explorer\SearchScopes\{707BC4A0-FB7A-4131-9DA5-14E54F088308} deleted successfully
HKEY_USERS\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EE804AE7-BB17-460D-8D8D-EB05F6A35E55} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Air Globe not found
C:\PROGRA~2\CinemaP-1.8cV11.03 not found
C:\PROGRA~2\76c74ff0-07f5-4709-90c9-c05f8fa9bdac deleted
C:\PROGRA~2\b8d73ad6-1476-4f63-b012-bb37923f070e deleted
C:\Users\Public\Pokki deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\Miroslav\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\tasks\IHYDARN.job deleted
C:\windows\SysNative\tasks\IHYDARN deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Miroslav\AppData\Roaming\IHYDARN.exe deleted
"C:\Users\Miroslav\AppData\Roaming\IHYDARN" deleted
==== Chromium Look ======================
Page Analytics (by Google) - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh
AdBlock - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom
TweetDeck by Twitter - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbdpomandigafcibbmofojjchbcdagbl
Type Sample - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jobccjjaffckfoggljonehppmldgmkmh
WP Admin Bar Hider - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\joldejophkhmeajgjenfnfdpfjkalckn
Převod měn - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjehaadplpgckpgeoddpnijogjaldela
Save to Pocket - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Chrome Apps & Extensions Developer Tool - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc
==== Chromium Fix ======================
C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jobccjjaffckfoggljonehppmldgmkmh deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
"Default_Page_URL"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
"Default_Page_URL"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
"Start Page"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
"Search Page"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
"Default_Page_URL"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
"Start Page"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
"Search Page"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Miroslav\Desktop\Adobe Dreamweaver CC 2014.lnk - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
C:\Users\Miroslav\Desktop\AutoCAD 2015.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2015\acad.exe /product ACAD /language "cs-CZ"
C:\Users\Miroslav\Desktop\AutoHotkey.lnk - C:\Users\Miroslav\Desktop\Údržba\AutoHotkey.exe
C:\Users\Miroslav\Desktop\Beskydkrby.lnk - E:\Beskydkrby
C:\Users\Miroslav\Desktop\Excel 2010.lnk - C:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\Users\Miroslav\Desktop\GoPro Studio.lnk - C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
C:\Users\Miroslav\Desktop\GoPro.lnk - E:\GoPro
C:\Users\Miroslav\Desktop\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Users\Miroslav\Desktop\Notepad.lnk - C:\windows\system32\notepad.exe
C:\Users\Miroslav\Desktop\Outlook 2010.lnk - C:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\Users\Miroslav\Desktop\PSPad.lnk - C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\Users\Miroslav\Desktop\TISK.lnk - E:\Beskydkrby\Mix\TISK
C:\Users\Miroslav\Desktop\Word 2010.lnk - C:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\Users\Miroslav\Desktop\XML Viewer.lnk - C:\Users\Miroslav\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_18be6784.exe
C:\Users\Miroslav\Desktop\Údržba\Alcohol 120%.lnk -
C:\Users\Miroslav\Desktop\Údržba\CCleaner.lnk -
C:\Users\Miroslav\Desktop\Údržba\Dropbox.lnk -
C:\Users\Miroslav\Desktop\Údržba\LAN.lnk -
C:\Users\Miroslav\Desktop\Údržba\Revo Uninstaller.lnk -
C:\Users\Miroslav\Desktop\Údržba\Viber.lnk -
C:\Users\Miroslav\Desktop\Údržba\VLC.lnk -
C:\Users\Miroslav\Desktop\Údržba\µTorrent.lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\AutoHotkey.lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\AutoIt3 Window Spy.lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\AutoScriptWriter (recorder).lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\Convert .ahk to .exe.lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\Extras.lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\Website.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\AutoCAD 2015.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2015\acad.exe /product ACAD /language "cs-CZ"
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
C:\Users\Public\Desktop\HEIN Active 2.0.lnk - C:\Program Files (x86)\Hein\hein.exe
C:\Users\Public\Desktop\POHODA 2014.lnk - \\Pc-pc\pohoda12\Pohoda.exe
C:\Users\Public\Desktop\RAUCAD TechCON.lnk - C:\Program Files (x86)\Atcon systems\RAUCAD-TechCON\TechCON.exe
C:\Users\Public\Desktop\SketchUp 2013.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2013\SketchUp.exe
C:\Users\Public\Desktop\SketchUp 2014.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\SketchUp.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk - C:\Users\Miroslav\AppData\Local\Viber\Viber.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Chrome Apps & Extensions Developer Tool.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Spouštěč aplikací Chrome.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetDirect\FastPohoda.lnk - C:\Users\Miroslav\AppData\Roaming\Microsoft\Installer\{55DF26BD-AFE1-4516-B8A5-37FF0FB15002}\_118B97279810470C008B86.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\windows\system32\cmd.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer\The MindFusion Forums.lnk - C:\Users\Miroslav\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_294823.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer\XML Viewer.lnk - C:\Users\Miroslav\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_18be6784.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\windows\Installer\{AC76BA86-7AD7-1029-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\AutoCAD 2015 – Čeština (Czech).lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Dávková kontrola standardů.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Obnovit výchozí nastavení.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Pomůcka pro přenos licencí – AutoCAD 2015.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Připojit digitální podpisy.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Správce referencí.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Migrace uživatelských nastavení\Export nastavení aplikace AutoCAD 2015.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Migrace uživatelských nastavení\Import nastavení aplikace AutoCAD 2015.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Migrace uživatelských nastavení\Migrace z předchozí verze.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Uninstall Tool.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\Uninstall Tool\R1\UninstallTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Content Service\Služba obsahu – Konzola pro konfiguraci.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Uninstall V-Ray for SketchUp demo.lnk - C:\ProgramData\ASGVIS\Uninstall_VRayForSketchUp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Distributed Rendering\Launch the distributed rendering spawner.lnk - C:\ProgramData\ASGVIS\Common\x86\vc8\Distributed Rendering\XMLDRSpawner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Distributed Rendering 64-bit\Launch the distributed rendering spawner.lnk - C:\ProgramData\ASGVIS\Common\x64\vc10\Distributed Rendering\XMLDRSpawner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Documentation\V-Ray for SketchUp Online Documentation.lnk - C:\ProgramData\ASGVIS\Documentation\V-Ray for SketchUp 1.5 Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Co jsou iTunes.lnk - C:\Program Files (x86)\iTunes.Resources\cs.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor\Navštívit www stránku.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor\Nápověda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor\Odinstalovat.lnk - C:\Program Files (x86)\PSPad editor\Uninst\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor\PSPad Editor.lnk - C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Lachesis\Enable Trayicon.lnk - C:\Program Files (x86)\Razer\Lachesis\razertra.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Lachesis\Razer Lachesis Config.lnk - C:\Program Files (x86)\Razer\Lachesis\razercfg.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Lachesis\Razer Lachesis Help.lnk - C:\Program Files (x86)\Razer\Lachesis\Razercfg.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Lachesis\Razerzone Homepage.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014\LayOut.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\LayOut\LayOut.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014\SketchUp.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\SketchUp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014\Style Builder.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\Style Builder\Style Builder.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STORMWARE Office\Ekonomický systém POHODA 2015 (síťový klient) Premium.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STORMWARE Office\Stormware ISDOC Reader.lnk - C:\Program Files (x86)\STORMWARE\ISDOC Reader\StwISDOCReader.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PSPad.lnk - C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Viber.lnk - C:\Users\Miroslav\AppData\Local\Viber\Viber.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2010.lnk - C:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spouštěč aplikací Chrome.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Total Commander.lnk - C:\Program Files (x86)\TotalCMD\TOTALCMD64.EXE
==== shortcuts After Repair ======================
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miroslav\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Miroslav\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Miroslav\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Miroslav\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1262 folders=187 248894039 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Miroslav\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Miroslav\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on st 11. 03. 2015 at 17:41:46,43 ======================
Zoek.exe v5.0.0.0 Updated 10-March-2015
Tool run by Miroslav on st 11. 03. 2015 at 17:35:18,20.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Miroslav\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11. 3. 2015 17:35:37 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\Air Globe deleted successfully
C:\PROGRA~2\CinemaP-1.8cV11.03 deleted successfully
C:\PROGRA~2\COMMON~1\PDF Architect deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Users\Miroslav\AppData\Roaming\QuickScan deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Internet Explorer\SearchScopes\{707BC4A0-FB7A-4131-9DA5-14E54F088308} deleted successfully
HKEY_USERS\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EE804AE7-BB17-460D-8D8D-EB05F6A35E55} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\Air Globe not found
C:\PROGRA~2\CinemaP-1.8cV11.03 not found
C:\PROGRA~2\76c74ff0-07f5-4709-90c9-c05f8fa9bdac deleted
C:\PROGRA~2\b8d73ad6-1476-4f63-b012-bb37923f070e deleted
C:\Users\Public\Pokki deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\Miroslav\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\tasks\IHYDARN.job deleted
C:\windows\SysNative\tasks\IHYDARN deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Miroslav\AppData\Roaming\IHYDARN.exe deleted
"C:\Users\Miroslav\AppData\Roaming\IHYDARN" deleted
==== Chromium Look ======================
Page Analytics (by Google) - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh
AdBlock - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom
TweetDeck by Twitter - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbdpomandigafcibbmofojjchbcdagbl
Type Sample - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jobccjjaffckfoggljonehppmldgmkmh
WP Admin Bar Hider - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\joldejophkhmeajgjenfnfdpfjkalckn
Převod měn - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kjehaadplpgckpgeoddpnijogjaldela
Save to Pocket - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Chrome Apps & Extensions Developer Tool - Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc
==== Chromium Fix ======================
C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jobccjjaffckfoggljonehppmldgmkmh deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
"Default_Page_URL"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
"Default_Page_URL"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
"Start Page"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
"Search Page"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
"Default_Page_URL"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
"Start Page"="http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479"
"Search Page"="http://www.omniboxes.com/web/?type=ds&t ... earchTerms}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Miroslav\Desktop\Adobe Dreamweaver CC 2014.lnk - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
C:\Users\Miroslav\Desktop\AutoCAD 2015.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2015\acad.exe /product ACAD /language "cs-CZ"
C:\Users\Miroslav\Desktop\AutoHotkey.lnk - C:\Users\Miroslav\Desktop\Údržba\AutoHotkey.exe
C:\Users\Miroslav\Desktop\Beskydkrby.lnk - E:\Beskydkrby
C:\Users\Miroslav\Desktop\Excel 2010.lnk - C:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\Users\Miroslav\Desktop\GoPro Studio.lnk - C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
C:\Users\Miroslav\Desktop\GoPro.lnk - E:\GoPro
C:\Users\Miroslav\Desktop\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Users\Miroslav\Desktop\Notepad.lnk - C:\windows\system32\notepad.exe
C:\Users\Miroslav\Desktop\Outlook 2010.lnk - C:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\Users\Miroslav\Desktop\PSPad.lnk - C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\Users\Miroslav\Desktop\TISK.lnk - E:\Beskydkrby\Mix\TISK
C:\Users\Miroslav\Desktop\Word 2010.lnk - C:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\Users\Miroslav\Desktop\XML Viewer.lnk - C:\Users\Miroslav\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_18be6784.exe
C:\Users\Miroslav\Desktop\Údržba\Alcohol 120%.lnk -
C:\Users\Miroslav\Desktop\Údržba\CCleaner.lnk -
C:\Users\Miroslav\Desktop\Údržba\Dropbox.lnk -
C:\Users\Miroslav\Desktop\Údržba\LAN.lnk -
C:\Users\Miroslav\Desktop\Údržba\Revo Uninstaller.lnk -
C:\Users\Miroslav\Desktop\Údržba\Viber.lnk -
C:\Users\Miroslav\Desktop\Údržba\VLC.lnk -
C:\Users\Miroslav\Desktop\Údržba\µTorrent.lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\AutoHotkey.lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\AutoIt3 Window Spy.lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\AutoScriptWriter (recorder).lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\Convert .ahk to .exe.lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\Extras.lnk -
C:\Users\Miroslav\Desktop\Údržba\AutoHotkey\Website.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\AutoCAD 2015.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2015\acad.exe /product ACAD /language "cs-CZ"
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
C:\Users\Public\Desktop\HEIN Active 2.0.lnk - C:\Program Files (x86)\Hein\hein.exe
C:\Users\Public\Desktop\POHODA 2014.lnk - \\Pc-pc\pohoda12\Pohoda.exe
C:\Users\Public\Desktop\RAUCAD TechCON.lnk - C:\Program Files (x86)\Atcon systems\RAUCAD-TechCON\TechCON.exe
C:\Users\Public\Desktop\SketchUp 2013.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2013\SketchUp.exe
C:\Users\Public\Desktop\SketchUp 2014.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\SketchUp.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk - C:\Users\Miroslav\AppData\Local\Viber\Viber.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Chrome Apps & Extensions Developer Tool.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Spouštěč aplikací Chrome.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetDirect\FastPohoda.lnk - C:\Users\Miroslav\AppData\Roaming\Microsoft\Installer\{55DF26BD-AFE1-4516-B8A5-37FF0FB15002}\_118B97279810470C008B86.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\windows\system32\cmd.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer\The MindFusion Forums.lnk - C:\Users\Miroslav\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_294823.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer\XML Viewer.lnk - C:\Users\Miroslav\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_18be6784.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\windows\Installer\{AC76BA86-7AD7-1029-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\AutoCAD 2015 – Čeština (Czech).lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Dávková kontrola standardů.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Obnovit výchozí nastavení.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Pomůcka pro přenos licencí – AutoCAD 2015.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Připojit digitální podpisy.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Správce referencí.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Migrace uživatelských nastavení\Export nastavení aplikace AutoCAD 2015.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Migrace uživatelských nastavení\Import nastavení aplikace AutoCAD 2015.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 – Čeština (Czech)\Migrace uživatelských nastavení\Migrace z předchozí verze.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Uninstall Tool.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\Uninstall Tool\R1\UninstallTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Content Service\Služba obsahu – Konzola pro konfiguraci.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Uninstall V-Ray for SketchUp demo.lnk - C:\ProgramData\ASGVIS\Uninstall_VRayForSketchUp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Distributed Rendering\Launch the distributed rendering spawner.lnk - C:\ProgramData\ASGVIS\Common\x86\vc8\Distributed Rendering\XMLDRSpawner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Distributed Rendering 64-bit\Launch the distributed rendering spawner.lnk - C:\ProgramData\ASGVIS\Common\x64\vc10\Distributed Rendering\XMLDRSpawner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Documentation\V-Ray for SketchUp Online Documentation.lnk - C:\ProgramData\ASGVIS\Documentation\V-Ray for SketchUp 1.5 Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Co jsou iTunes.lnk - C:\Program Files (x86)\iTunes.Resources\cs.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor\Navštívit www stránku.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor\Nápověda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor\Odinstalovat.lnk - C:\Program Files (x86)\PSPad editor\Uninst\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor\PSPad Editor.lnk - C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Lachesis\Enable Trayicon.lnk - C:\Program Files (x86)\Razer\Lachesis\razertra.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Lachesis\Razer Lachesis Config.lnk - C:\Program Files (x86)\Razer\Lachesis\razercfg.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Lachesis\Razer Lachesis Help.lnk - C:\Program Files (x86)\Razer\Lachesis\Razercfg.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Lachesis\Razerzone Homepage.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014\LayOut.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\LayOut\LayOut.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014\SketchUp.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\SketchUp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014\Style Builder.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\Style Builder\Style Builder.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STORMWARE Office\Ekonomický systém POHODA 2015 (síťový klient) Premium.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STORMWARE Office\Stormware ISDOC Reader.lnk - C:\Program Files (x86)\STORMWARE\ISDOC Reader\StwISDOCReader.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PSPad.lnk - C:\Program Files (x86)\PSPad editor\PSPad.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Viber.lnk - C:\Users\Miroslav\AppData\Local\Viber\Viber.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... 1794401479
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2010.lnk - C:\windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spouštěč aplikací Chrome.lnk -
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Total Commander.lnk - C:\Program Files (x86)\TotalCMD\TOTALCMD64.EXE
==== shortcuts After Repair ======================
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Miroslav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miroslav\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Miroslav\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Miroslav\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Miroslav\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1262 folders=187 248894039 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Miroslav\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Miroslav\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on st 11. 03. 2015 at 17:41:46,43 ======================
Re: Chrome - malware omniboxes
Poprosim o novy log z FRST
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Chrome - malware omniboxes
Vypadá to, že vše je již v pořádku.
Děkuji a posílám příspěvěk na podporu fóra..
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Miroslav (administrator) on PC-KANCELAR on 12-03-2015 12:34:55
Running from C:\Users\Miroslav\Desktop
Loaded Profiles: Miroslav (Available profiles: Miroslav)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
(razercfg MFC Application) C:\Program Files (x86)\Razer\Lachesis\OSD.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe
() C:\Program Files (x86)\Razer\Lachesis\razertra.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(forum.viry.cz) C:\Users\Miroslav\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-07] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-07] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-01-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Lachesis] => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [248320 2009-11-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Policies\Explorer: []
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {bcdf6e9e-43ae-11e4-8267-a0d3c13f7eff} - "G:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-931785541-2971233630-2540198836-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
Tcpip\..\Interfaces\{D8B99B1A-27EA-46D5-877A-68647B777EB8}: [NameServer] 10.0.0.138
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
Chrome:
=======
CHR HomePage: Default -> https://www.google.cz/
CHR StartupUrls: Default -> "hxxp://google.cz/", "https://www.google.cz/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Google Search) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Page Analytics (by Google)) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2015-03-12]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-03-12]
CHR Extension: (AdBlock) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-12]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-03-12]
CHR Extension: (Dropbox) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-03-12]
CHR Extension: (Type Sample) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobccjjaffckfoggljonehppmldgmkmh [2015-03-12]
CHR Extension: (Wordpress Admin Bar Control) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\joldejophkhmeajgjenfnfdpfjkalckn [2015-03-12]
CHR Extension: (Převod měn) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjehaadplpgckpgeoddpnijogjaldela [2015-03-12]
CHR Extension: (Google Maps) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-03-12]
CHR Extension: (Google Mail Checker) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-03-12]
CHR Extension: (Hangouts) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-03-12]
CHR Extension: (Save to Pocket) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-07] (IDT, Inc.) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 Update Air Globe; "C:\Program Files (x86)\Air Globe\updateAirGlobe.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-11-28] (Alcohol Soft Development Team)
S3 lachesis35g; C:\Windows\System32\drivers\lachesis35g.sys [11776 2012-12-10] (Razer USA Ltd) [File not signed]
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-04] (Duplex Secure Ltd.)
R3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 07:32 - 2015-03-12 07:32 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2015-03-12 07:21 - 2015-03-12 12:26 - 00000980 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 07:21 - 2015-03-12 07:26 - 00000976 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 07:21 - 2015-03-12 07:21 - 00003952 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-12 07:21 - 2015-03-12 07:21 - 00003716 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-12 07:21 - 2015-03-12 07:21 - 00002282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 07:21 - 2015-03-12 07:21 - 00000950 _____ () C:\Users\Miroslav\Desktop\Stažené soubory.lnk
2015-03-12 07:21 - 2015-03-12 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-11 17:45 - 2015-03-11 17:45 - 00880208 _____ (Google Inc.) C:\Users\Miroslav\Downloads\ChromeSetup.exe
2015-03-11 17:41 - 2015-03-11 17:35 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-03-11 17:35 - 2015-03-11 17:41 - 00024058 _____ () C:\zoek-results.log
2015-03-11 17:35 - 2015-03-11 17:40 - 00000000 ____D () C:\zoek_backup
2015-03-11 17:34 - 2015-03-11 17:34 - 01305600 _____ () C:\Users\Miroslav\Desktop\zoek.exe
2015-03-11 17:25 - 2015-03-11 17:25 - 02171392 _____ () C:\Users\Miroslav\Desktop\adwcleaner_4.112.exe
2015-03-11 16:40 - 2015-03-12 12:35 - 00020282 _____ () C:\Users\Miroslav\Desktop\FRST.txt
2015-03-11 16:39 - 2015-03-12 12:34 - 00000000 ____D () C:\FRST
2015-03-11 16:37 - 2015-03-11 16:37 - 00112640 _____ (forum.viry.cz) C:\Users\Miroslav\Desktop\FRSTLauncher.exe
2015-03-11 16:35 - 2015-03-11 16:35 - 02095616 _____ (Farbar) C:\Users\Miroslav\Desktop\FRST64.exe
2015-03-11 15:42 - 2015-03-11 17:33 - 00000000 ____D () C:\AdwCleaner
2015-03-11 15:31 - 2015-03-11 15:31 - 00000788 _____ () C:\windows\setupact.log
2015-03-11 15:31 - 2015-03-11 15:31 - 00000000 _____ () C:\windows\setuperr.log
2015-03-11 15:05 - 2015-03-11 15:18 - 00000000 ____D () C:\ProgramData\ASGVIS
2015-03-11 15:05 - 2015-03-11 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group
2015-03-11 14:57 - 2015-01-12 07:39 - 00002139 _____ () C:\Users\Miroslav\Desktop\AutoCAD 2015.lnk
2015-03-11 14:51 - 2015-03-11 14:51 - 00003120 _____ () C:\windows\SysWOW64\ALLFSAF14a.ocx
2015-03-11 14:51 - 2015-03-11 14:51 - 00002040 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2015-03-11 14:51 - 2015-03-11 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014
2015-03-11 14:33 - 2015-03-11 14:33 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-10 12:43 - 2015-03-10 12:39 - 00001282 _____ () C:\Users\Miroslav\Desktop\Adobe Dreamweaver CC 2014.lnk
2015-03-10 12:40 - 2015-03-10 12:40 - 00003514 _____ () C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mirdos@outlook.cz
2015-03-10 12:39 - 2015-03-10 12:39 - 00001282 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
2015-03-10 12:28 - 2015-03-11 17:41 - 00007988 _____ () C:\windows\PFRO.log
2015-03-10 12:24 - 2015-03-12 11:46 - 00000000 ____D () C:\Users\Miroslav\Desktop\text
2015-03-10 10:47 - 2015-03-10 10:47 - 12518229 _____ () C:\Users\Miroslav\Downloads\Suntiware_13-2-DEMO.zip
2015-03-10 10:34 - 2015-03-10 12:04 - 00000000 ____D () C:\Program Files\Adobe
2015-03-10 10:31 - 2015-03-10 10:32 - 20613771 _____ () C:\Users\Miroslav\Downloads\suntiware_14-1.zip
2015-03-10 10:29 - 2015-03-10 10:29 - 00000000 ___RD () C:\Users\Miroslav\Creative Cloud Files
2015-03-10 10:13 - 2015-03-10 10:13 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\PDAppFlex
2015-03-10 10:02 - 2015-03-10 12:39 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-10 09:48 - 2015-03-10 09:48 - 00000000 ____D () C:\Users\Miroslav\DO~CUWG5
2015-03-09 10:07 - 2015-03-09 10:07 - 00002997 _____ () C:\Users\Miroslav\Desktop\XML Viewer.lnk
2015-03-09 10:05 - 2015-03-09 10:05 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer
2015-03-09 10:05 - 2015-03-09 10:05 - 00000000 ____D () C:\Program Files (x86)\MindFusion Limited
2015-02-20 08:52 - 2015-02-20 08:52 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\NetDirect
2015-02-16 07:13 - 2015-03-12 12:19 - 01959444 _____ () C:\windows\WindowsUpdate.log
2015-02-14 11:00 - 2015-02-27 09:34 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\PioneerLog
2015-02-14 10:59 - 2015-02-14 10:59 - 00000000 ____D () C:\Users\Miroslav\Documents\rekordbox
2015-02-14 10:59 - 2015-02-14 10:59 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Pioneer
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 12:34 - 2014-08-05 06:28 - 00000000 ____D () C:\Users\Miroslav\Documents\Soubory aplikace Outlook
2015-03-12 12:19 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-03-12 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-03-12 10:20 - 2014-08-04 12:50 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\XnView
2015-03-12 08:53 - 2014-08-04 09:04 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-931785541-2971233630-2540198836-1001
2015-03-12 07:21 - 2014-08-04 09:08 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-12 07:21 - 2014-08-04 09:07 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\Google
2015-03-12 07:20 - 2014-08-04 09:01 - 00000000 __RDO () C:\Users\Miroslav\OneDrive
2015-03-12 07:19 - 2014-08-05 08:12 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\Adobe
2015-03-11 17:49 - 2014-08-04 09:07 - 00003994 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3DB0DA44-4792-493B-82B8-028069F1D3CB}
2015-03-11 17:46 - 2014-07-11 10:28 - 00724228 _____ () C:\windows\system32\perfh005.dat
2015-03-11 17:46 - 2014-07-11 10:28 - 00167054 _____ () C:\windows\system32\perfc005.dat
2015-03-11 17:46 - 2014-03-18 16:32 - 01748858 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-11 17:41 - 2014-07-11 01:45 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-11 17:41 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-11 17:40 - 2014-08-04 08:59 - 00001706 _____ () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-11 17:40 - 2013-08-22 16:36 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-03-11 17:25 - 2014-08-18 08:27 - 00000000 ___RD () C:\Users\Miroslav\Dropbox
2015-03-11 17:04 - 2014-08-18 08:26 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Dropbox
2015-03-11 16:45 - 2014-08-14 13:53 - 03887616 ___SH () C:\Users\Miroslav\Downloads\Thumbs.db
2015-03-11 15:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-03-11 15:08 - 2014-11-28 11:32 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\uTorrent
2015-03-11 15:04 - 2014-11-28 12:12 - 00000000 ____D () C:\Users\Miroslav\Downloads\torrent
2015-03-11 14:53 - 2014-08-04 12:33 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\SketchUp
2015-03-11 14:51 - 2014-08-04 12:31 - 00000000 ____D () C:\ProgramData\SketchUp
2015-03-11 14:51 - 2014-08-04 12:31 - 00000000 ____D () C:\Program Files (x86)\SketchUp
2015-03-11 14:37 - 2014-09-25 10:42 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\vlc
2015-03-11 14:35 - 2014-08-04 13:56 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-11 14:35 - 2014-08-04 08:59 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Adobe
2015-03-11 14:33 - 2014-08-04 13:56 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-11 13:20 - 2014-08-06 09:00 - 02481664 ___SH () C:\Users\Miroslav\Desktop\Thumbs.db
2015-03-11 13:20 - 2013-08-22 15:44 - 00497864 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-11 13:10 - 2013-08-22 14:25 - 00000301 _____ () C:\windows\win.ini
2015-03-11 13:08 - 2014-08-04 11:55 - 00000000 ____D () C:\Program Files (x86)\Alcohol Soft
2015-03-10 17:27 - 2014-08-04 08:59 - 00000000 ____D () C:\Users\Miroslav
2015-03-06 13:55 - 2015-01-09 11:01 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\ViberPC
2015-03-06 13:55 - 2015-01-09 11:01 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\Viber
2015-03-03 14:17 - 2014-08-11 07:18 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-27 17:24 - 2014-09-03 06:55 - 00000000 ____D () C:\Users\Miroslav\Documents\Reg
2015-02-26 15:09 - 2014-08-04 12:19 - 00000000 ____D () C:\Users\Miroslav\Desktop\Údržba
2015-02-20 10:22 - 2015-01-19 07:45 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\netDirect
2015-02-14 10:24 - 2014-08-18 08:26 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== Files in the root of some directories =======
2014-02-18 05:12 - 2014-02-18 05:12 - 0121306 _____ () C:\Program Files\Acknowledgements.rtf
2014-10-15 05:42 - 2014-10-15 05:42 - 3022480 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_dsp.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0145040 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_link.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 1556112 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_manager.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0538768 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_musicid.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0273040 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_submit.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 2084648 _____ (Apple, Inc) C:\Program Files\iAdCore.dll
2014-02-18 05:07 - 2014-02-18 05:07 - 0112968 _____ (Apple Inc.) C:\Program Files\ITDetector.ocx
2014-10-15 05:42 - 2014-10-15 05:42 - 27444520 _____ (Apple Inc.) C:\Program Files\iTunes.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 4175144 _____ (Apple Inc.) C:\Program Files\iTunes.exe
2014-10-15 05:42 - 2014-10-15 05:42 - 0440104 _____ (Apple Inc.) C:\Program Files\iTunesAdmin.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0173352 _____ (Apple Inc.) C:\Program Files\iTunesHelper.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0157480 _____ (Apple Inc.) C:\Program Files\iTunesHelper.exe
2014-10-15 05:42 - 2014-10-15 05:42 - 0310568 _____ (Apple Inc.) C:\Program Files\iTunesOutlookAddIn.dll
2015-01-06 17:06 - 2015-01-06 17:06 - 0000017 _____ () C:\Users\Miroslav\AppData\Local\resmon.resmoncfg
2014-08-18 15:02 - 2014-08-18 15:02 - 0000445 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-04 07:30
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Windows) (Fixed) (Total:226.35 GB) (Free:145.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.65 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DATADRIVE) (Fixed) (Total:2794.39 GB) (Free:2655.98 GB) NTFS
Available physical RAM: 14265.27 MB
Total physical RAM: 16337.06 MB
Percentage of memory in use: 12%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 238.5 GB) (Disk ID: 14418506)
Disk: 1 (Size: 2794.5 GB) (Disk ID: 73CFCDB3)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\Miroslav\OneDrive:ms-properties
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Miroslav\Desktop" je 6 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Děkuji a posílám příspěvěk na podporu fóra..
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Miroslav (administrator) on PC-KANCELAR on 12-03-2015 12:34:55
Running from C:\Users\Miroslav\Desktop
Loaded Profiles: Miroslav (Available profiles: Miroslav)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
(razercfg MFC Application) C:\Program Files (x86)\Razer\Lachesis\OSD.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Autodesk, Inc.) C:\Program Files\Common Files\Autodesk Shared\WSCommCntr4\lib\WSCommCntr4.exe
() C:\Program Files (x86)\Razer\Lachesis\razertra.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(forum.viry.cz) C:\Users\Miroslav\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-07] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-07] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-01-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Lachesis] => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [248320 2009-11-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Policies\Explorer: []
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {bcdf6e9e-43ae-11e4-8267-a0d3c13f7eff} - "G:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll No File
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll No File
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Miroslav\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-931785541-2971233630-2540198836-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
Tcpip\..\Interfaces\{D8B99B1A-27EA-46D5-877A-68647B777EB8}: [NameServer] 10.0.0.138
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll No File
Chrome:
=======
CHR HomePage: Default -> https://www.google.cz/
CHR StartupUrls: Default -> "hxxp://google.cz/", "https://www.google.cz/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Google Search) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Page Analytics (by Google)) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2015-03-12]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-03-12]
CHR Extension: (AdBlock) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-12]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-03-12]
CHR Extension: (Dropbox) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-03-12]
CHR Extension: (Type Sample) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobccjjaffckfoggljonehppmldgmkmh [2015-03-12]
CHR Extension: (Wordpress Admin Bar Control) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\joldejophkhmeajgjenfnfdpfjkalckn [2015-03-12]
CHR Extension: (Převod měn) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjehaadplpgckpgeoddpnijogjaldela [2015-03-12]
CHR Extension: (Google Maps) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-03-12]
CHR Extension: (Google Mail Checker) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-03-12]
CHR Extension: (Hangouts) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-03-12]
CHR Extension: (Save to Pocket) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Miroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-07] (IDT, Inc.) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 Update Air Globe; "C:\Program Files (x86)\Air Globe\updateAirGlobe.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-11-28] (Alcohol Soft Development Team)
S3 lachesis35g; C:\Windows\System32\drivers\lachesis35g.sys [11776 2012-12-10] (Razer USA Ltd) [File not signed]
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-08-04] (Duplex Secure Ltd.)
R3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 07:32 - 2015-03-12 07:32 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2015-03-12 07:21 - 2015-03-12 12:26 - 00000980 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 07:21 - 2015-03-12 07:26 - 00000976 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 07:21 - 2015-03-12 07:21 - 00003952 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-12 07:21 - 2015-03-12 07:21 - 00003716 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-12 07:21 - 2015-03-12 07:21 - 00002282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 07:21 - 2015-03-12 07:21 - 00000950 _____ () C:\Users\Miroslav\Desktop\Stažené soubory.lnk
2015-03-12 07:21 - 2015-03-12 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-11 17:45 - 2015-03-11 17:45 - 00880208 _____ (Google Inc.) C:\Users\Miroslav\Downloads\ChromeSetup.exe
2015-03-11 17:41 - 2015-03-11 17:35 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-03-11 17:35 - 2015-03-11 17:41 - 00024058 _____ () C:\zoek-results.log
2015-03-11 17:35 - 2015-03-11 17:40 - 00000000 ____D () C:\zoek_backup
2015-03-11 17:34 - 2015-03-11 17:34 - 01305600 _____ () C:\Users\Miroslav\Desktop\zoek.exe
2015-03-11 17:25 - 2015-03-11 17:25 - 02171392 _____ () C:\Users\Miroslav\Desktop\adwcleaner_4.112.exe
2015-03-11 16:40 - 2015-03-12 12:35 - 00020282 _____ () C:\Users\Miroslav\Desktop\FRST.txt
2015-03-11 16:39 - 2015-03-12 12:34 - 00000000 ____D () C:\FRST
2015-03-11 16:37 - 2015-03-11 16:37 - 00112640 _____ (forum.viry.cz) C:\Users\Miroslav\Desktop\FRSTLauncher.exe
2015-03-11 16:35 - 2015-03-11 16:35 - 02095616 _____ (Farbar) C:\Users\Miroslav\Desktop\FRST64.exe
2015-03-11 15:42 - 2015-03-11 17:33 - 00000000 ____D () C:\AdwCleaner
2015-03-11 15:31 - 2015-03-11 15:31 - 00000788 _____ () C:\windows\setupact.log
2015-03-11 15:31 - 2015-03-11 15:31 - 00000000 _____ () C:\windows\setuperr.log
2015-03-11 15:05 - 2015-03-11 15:18 - 00000000 ____D () C:\ProgramData\ASGVIS
2015-03-11 15:05 - 2015-03-11 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group
2015-03-11 14:57 - 2015-01-12 07:39 - 00002139 _____ () C:\Users\Miroslav\Desktop\AutoCAD 2015.lnk
2015-03-11 14:51 - 2015-03-11 14:51 - 00003120 _____ () C:\windows\SysWOW64\ALLFSAF14a.ocx
2015-03-11 14:51 - 2015-03-11 14:51 - 00002040 _____ () C:\Users\Public\Desktop\SketchUp 2014.lnk
2015-03-11 14:51 - 2015-03-11 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014
2015-03-11 14:33 - 2015-03-11 14:33 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-10 12:43 - 2015-03-10 12:39 - 00001282 _____ () C:\Users\Miroslav\Desktop\Adobe Dreamweaver CC 2014.lnk
2015-03-10 12:40 - 2015-03-10 12:40 - 00003514 _____ () C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-mirdos@outlook.cz
2015-03-10 12:39 - 2015-03-10 12:39 - 00001282 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
2015-03-10 12:28 - 2015-03-11 17:41 - 00007988 _____ () C:\windows\PFRO.log
2015-03-10 12:24 - 2015-03-12 11:46 - 00000000 ____D () C:\Users\Miroslav\Desktop\text
2015-03-10 10:47 - 2015-03-10 10:47 - 12518229 _____ () C:\Users\Miroslav\Downloads\Suntiware_13-2-DEMO.zip
2015-03-10 10:34 - 2015-03-10 12:04 - 00000000 ____D () C:\Program Files\Adobe
2015-03-10 10:31 - 2015-03-10 10:32 - 20613771 _____ () C:\Users\Miroslav\Downloads\suntiware_14-1.zip
2015-03-10 10:29 - 2015-03-10 10:29 - 00000000 ___RD () C:\Users\Miroslav\Creative Cloud Files
2015-03-10 10:13 - 2015-03-10 10:13 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\PDAppFlex
2015-03-10 10:02 - 2015-03-10 12:39 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-10 09:48 - 2015-03-10 09:48 - 00000000 ____D () C:\Users\Miroslav\DO~CUWG5
2015-03-09 10:07 - 2015-03-09 10:07 - 00002997 _____ () C:\Users\Miroslav\Desktop\XML Viewer.lnk
2015-03-09 10:05 - 2015-03-09 10:05 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer
2015-03-09 10:05 - 2015-03-09 10:05 - 00000000 ____D () C:\Program Files (x86)\MindFusion Limited
2015-02-20 08:52 - 2015-02-20 08:52 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\NetDirect
2015-02-16 07:13 - 2015-03-12 12:19 - 01959444 _____ () C:\windows\WindowsUpdate.log
2015-02-14 11:00 - 2015-02-27 09:34 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\PioneerLog
2015-02-14 10:59 - 2015-02-14 10:59 - 00000000 ____D () C:\Users\Miroslav\Documents\rekordbox
2015-02-14 10:59 - 2015-02-14 10:59 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Pioneer
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-12 12:34 - 2014-08-05 06:28 - 00000000 ____D () C:\Users\Miroslav\Documents\Soubory aplikace Outlook
2015-03-12 12:19 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-03-12 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-03-12 10:20 - 2014-08-04 12:50 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\XnView
2015-03-12 08:53 - 2014-08-04 09:04 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-931785541-2971233630-2540198836-1001
2015-03-12 07:21 - 2014-08-04 09:08 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-12 07:21 - 2014-08-04 09:07 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\Google
2015-03-12 07:20 - 2014-08-04 09:01 - 00000000 __RDO () C:\Users\Miroslav\OneDrive
2015-03-12 07:19 - 2014-08-05 08:12 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\Adobe
2015-03-11 17:49 - 2014-08-04 09:07 - 00003994 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3DB0DA44-4792-493B-82B8-028069F1D3CB}
2015-03-11 17:46 - 2014-07-11 10:28 - 00724228 _____ () C:\windows\system32\perfh005.dat
2015-03-11 17:46 - 2014-07-11 10:28 - 00167054 _____ () C:\windows\system32\perfc005.dat
2015-03-11 17:46 - 2014-03-18 16:32 - 01748858 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-11 17:41 - 2014-07-11 01:45 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-11 17:41 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-11 17:40 - 2014-08-04 08:59 - 00001706 _____ () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-11 17:40 - 2013-08-22 16:36 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-03-11 17:25 - 2014-08-18 08:27 - 00000000 ___RD () C:\Users\Miroslav\Dropbox
2015-03-11 17:04 - 2014-08-18 08:26 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Dropbox
2015-03-11 16:45 - 2014-08-14 13:53 - 03887616 ___SH () C:\Users\Miroslav\Downloads\Thumbs.db
2015-03-11 15:44 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-03-11 15:08 - 2014-11-28 11:32 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\uTorrent
2015-03-11 15:04 - 2014-11-28 12:12 - 00000000 ____D () C:\Users\Miroslav\Downloads\torrent
2015-03-11 14:53 - 2014-08-04 12:33 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\SketchUp
2015-03-11 14:51 - 2014-08-04 12:31 - 00000000 ____D () C:\ProgramData\SketchUp
2015-03-11 14:51 - 2014-08-04 12:31 - 00000000 ____D () C:\Program Files (x86)\SketchUp
2015-03-11 14:37 - 2014-09-25 10:42 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\vlc
2015-03-11 14:35 - 2014-08-04 13:56 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-11 14:35 - 2014-08-04 08:59 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Adobe
2015-03-11 14:33 - 2014-08-04 13:56 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-11 13:20 - 2014-08-06 09:00 - 02481664 ___SH () C:\Users\Miroslav\Desktop\Thumbs.db
2015-03-11 13:20 - 2013-08-22 15:44 - 00497864 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-11 13:10 - 2013-08-22 14:25 - 00000301 _____ () C:\windows\win.ini
2015-03-11 13:08 - 2014-08-04 11:55 - 00000000 ____D () C:\Program Files (x86)\Alcohol Soft
2015-03-10 17:27 - 2014-08-04 08:59 - 00000000 ____D () C:\Users\Miroslav
2015-03-06 13:55 - 2015-01-09 11:01 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\ViberPC
2015-03-06 13:55 - 2015-01-09 11:01 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\Viber
2015-03-03 14:17 - 2014-08-11 07:18 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-02-27 17:24 - 2014-09-03 06:55 - 00000000 ____D () C:\Users\Miroslav\Documents\Reg
2015-02-26 15:09 - 2014-08-04 12:19 - 00000000 ____D () C:\Users\Miroslav\Desktop\Údržba
2015-02-20 10:22 - 2015-01-19 07:45 - 00000000 ____D () C:\Users\Miroslav\AppData\Local\netDirect
2015-02-14 10:24 - 2014-08-18 08:26 - 00000000 ____D () C:\Users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== Files in the root of some directories =======
2014-02-18 05:12 - 2014-02-18 05:12 - 0121306 _____ () C:\Program Files\Acknowledgements.rtf
2014-10-15 05:42 - 2014-10-15 05:42 - 3022480 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_dsp.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0145040 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_link.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 1556112 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_manager.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0538768 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_musicid.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0273040 _____ (Gracenote, Inc.) C:\Program Files\gnsdk_submit.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 2084648 _____ (Apple, Inc) C:\Program Files\iAdCore.dll
2014-02-18 05:07 - 2014-02-18 05:07 - 0112968 _____ (Apple Inc.) C:\Program Files\ITDetector.ocx
2014-10-15 05:42 - 2014-10-15 05:42 - 27444520 _____ (Apple Inc.) C:\Program Files\iTunes.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 4175144 _____ (Apple Inc.) C:\Program Files\iTunes.exe
2014-10-15 05:42 - 2014-10-15 05:42 - 0440104 _____ (Apple Inc.) C:\Program Files\iTunesAdmin.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0173352 _____ (Apple Inc.) C:\Program Files\iTunesHelper.dll
2014-10-15 05:42 - 2014-10-15 05:42 - 0157480 _____ (Apple Inc.) C:\Program Files\iTunesHelper.exe
2014-10-15 05:42 - 2014-10-15 05:42 - 0310568 _____ (Apple Inc.) C:\Program Files\iTunesOutlookAddIn.dll
2015-01-06 17:06 - 2015-01-06 17:06 - 0000017 _____ () C:\Users\Miroslav\AppData\Local\resmon.resmoncfg
2014-08-18 15:02 - 2014-08-18 15:02 - 0000445 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-04 07:30
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Windows) (Fixed) (Total:226.35 GB) (Free:145.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.65 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DATADRIVE) (Fixed) (Total:2794.39 GB) (Free:2655.98 GB) NTFS
Available physical RAM: 14265.27 MB
Total physical RAM: 16337.06 MB
Percentage of memory in use: 12%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 238.5 GB) (Disk ID: 14418506)
Disk: 1 (Size: 2794.5 GB) (Disk ID: 73CFCDB3)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\Miroslav\OneDrive:ms-properties
==================== Security Center ==================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Miroslav\Desktop" je 6 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Re: Chrome - malware omniboxes
Za podporu fora jmenem celeho tymu dekuji Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation) HKLM-x32\...\Run: [Lachesis] => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [248320 2009-11-10] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation) HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.) HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Policies\Explorer: [] HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {bcdf6e9e-43ae-11e4-8267-a0d3c13f7eff} - "G:\HTC_Sync_Manager_PC.exe" HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... 4401479&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... 4401479&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S2 Update Air Globe; "C:\Program Files (x86)\Air Globe\updateAirGlobe.exe" [X] U3 McAPExe; No ImagePath U3 McMPFSvc; No ImagePath U3 McNaiAnn; No ImagePath U3 mcpltsvc; No ImagePath U3 mfecore; No ImagePath U3 MSK80Service; No ImagePath 2015-03-11 17:45 - 2015-03-11 17:45 - 00880208 _____ (Google Inc.) C:\Users\Miroslav\Downloads\ChromeSetup.exe 2015-03-11 17:41 - 2015-03-11 17:35 - 00024064 _____ () C:\windows\zoek-delete.exe 2015-03-11 17:35 - 2015-03-11 17:41 - 00024058 _____ () C:\zoek-results.log 2015-03-11 17:35 - 2015-03-11 17:40 - 00000000 ____D () C:\zoek_backup 2015-03-11 17:34 - 2015-03-11 17:34 - 01305600 _____ () C:\Users\Miroslav\Desktop\zoek.exe 2015-03-11 17:25 - 2015-03-11 17:25 - 02171392 _____ () C:\Users\Miroslav\Desktop\adwcleaner_4.112.exe 2015-03-11 16:40 - 2015-03-12 12:35 - 00020282 _____ () C:\Users\Miroslav\Desktop\FRST.txt 2015-03-11 16:37 - 2015-03-11 16:37 - 00112640 _____ (forum.viry.cz) C:\Users\Miroslav\Desktop\FRSTLauncher.exe 2015-03-11 15:42 - 2015-03-11 17:33 - 00000000 ____D () C:\AdwCleaner 2015-03-11 15:31 - 2015-03-11 15:31 - 00000788 _____ () C:\windows\setupact.log 2015-03-11 15:31 - 2015-03-11 15:31 - 00000000 _____ () C:\windows\setuperr.log Task: C:\windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\ProgramData\Temp:054203E4 Hosts: EmptyTemp: Reboot: End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Chrome - malware omniboxes
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Miroslav at 2015-03-19 12:32:36 Run:1
Running from C:\Users\Miroslav\Desktop
Loaded Profiles: Miroslav (Available profiles: Miroslav)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Lachesis] => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [248320 2009-11-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Policies\Explorer: []
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {bcdf6e9e-43ae-11e4-8267-a0d3c13f7eff} - "G:\HTC_Sync_Manager_PC.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... 4401479&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... 4401479&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 Update Air Globe; "C:\Program Files (x86)\Air Globe\updateAirGlobe.exe" [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
2015-03-11 17:45 - 2015-03-11 17:45 - 00880208 _____ (Google Inc.) C:\Users\Miroslav\Downloads\ChromeSetup.exe
2015-03-11 17:41 - 2015-03-11 17:35 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-03-11 17:35 - 2015-03-11 17:41 - 00024058 _____ () C:\zoek-results.log
2015-03-11 17:35 - 2015-03-11 17:40 - 00000000 ____D () C:\zoek_backup
2015-03-11 17:34 - 2015-03-11 17:34 - 01305600 _____ () C:\Users\Miroslav\Desktop\zoek.exe
2015-03-11 17:25 - 2015-03-11 17:25 - 02171392 _____ () C:\Users\Miroslav\Desktop\adwcleaner_4.112.exe
2015-03-11 16:40 - 2015-03-12 12:35 - 00020282 _____ () C:\Users\Miroslav\Desktop\FRST.txt
2015-03-11 16:37 - 2015-03-11 16:37 - 00112640 _____ (forum.viry.cz) C:\Users\Miroslav\Desktop\FRSTLauncher.exe
2015-03-11 15:42 - 2015-03-11 17:33 - 00000000 ____D () C:\AdwCleaner
2015-03-11 15:31 - 2015-03-11 15:31 - 00000788 _____ () C:\windows\setupact.log
2015-03-11 15:31 - 2015-03-11 15:31 - 00000000 _____ () C:\windows\setuperr.log
Task: C:\windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:054203E4
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Lachesis => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => value deleted successfully.
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount => value deleted successfully.
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44 => value deleted successfully.
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
"HKU\S-1-5-21-931785541-2971233630-2540198836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcdf6e9e-43ae-11e4-8267-a0d3c13f7eff}" => Key deleted successfully.
HKCR\CLSID\{bcdf6e9e-43ae-11e4-8267-a0d3c13f7eff} => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Update Air Globe => Service deleted successfully.
McAPExe => Service deleted successfully.
McMPFSvc => Service deleted successfully.
McNaiAnn => Service deleted successfully.
mcpltsvc => Service deleted successfully.
mfecore => Service deleted successfully.
MSK80Service => Service deleted successfully.
"C:\Users\Miroslav\Downloads\ChromeSetup.exe" => File/Directory not found.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
"C:\Users\Miroslav\Desktop\zoek.exe" => File/Directory not found.
"C:\Users\Miroslav\Desktop\adwcleaner_4.112.exe" => File/Directory not found.
"C:\Users\Miroslav\Desktop\FRST.txt" => File/Directory not found.
C:\Users\Miroslav\Desktop\FRSTLauncher.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\windows\setupact.log => Moved successfully.
C:\windows\setuperr.log => Moved successfully.
C:\windows\Tasks\DriverNavigator Scheduled Scan.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\Temp => ":054203E4" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 246.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 12:32:43 ====
Ran by Miroslav at 2015-03-19 12:32:36 Run:1
Running from C:\Users\Miroslav\Desktop
Loaded Profiles: Miroslav (Available profiles: Miroslav)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Lachesis] => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [248320 2009-11-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Run: [GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\Policies\Explorer: []
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\...\MountPoints2: {bcdf6e9e-43ae-11e4-8267-a0d3c13f7eff} - "G:\HTC_Sync_Manager_PC.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... 4401479&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... 1794401479
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... 4401479&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 Update Air Globe; "C:\Program Files (x86)\Air Globe\updateAirGlobe.exe" [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
2015-03-11 17:45 - 2015-03-11 17:45 - 00880208 _____ (Google Inc.) C:\Users\Miroslav\Downloads\ChromeSetup.exe
2015-03-11 17:41 - 2015-03-11 17:35 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-03-11 17:35 - 2015-03-11 17:41 - 00024058 _____ () C:\zoek-results.log
2015-03-11 17:35 - 2015-03-11 17:40 - 00000000 ____D () C:\zoek_backup
2015-03-11 17:34 - 2015-03-11 17:34 - 01305600 _____ () C:\Users\Miroslav\Desktop\zoek.exe
2015-03-11 17:25 - 2015-03-11 17:25 - 02171392 _____ () C:\Users\Miroslav\Desktop\adwcleaner_4.112.exe
2015-03-11 16:40 - 2015-03-12 12:35 - 00020282 _____ () C:\Users\Miroslav\Desktop\FRST.txt
2015-03-11 16:37 - 2015-03-11 16:37 - 00112640 _____ (forum.viry.cz) C:\Users\Miroslav\Desktop\FRSTLauncher.exe
2015-03-11 15:42 - 2015-03-11 17:33 - 00000000 ____D () C:\AdwCleaner
2015-03-11 15:31 - 2015-03-11 15:31 - 00000788 _____ () C:\windows\setupact.log
2015-03-11 15:31 - 2015-03-11 15:31 - 00000000 _____ () C:\windows\setuperr.log
Task: C:\windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:054203E4
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Lachesis => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => value deleted successfully.
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount => value deleted successfully.
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_32355425123F7F9C052AB58FA7004C44 => value deleted successfully.
HKU\S-1-5-21-931785541-2971233630-2540198836-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
"HKU\S-1-5-21-931785541-2971233630-2540198836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcdf6e9e-43ae-11e4-8267-a0d3c13f7eff}" => Key deleted successfully.
HKCR\CLSID\{bcdf6e9e-43ae-11e4-8267-a0d3c13f7eff} => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Update Air Globe => Service deleted successfully.
McAPExe => Service deleted successfully.
McMPFSvc => Service deleted successfully.
McNaiAnn => Service deleted successfully.
mcpltsvc => Service deleted successfully.
mfecore => Service deleted successfully.
MSK80Service => Service deleted successfully.
"C:\Users\Miroslav\Downloads\ChromeSetup.exe" => File/Directory not found.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
"C:\Users\Miroslav\Desktop\zoek.exe" => File/Directory not found.
"C:\Users\Miroslav\Desktop\adwcleaner_4.112.exe" => File/Directory not found.
"C:\Users\Miroslav\Desktop\FRST.txt" => File/Directory not found.
C:\Users\Miroslav\Desktop\FRSTLauncher.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\windows\setupact.log => Moved successfully.
C:\windows\setuperr.log => Moved successfully.
C:\windows\Tasks\DriverNavigator Scheduled Scan.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\Temp => ":054203E4" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 246.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog 12:32:43 ====
Re: Chrome - malware omniboxes
Jak se chova PC???
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Chrome - malware omniboxes
Vypadá to, že vše funguje jak má, kromě jedné věci - používám MS Outlook 2010 a dříve se mi přílohy ve formátu pdf zobrazovaly přímo v náhledu emailu, teď se pouze zobrazuje chybová zpráva PDF Preview Handleru (viz screen), reinstal Adobe Readeru nepomáhá..
Re: Chrome - malware omniboxes
Zkuste mrknout
http://answers.microsoft.com/en-us/offi ... 670d679240
https://forums.adobe.com/thread/303008? ... 0&tstart=0
http://answers.microsoft.com/en-us/offi ... 670d679240
https://forums.adobe.com/thread/303008? ... 0&tstart=0
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?