Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01
Ran by Vítek (administrator) on VITEK on 12-02-2014 12:21:20
Running from C:\Users\Vítek\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(forum.viry.cz) C:\Users\Vítek\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2615624 2007-10-23] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [906648 2007-10-23] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-10-23] (Acronis)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264 2011-09-22] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-10-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [seznam-listicka-distribuce] - C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [OEXPRESS] - [X]
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\RunOnce: [SeznamInstall-uninstall:d2ebb425674ee88734492a0eb4ff51d5] - C:\Users\VTEK~1\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2014-02-11] ()
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {44f9f64e-afea-11dc-951f-001a4d56511b} - I:\setupSNK.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {74373a53-f86d-11df-aa3a-001a4d56511b} - D:\APPInst.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} - D:\SETUP95.EXE
Lsa: [Authentication Packages] msv1_0 relog_ap
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://www.icq.com/search/results.php?q ... &ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60040
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
SearchScopes: HKCU - {7A6A937F-8E0B-4C15-9E84-46A6F933476C} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... 093&lng=cs
SearchScopes: HKCU - {FC243A73-96A4-4616-99B3-4B39B98BE6C3} URL = http://websearch.ask.com/redirect?clien ... F80389D5CC
BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll (Seznam.cz a.s.)
Toolbar: HKLM - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll (Seznam.cz a.s.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.oriflame-e-kosmetika.cz/
FF Keyword.URL: hxxp://search.toolbars.alexa.com/?ver=alxf-2.19&src=ab&aid=zPL4e1Kgie00o%2B&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler - C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Vítek\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Vítek\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Vítek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\firmycz.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\inbox-hledn.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\mapycz.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\web-search-powered-by-google.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\zbocz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-09-23]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\cs@dictionaries.addons.mozilla.org [2013-01-22]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-05]
FF Extension: Seznam lištička - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-03-29]
FF Extension: No Name - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\toolbar@alexa.com.xpi [2011-07-03]
FF Extension: No Name - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{db0832f2-613f-4afb-8b6a-155fe76eb32e}.xpi [2011-06-08]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-02-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-03-13]
Chrome:
=======
CHR Extension: (YouTube) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Google Wallet) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-09-25]
CHR Extension: (Gmail) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR StartMenuInternet: Google Chrome - C:\Users\Vítek\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S4 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S4 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-10-23] (Acronis)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944 2011-09-22] (ESET)
S4 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [65536 2005-01-04] (The Firebird Project)
S4 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [1527893 2005-01-04] (The Firebird Project)
S4 KoopPdfService; C:\Program Files\Kooperativa\Services\KoopPDFServer.exe [2454016 2011-01-10] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S4 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S4 Printer Control; C:\Windows\system32\PrintCtrl.exe [65536 2009-10-28] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [495832 2007-10-23] ()
==================== Drivers (Whitelisted) ====================
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21275 2007-12-21] (Meetinghouse Data Communications)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [81936 2011-06-06] (Advanced Micro Devices)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [147480 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [33656 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2011-08-04] (ESET)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-02-07] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2008-02-07] (Acronis)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RT61; system32\DRIVERS\RT61.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-12 12:07 - 2014-02-12 12:21 - 00022484 _____ () C:\Users\Vítek\Desktop\FRST.txt
2014-02-12 12:01 - 2014-02-12 12:02 - 00000000 ____D () C:\FRST
2014-02-12 12:00 - 2014-02-12 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Vítek\Desktop\FRSTLauncher.exe
2014-02-12 11:59 - 2014-02-12 11:59 - 01139712 _____ (Farbar) C:\Users\Vítek\Desktop\FRST.exe
2014-02-11 23:38 - 2014-02-11 23:38 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{0CD96D3D-0685-446B-A68B-C601EE197B25}
2014-02-11 11:16 - 2014-02-11 11:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{EBA27D69-92C7-47A3-BFCF-A5978EDCBFF7}
2014-02-10 23:16 - 2014-02-10 23:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8B035B02-30B3-4F2C-8E65-645F70FC0522}
2014-02-10 11:15 - 2014-02-10 11:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{292AC2BB-1410-4884-830F-0E5A3BE99D1A}
2014-02-09 23:15 - 2014-02-09 23:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{54C7C163-7B47-495D-B4E6-805168A3974F}
2014-02-09 11:15 - 2014-02-09 11:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{3722D9BE-E162-4DF8-8010-B918BADCAD99}
2014-02-08 23:14 - 2014-02-08 23:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{4E5F929A-A593-4825-9700-911E6ECCE1F5}
2014-02-08 11:14 - 2014-02-08 11:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8CFDD359-A26F-4C5F-8ECB-0EC7819472BA}
2014-02-07 23:13 - 2014-02-07 23:13 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{92D90FB4-6BD0-49D2-AE70-50330C2F0425}
2014-02-07 07:43 - 2014-02-07 07:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{6AD0019B-0AAC-4277-8F67-B49787DBDDD0}
2014-02-06 19:43 - 2014-02-06 19:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{1154A75E-3281-4DC0-8388-01EED1B8B7C9}
2014-02-06 19:04 - 2014-02-06 19:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-06 07:42 - 2014-02-06 07:42 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{5F5D9C0D-0F45-49C2-B980-DFCDA9A9DB77}
2014-02-05 14:35 - 2014-02-05 14:35 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{DE821688-7DA6-4029-A7E5-027632A17466}
2014-02-05 00:21 - 2014-02-05 00:21 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{7A8D3D64-6DAE-4030-ACC8-D5FDBEBE7621}
2014-02-04 16:15 - 2014-02-06 15:13 - 00000776 _____ () C:\Users\Vítek\Desktop\SendMails.lnk
2014-02-04 16:15 - 2014-02-06 15:13 - 00000687 _____ () C:\Users\Vítek\Desktop\SendMails manuál PDF.lnk
2014-02-04 16:15 - 2014-02-06 15:13 - 00000000 ____D () C:\Program Files\SendMails
2014-02-04 12:20 - 2014-02-04 12:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{62EDBF14-D81B-446F-8705-6F104DD4B30E}
2014-02-04 00:20 - 2014-02-04 00:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{873A23A0-0F7D-4516-8FCF-63BCFC31AC01}
2014-01-21 11:41 - 2014-01-21 11:41 - 00291868 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smprtf2
2014-01-21 11:41 - 2014-01-21 11:41 - 00035238 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadr
2014-01-21 11:41 - 2014-01-21 11:41 - 00011030 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadrn
2014-01-21 11:41 - 2014-01-21 11:41 - 00000956 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smplog
2014-01-21 11:41 - 2014-01-21 11:41 - 00000794 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smp
2014-01-21 11:41 - 2014-01-21 11:41 - 00000704 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpsubj
2014-01-21 11:41 - 2014-01-21 11:41 - 00000670 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smptxt2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000640 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smphtml2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000005 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpomem
2014-01-21 11:41 - 2014-01-21 11:41 - 00000000 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpatt
2014-01-21 11:15 - 2014-01-21 11:39 - 00291868 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smprtf2
2014-01-21 11:15 - 2014-01-21 11:39 - 00250458 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smplog
2014-01-21 11:15 - 2014-01-21 11:39 - 00034147 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadr
2014-01-21 11:15 - 2014-01-21 11:39 - 00011030 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadrn
2014-01-21 11:15 - 2014-01-21 11:39 - 00000794 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smp
2014-01-21 11:15 - 2014-01-21 11:39 - 00000704 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpsubj
2014-01-21 11:15 - 2014-01-21 11:39 - 00000670 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smptxt2
2014-01-21 11:15 - 2014-01-21 11:39 - 00000640 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smphtml2
2014-01-21 11:15 - 2014-01-21 11:39 - 00000005 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpomem
2014-01-21 11:15 - 2014-01-21 11:39 - 00000000 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpatt
2014-01-16 09:17 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 09:17 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 09:17 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 09:17 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 09:16 - 2014-01-16 09:17 - 00005298 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 10:29 - 2014-01-15 10:29 - 00004608 _____ () C:\Users\Vítek\Downloads\tree.xls
2014-01-15 10:26 - 2014-01-15 10:26 - 00001448 _____ () C:\Users\Vítek\Downloads\report.xls
==================== One Month Modified Files and Folders =======
2014-02-12 12:21 - 2014-02-12 12:07 - 00022484 _____ () C:\Users\Vítek\Desktop\FRST.txt
2014-02-12 12:02 - 2014-02-12 12:01 - 00000000 ____D () C:\FRST
2014-02-12 12:00 - 2014-02-12 12:00 - 00112640 _____ (forum.viry.cz) C:\Users\Vítek\Desktop\FRSTLauncher.exe
2014-02-12 11:59 - 2014-02-12 11:59 - 01139712 _____ (Farbar) C:\Users\Vítek\Desktop\FRST.exe
2014-02-12 11:57 - 2009-07-01 07:27 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job
2014-02-12 11:40 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 11:40 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 11:04 - 2010-01-29 10:30 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 09:04 - 2010-01-29 10:30 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-12 07:57 - 2009-07-01 07:27 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job
2014-02-12 07:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 07:40 - 2007-12-21 19:18 - 02043179 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 23:38 - 2014-02-11 23:38 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{0CD96D3D-0685-446B-A68B-C601EE197B25}
2014-02-11 23:22 - 2006-11-02 11:33 - 01684402 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 22:30 - 2007-12-26 01:08 - 00000000 ____D () C:\Program Files\Google
2014-02-11 22:25 - 2014-01-06 23:38 - 00000000 ____D () C:\Users\Vítek\AppData\Roaming\Seznam.cz
2014-02-11 22:25 - 2009-04-30 11:14 - 00000000 ____D () C:\Program Files\Nokia
2014-02-11 22:09 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 22:08 - 2006-11-02 14:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-11 20:26 - 2012-09-28 22:22 - 00000000 ____D () C:\ProgramData\firebird
2014-02-11 20:26 - 2011-04-18 22:11 - 00000000 ____D () C:\Users\Vítek\Documents\MailStore Home
2014-02-11 11:16 - 2014-02-11 11:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{EBA27D69-92C7-47A3-BFCF-A5978EDCBFF7}
2014-02-10 23:16 - 2014-02-10 23:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8B035B02-30B3-4F2C-8E65-645F70FC0522}
2014-02-10 11:16 - 2014-02-10 11:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{292AC2BB-1410-4884-830F-0E5A3BE99D1A}
2014-02-09 23:15 - 2014-02-09 23:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{54C7C163-7B47-495D-B4E6-805168A3974F}
2014-02-09 11:15 - 2014-02-09 11:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{3722D9BE-E162-4DF8-8010-B918BADCAD99}
2014-02-08 23:14 - 2014-02-08 23:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{4E5F929A-A593-4825-9700-911E6ECCE1F5}
2014-02-08 14:03 - 2012-04-24 22:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-08 11:14 - 2014-02-08 11:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8CFDD359-A26F-4C5F-8ECB-0EC7819472BA}
2014-02-08 00:55 - 2009-03-08 22:41 - 00000000 ____D () C:\FORM studio 2009
2014-02-07 23:13 - 2014-02-07 23:13 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{92D90FB4-6BD0-49D2-AE70-50330C2F0425}
2014-02-07 07:43 - 2014-02-07 07:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{6AD0019B-0AAC-4277-8F67-B49787DBDDD0}
2014-02-06 19:43 - 2014-02-06 19:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{1154A75E-3281-4DC0-8388-01EED1B8B7C9}
2014-02-06 19:05 - 2014-02-06 19:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-06 19:04 - 2011-03-23 13:09 - 00000000 ____D () C:\ProgramData\Microsoft NT Ident
2014-02-06 15:13 - 2014-02-04 16:15 - 00000776 _____ () C:\Users\Vítek\Desktop\SendMails.lnk
2014-02-06 15:13 - 2014-02-04 16:15 - 00000687 _____ () C:\Users\Vítek\Desktop\SendMails manuál PDF.lnk
2014-02-06 15:13 - 2014-02-04 16:15 - 00000000 ____D () C:\Program Files\SendMails
2014-02-06 07:42 - 2014-02-06 07:42 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{5F5D9C0D-0F45-49C2-B980-DFCDA9A9DB77}
2014-02-05 15:32 - 2012-04-11 06:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 15:32 - 2011-06-28 07:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 14:35 - 2014-02-05 14:35 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{DE821688-7DA6-4029-A7E5-027632A17466}
2014-02-05 00:21 - 2014-02-05 00:21 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{7A8D3D64-6DAE-4030-ACC8-D5FDBEBE7621}
2014-02-04 16:15 - 2011-03-23 13:09 - 00000000 ____D () C:\ProgramData\SendMails
2014-02-04 12:20 - 2014-02-04 12:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{62EDBF14-D81B-446F-8705-6F104DD4B30E}
2014-02-04 09:44 - 2008-12-08 20:44 - 00000000 ____D () C:\Users\Vítek\AppData\Roaming\SmarThru4
2014-02-04 00:30 - 2009-03-09 15:49 - 00002079 _____ () C:\Users\Vítek\Desktop\Google Chrome.lnk
2014-02-04 00:20 - 2014-02-04 00:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{873A23A0-0F7D-4516-8FCF-63BCFC31AC01}
2014-02-03 23:00 - 2007-12-19 23:09 - 00082432 _____ () C:\Users\Vítek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-03 14:29 - 2008-01-19 12:36 - 00000000 ____D () C:\Users\Vítek\Documents\_Pajuska
2014-02-01 16:35 - 2008-01-11 18:06 - 00000000 ___SD () C:\Users\Vítek\Documents\Weby
2014-01-21 11:41 - 2014-01-21 11:41 - 00291868 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smprtf2
2014-01-21 11:41 - 2014-01-21 11:41 - 00035238 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadr
2014-01-21 11:41 - 2014-01-21 11:41 - 00011030 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadrn
2014-01-21 11:41 - 2014-01-21 11:41 - 00000956 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smplog
2014-01-21 11:41 - 2014-01-21 11:41 - 00000794 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smp
2014-01-21 11:41 - 2014-01-21 11:41 - 00000704 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpsubj
2014-01-21 11:41 - 2014-01-21 11:41 - 00000670 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smptxt2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000640 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smphtml2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000005 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpomem
2014-01-21 11:41 - 2014-01-21 11:41 - 00000000 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpatt
2014-01-21 11:40 - 2012-02-25 17:28 - 00000000 ____D () C:\Users\Vítek\Documents\log
2014-01-21 11:39 - 2014-01-21 11:15 - 00291868 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smprtf2
2014-01-21 11:39 - 2014-01-21 11:15 - 00250458 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smplog
2014-01-21 11:39 - 2014-01-21 11:15 - 00034147 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadr
2014-01-21 11:39 - 2014-01-21 11:15 - 00011030 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadrn
2014-01-21 11:39 - 2014-01-21 11:15 - 00000794 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smp
2014-01-21 11:39 - 2014-01-21 11:15 - 00000704 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpsubj
2014-01-21 11:39 - 2014-01-21 11:15 - 00000670 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smptxt2
2014-01-21 11:39 - 2014-01-21 11:15 - 00000640 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smphtml2
2014-01-21 11:39 - 2014-01-21 11:15 - 00000005 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpomem
2014-01-21 11:39 - 2014-01-21 11:15 - 00000000 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpatt
2014-01-16 09:18 - 2013-09-14 20:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 09:18 - 2011-08-10 12:29 - 00000000 ____D () C:\Users\Vítek\AppData\Local\Adobe
2014-01-16 09:17 - 2014-01-16 09:16 - 00005298 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 09:17 - 2013-09-14 20:41 - 00000000 ____D () C:\Program Files\Java
2014-01-16 01:18 - 2007-11-16 11:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 01:15 - 2013-08-14 12:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 01:12 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-15 10:29 - 2014-01-15 10:29 - 00004608 _____ () C:\Users\Vítek\Downloads\tree.xls
2014-01-15 10:26 - 2014-01-15 10:26 - 00001448 _____ () C:\Users\Vítek\Downloads\report.xls
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
Some content of TEMP:
====================
C:\Users\oem.oem-PC\AppData\Local\Temp\AutoRun.exe
C:\Users\oem.oem-PC\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\oem.oem-PC\AppData\Local\Temp\EAInstall.dll
C:\Users\oem.oem-PC\AppData\Local\Temp\GameuxInstallHelper.dll
C:\Users\oem.oem-PC\AppData\Local\Temp\Harry Potter and the Order of the Phoenix_uninst.exe
C:\Users\Vítek\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-12 10:17
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:207.45 GB) (Free:40.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Available physical RAM: 784.62 MB
Total physical RAM: 2045.77 MB
Percentage of memory in use: 61%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 298 GB) (Disk ID: 6CF5A4D6)
Partition 1: (Active) - (Size=207 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=91 GB) - (Type=05)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job => C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job => C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\V�tek\Desktop" je 8876 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3170 Scan2PC
"C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater
"C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Users\V�tek\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp
C:\Windows\system32\PrintDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr
C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG
C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk
C:\PROGRA~1\RALINK\Common\RaUI.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Smart Panel.lnk
C:\Windows\Samsung\PanelMgr\SSMMgr.exe /smartpanel %Samsung CLX-3170 Series% [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^V�tek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kooperativa - PDF Server.lnk
C:\PROGRA~1\KOOPER~1\KoopPxBN\KOOPPD~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^V�tek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Media Check Tool.lnk
C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE /noballoononstart [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^V�tek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V��ezy obrazovky a spu�t�n� aplikace OneNote 2007.lnk
C:\PROGRA~1\Clarus\SAMSUN~1\ISFGuage.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalé PC, prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119534
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, prosím o kontrolu logu
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {44f9f64e-afea-11dc-951f-001a4d56511b} - I:\setupSNK.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {74373a53-f86d-11df-aa3a-001a4d56511b} - D:\APPInst.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} - D:\SETUP95.EXE
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://www.icq.com/search/results.php?q ... &ch_id=osd
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60040
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80093&lng=cs
SearchScopes: HKCU - {FC243A73-96A4-4616-99B3-4B39B98BE6C3} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=82C99375-961B-44D9-B28B-5F9A2E57226D&apn_sauid=95CECEEE-2CF6-407B-A01B-AEF80389D5CC
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - No File
FF ProfilePath: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default
FF SearchEngineOrder.1: Ask.com
FF Keyword.URL: hxxp://search.toolbars.alexa.com/?ver=a ... e00o%2B&q=
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\inbox-hledn.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\web-search-powered-by-google.xml
FF Extension: No Name - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\toolbar@alexa.com.xpi [2011-07-03]
FF Extension: No Name - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{db0832f2-613f-4afb-8b6a-155fe76eb32e}.xpi [2011-06-08]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-02-06]
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job
C:\ProgramData\ezsid.dat
C:\Users\oem.oem-PC\AppData\Local\Temp
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job => C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job => C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, prosím o kontrolu logu
výpis po spuštění FIXu
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014
Ran by Vítek at 2014-02-12 21:12:01 Run:1
Running from C:\Users\Vítek\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {44f9f64e-afea-11dc-951f-001a4d56511b} - I:\setupSNK.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {74373a53-f86d-11df-aa3a-001a4d56511b} - D:\APPInst.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} - D:\SETUP95.EXE
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://www.icq.com/search/results.php?q ... &ch_id=osd
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60040
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80093&lng=cs
SearchScopes: HKCU - {FC243A73-96A4-4616-99B3-4B39B98BE6C3} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=82C99375-961B-44D9-B28B-5F9A2E57226D&apn_sauid=95CECEEE-2CF6-407B-A01B-AEF80389D5CC
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - No File
FF ProfilePath: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default
FF SearchEngineOrder.1: Ask.com
FF Keyword.URL: hxxp://search.toolbars.alexa.com/?ver=a ... e00o%2B&q=
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\inbox-hledn.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\web-search-powered-by-google.xml
FF Extension: No Name - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\toolbar@alexa.com.xpi [2011-07-03]
FF Extension: No Name - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{db0832f2-613f-4afb-8b6a-155fe76eb32e}.xpi [2011-06-08]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-02-06]
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job
C:\ProgramData\ezsid.dat
C:\Users\oem.oem-PC\AppData\Local\Temp
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job => C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job => C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44f9f64e-afea-11dc-951f-001a4d56511b} => Key not found.
HKCR\CLSID\{44f9f64e-afea-11dc-951f-001a4d56511b} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74373a53-f86d-11df-aa3a-001a4d56511b} => Key not found.
HKCR\CLSID\{74373a53-f86d-11df-aa3a-001a4d56511b} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} => Key not found.
HKCR\CLSID\{d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC243A73-96A4-4616-99B3-4B39B98BE6C3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FC243A73-96A4-4616-99B3-4B39B98BE6C3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
C:\Program Files\Google\Google Toolbar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} => Value deleted successfully.
HKCR\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Value deleted successfully.
HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCR\PROTOCOLS\Handler\about => Key deleted successfully.
HKCR\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} => Unable to delete key
HKCR\PROTOCOLS\Handler\res => Key deleted successfully.
HKCR\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} => Unable to delete key
C:\Program Files\Google\Google Toolbar => Should not be moved.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-1.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-2.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\inbox-hledn.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\searchplugins-backup => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\web-search-powered-by-google.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\toolbar@alexa.com.xpi => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{db0832f2-613f-4afb-8b6a-155fe76eb32e}.xpi => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job => Moved successfully.
C:\ProgramData\ezsid.dat => Moved successfully.
C:\Users\oem.oem-PC\AppData\Local\Temp => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job not found.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014
Ran by Vítek at 2014-02-12 21:12:01 Run:1
Running from C:\Users\Vítek\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {44f9f64e-afea-11dc-951f-001a4d56511b} - I:\setupSNK.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {74373a53-f86d-11df-aa3a-001a4d56511b} - D:\APPInst.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} - D:\SETUP95.EXE
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://www.icq.com/search/results.php?q ... &ch_id=osd
URLSearchHook: HKCU - (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60040
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80093&lng=cs
SearchScopes: HKCU - {FC243A73-96A4-4616-99B3-4B39B98BE6C3} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=82C99375-961B-44D9-B28B-5F9A2E57226D&apn_sauid=95CECEEE-2CF6-407B-A01B-AEF80389D5CC
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - No File
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - No File
FF ProfilePath: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default
FF SearchEngineOrder.1: Ask.com
FF Keyword.URL: hxxp://search.toolbars.alexa.com/?ver=a ... e00o%2B&q=
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\inbox-hledn.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\web-search-powered-by-google.xml
FF Extension: No Name - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\toolbar@alexa.com.xpi [2011-07-03]
FF Extension: No Name - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{db0832f2-613f-4afb-8b6a-155fe76eb32e}.xpi [2011-06-08]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-02-06]
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job
C:\ProgramData\ezsid.dat
C:\Users\oem.oem-PC\AppData\Local\Temp
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job => C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job => C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44f9f64e-afea-11dc-951f-001a4d56511b} => Key not found.
HKCR\CLSID\{44f9f64e-afea-11dc-951f-001a4d56511b} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74373a53-f86d-11df-aa3a-001a4d56511b} => Key not found.
HKCR\CLSID\{74373a53-f86d-11df-aa3a-001a4d56511b} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} => Key not found.
HKCR\CLSID\{d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC243A73-96A4-4616-99B3-4B39B98BE6C3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FC243A73-96A4-4616-99B3-4B39B98BE6C3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
C:\Program Files\Google\Google Toolbar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} => Value deleted successfully.
HKCR\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Value deleted successfully.
HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCR\PROTOCOLS\Handler\about => Key deleted successfully.
HKCR\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} => Unable to delete key
HKCR\PROTOCOLS\Handler\res => Key deleted successfully.
HKCR\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} => Unable to delete key
C:\Program Files\Google\Google Toolbar => Should not be moved.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\askcom.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-1.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin-2.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\icqplugin.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\inbox-hledn.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\searchplugins-backup => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\web-search-powered-by-google.xml => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\toolbar@alexa.com.xpi => Moved successfully.
C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{db0832f2-613f-4afb-8b6a-155fe76eb32e}.xpi => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job => Moved successfully.
C:\ProgramData\ezsid.dat => Moved successfully.
C:\Users\oem.oem-PC\AppData\Local\Temp => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002Core.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102432394-2755357371-3648797907-1002UA.job not found.
==== End of Fixlog ====
-
Rudy
- Site Admin
- Příspěvky: 119534
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, prosím o kontrolu logu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, prosím o kontrolu logu
nemohl jsem spustit PC, (nenaběhly windowsy). nastartoval jsem to až po obnoveně systému (2 dni stará). pak jsem spustil fix.
-
Rudy
- Site Admin
- Příspěvky: 119534
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, prosím o kontrolu logu
OK. Občas se to může stát. Nastala změna k lepšímu, co se týče rychlosti?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, prosím o kontrolu logu
zdá se mi, že rychlost je stejná nebo nepatrně rychlejší
-
Rudy
- Site Admin
- Příspěvky: 119534
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, prosím o kontrolu logu
OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, prosím o kontrolu logu
Posílám nový log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014
Ran by Vítek (administrator) on VITEK on 14-02-2014 01:15:48
Running from C:\Users\Vítek\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(ABBYY) C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
() C:\Program Files\Kooperativa\Services\KoopPDFServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google Inc.) C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\Vítek\AppData\Roaming\Seznam.cz\szninstall.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(forum.viry.cz) C:\Users\Vítek\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\PING.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2615624 2007-10-23] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [906648 2007-10-23] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-10-23] (Acronis)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264 2011-09-22] (ESET)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-10-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [seznam-listicka-distribuce] - C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [OEXPRESS] - [X]
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-13] (Google Inc.)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [Google Update] - C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-03-09] (Google Inc.)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Vítek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Vítek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [{E17D4FA8-14FA-09AA-A22B-B5450757126A}] - C:\Users\Vítek\AppData\Roaming\SmarThru4\SmarThru4xpers.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {44f9f64e-afea-11dc-951f-001a4d56511b} - I:\setupSNK.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {74373a53-f86d-11df-aa3a-001a4d56511b} - D:\APPInst.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {856d1b10-aff0-11dc-bbf7-806e6f6e6963} - I:\autorun.EXE
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} - D:\SETUP95.EXE
Lsa: [Authentication Packages] msv1_0 relog_ap
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {09FE69F2-7673-4647-8D6E-54AD4A476931} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {31047C32-35F4-4397-9CD3-6577ED642C29} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {44535E1B-B9F1-43C3-9E89-3820E981DBEB} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {64BA73B2-D017-4041-B11D-1BC0D47B5ECB} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKCU - {7A6A937F-8E0B-4C15-9E84-46A6F933476C} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {ACD5ADCA-A900-4484-92B9-D84A308071F1} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {B13612A7-9636-4B61-B56E-C52585042FD9} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {B392C84E-531F-4271-9B6E-E79E120FB726} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {F967467D-238B-45C8-9F0F-81AE41FD8969} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll (Seznam.cz a.s.)
Toolbar: HKLM - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
Toolbar: HKCU - &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll (Seznam.cz a.s.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default
FF Homepage: hxxp://www.oriflame-e-kosmetika.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler - C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Vítek\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Vítek\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Vítek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\firmycz.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\mapycz.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\zbocz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-09-23]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\cs@dictionaries.addons.mozilla.org [2013-01-22]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-05]
FF Extension: Seznam lištička - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-03-13]
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\V\u00EDtek\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\V\u00EDtek\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\V\u00EDtek\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (No Name) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-01-06]
CHR Extension: (No Name) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-01-06]
CHR Extension: (YouTube) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Vyhledávání Google) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Peněženka Google) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (No Name) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-01-06]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-09-25]
CHR Extension: (Gmail) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR StartMenuInternet: Google Chrome - C:\Users\Vítek\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-10-23] (Acronis)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944 2011-09-22] (ESET)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [65536 2005-01-04] (The Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [1527893 2005-01-04] (The Firebird Project)
R2 KoopPdfService; C:\Program Files\Kooperativa\Services\KoopPDFServer.exe [2454016 2011-01-10] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [65536 2009-10-28] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [495832 2007-10-23] ()
==================== Drivers (Whitelisted) ====================
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21275 2007-12-21] (Meetinghouse Data Communications)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [81936 2011-06-06] (Advanced Micro Devices)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [147480 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [33656 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2011-08-04] (ESET)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-12] (Malwarebytes Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-02-07] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2008-02-07] (Acronis)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-09-15] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-09-15] (Windows (R) Codename Longhorn DDK provider)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RT61; system32\DRIVERS\RT61.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-14 01:15 - 2014-02-14 01:15 - 00024733 _____ () C:\Users\Vítek\Desktop\FRST.txt
2014-02-14 01:15 - 2014-02-14 01:15 - 00015327 _____ () C:\Users\Vítek\Desktop\LM.bat
2014-02-14 01:03 - 2014-02-14 01:03 - 00000000 ____D () C:\_OTM
2014-02-14 00:30 - 2014-02-14 00:31 - 00522240 _____ (OldTimer Tools) C:\Users\Vítek\Desktop\OTM.exe
2014-02-13 21:08 - 2014-02-13 21:08 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{BBCF5ABA-1E9C-4857-8BAB-3A6AB08CB7B3}
2014-02-13 09:07 - 2014-02-13 09:08 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{80EA4550-1A2E-439D-BB21-00447EC5520E}
2014-02-12 21:16 - 2014-02-12 21:19 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-12 21:16 - 2014-02-12 21:16 - 00000866 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 21:16 - 2014-02-12 21:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-12 21:16 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 21:11 - 2014-02-14 01:15 - 00029696 _____ () C:\Users\Vítek\AppData\Local\MSGBOX.EXE
2014-02-12 21:10 - 2014-02-12 21:10 - 01141248 _____ (Farbar) C:\Users\Vítek\Desktop\FRST.exe
2014-02-12 21:09 - 2014-02-12 21:09 - 00112640 _____ (forum.viry.cz) C:\Users\Vítek\Desktop\FRSTLauncher.exe
2014-02-12 19:11 - 2014-02-12 19:11 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{70178661-68E3-44CF-9C3E-53323359B712}
2014-02-12 18:57 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:57 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:57 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:57 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:57 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:57 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 18:57 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 18:57 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:57 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 18:57 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 18:57 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 18:57 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:57 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:57 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:57 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 18:57 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 18:16 - 2014-02-12 18:16 - 00000000 ____D () C:\Users\oem.oem-PC\AppData\Roaming\Seznam.cz
2014-02-12 14:32 - 2014-02-12 23:27 - 00312382 _____ () C:\Windows\PFRO.log
2014-02-12 12:24 - 2014-02-12 12:25 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{1B9DCC14-078D-42DD-AAD4-4B87A8738F8D}
2014-02-12 12:01 - 2014-02-14 01:15 - 00000000 ____D () C:\FRST
2014-02-11 23:38 - 2014-02-11 23:38 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{0CD96D3D-0685-446B-A68B-C601EE197B25}
2014-02-11 11:16 - 2014-02-11 11:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{EBA27D69-92C7-47A3-BFCF-A5978EDCBFF7}
2014-02-10 23:16 - 2014-02-10 23:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8B035B02-30B3-4F2C-8E65-645F70FC0522}
2014-02-10 11:15 - 2014-02-10 11:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{292AC2BB-1410-4884-830F-0E5A3BE99D1A}
2014-02-09 23:15 - 2014-02-09 23:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{54C7C163-7B47-495D-B4E6-805168A3974F}
2014-02-09 11:15 - 2014-02-09 11:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{3722D9BE-E162-4DF8-8010-B918BADCAD99}
2014-02-08 23:14 - 2014-02-08 23:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{4E5F929A-A593-4825-9700-911E6ECCE1F5}
2014-02-08 11:14 - 2014-02-08 11:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8CFDD359-A26F-4C5F-8ECB-0EC7819472BA}
2014-02-07 23:13 - 2014-02-07 23:13 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{92D90FB4-6BD0-49D2-AE70-50330C2F0425}
2014-02-07 07:43 - 2014-02-07 07:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{6AD0019B-0AAC-4277-8F67-B49787DBDDD0}
2014-02-06 19:43 - 2014-02-06 19:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{1154A75E-3281-4DC0-8388-01EED1B8B7C9}
2014-02-06 19:04 - 2014-02-06 19:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-06 07:42 - 2014-02-06 07:42 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{5F5D9C0D-0F45-49C2-B980-DFCDA9A9DB77}
2014-02-05 14:35 - 2014-02-05 14:35 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{DE821688-7DA6-4029-A7E5-027632A17466}
2014-02-05 00:21 - 2014-02-05 00:21 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{7A8D3D64-6DAE-4030-ACC8-D5FDBEBE7621}
2014-02-04 16:15 - 2014-02-06 15:13 - 00000776 _____ () C:\Users\Vítek\Desktop\SendMails.lnk
2014-02-04 16:15 - 2014-02-06 15:13 - 00000687 _____ () C:\Users\Vítek\Desktop\SendMails manuál PDF.lnk
2014-02-04 16:15 - 2014-02-06 15:13 - 00000000 ____D () C:\Program Files\SendMails
2014-02-04 12:20 - 2014-02-04 12:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{62EDBF14-D81B-446F-8705-6F104DD4B30E}
2014-02-04 00:20 - 2014-02-04 00:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{873A23A0-0F7D-4516-8FCF-63BCFC31AC01}
2014-01-21 11:41 - 2014-01-21 11:41 - 00291868 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smprtf2
2014-01-21 11:41 - 2014-01-21 11:41 - 00035238 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadr
2014-01-21 11:41 - 2014-01-21 11:41 - 00011030 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadrn
2014-01-21 11:41 - 2014-01-21 11:41 - 00000956 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smplog
2014-01-21 11:41 - 2014-01-21 11:41 - 00000794 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smp
2014-01-21 11:41 - 2014-01-21 11:41 - 00000704 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpsubj
2014-01-21 11:41 - 2014-01-21 11:41 - 00000670 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smptxt2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000640 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smphtml2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000005 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpomem
2014-01-21 11:41 - 2014-01-21 11:41 - 00000000 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpatt
2014-01-21 11:15 - 2014-01-21 11:39 - 00291868 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smprtf2
2014-01-21 11:15 - 2014-01-21 11:39 - 00250458 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smplog
2014-01-21 11:15 - 2014-01-21 11:39 - 00034147 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadr
2014-01-21 11:15 - 2014-01-21 11:39 - 00011030 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadrn
2014-01-21 11:15 - 2014-01-21 11:39 - 00000794 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smp
2014-01-21 11:15 - 2014-01-21 11:39 - 00000704 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpsubj
2014-01-21 11:15 - 2014-01-21 11:39 - 00000670 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smptxt2
2014-01-21 11:15 - 2014-01-21 11:39 - 00000640 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smphtml2
2014-01-21 11:15 - 2014-01-21 11:39 - 00000005 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpomem
2014-01-21 11:15 - 2014-01-21 11:39 - 00000000 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpatt
2014-01-16 09:17 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 09:17 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 09:17 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 09:17 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 09:16 - 2014-01-16 09:17 - 00005298 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 10:29 - 2014-01-15 10:29 - 00004608 _____ () C:\Users\Vítek\Downloads\tree.xls
2014-01-15 10:26 - 2014-01-15 10:26 - 00001448 _____ () C:\Users\Vítek\Downloads\report.xls
==================== One Month Modified Files and Folders =======
2014-02-14 01:16 - 2014-02-14 01:15 - 00024733 _____ () C:\Users\Vítek\Desktop\FRST.txt
2014-02-14 01:15 - 2014-02-14 01:15 - 00015327 _____ () C:\Users\Vítek\Desktop\LM.bat
2014-02-14 01:15 - 2014-02-12 21:11 - 00029696 _____ () C:\Users\Vítek\AppData\Local\MSGBOX.EXE
2014-02-14 01:15 - 2014-02-12 12:01 - 00000000 ____D () C:\FRST
2014-02-14 01:11 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 01:11 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 01:11 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 01:06 - 2007-12-21 19:18 - 01352810 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 01:06 - 2006-11-02 14:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-14 01:03 - 2014-02-14 01:03 - 00000000 ____D () C:\_OTM
2014-02-14 00:32 - 2013-02-02 11:07 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-14 00:31 - 2014-02-14 00:30 - 00522240 _____ (OldTimer Tools) C:\Users\Vítek\Desktop\OTM.exe
2014-02-14 00:29 - 2009-03-08 22:41 - 00000000 ____D () C:\FORM studio 2009
2014-02-13 22:14 - 2012-09-28 22:22 - 00000000 ____D () C:\ProgramData\firebird
2014-02-13 22:14 - 2011-04-18 22:11 - 00000000 ____D () C:\Users\Vítek\Documents\MailStore Home
2014-02-13 21:08 - 2014-02-13 21:08 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{BBCF5ABA-1E9C-4857-8BAB-3A6AB08CB7B3}
2014-02-13 09:08 - 2014-02-13 09:07 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{80EA4550-1A2E-439D-BB21-00447EC5520E}
2014-02-12 23:39 - 2014-01-06 23:38 - 00000000 ____D () C:\Users\Vítek\AppData\Roaming\Seznam.cz
2014-02-12 23:27 - 2014-02-12 14:32 - 00312382 _____ () C:\Windows\PFRO.log
2014-02-12 21:19 - 2014-02-12 21:16 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-12 21:16 - 2014-02-12 21:16 - 00000866 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 21:16 - 2014-02-12 21:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-12 21:12 - 2007-12-26 01:08 - 00000000 ____D () C:\Program Files\Google
2014-02-12 21:10 - 2014-02-12 21:10 - 01141248 _____ (Farbar) C:\Users\Vítek\Desktop\FRST.exe
2014-02-12 21:09 - 2014-02-12 21:09 - 00112640 _____ (forum.viry.cz) C:\Users\Vítek\Desktop\FRSTLauncher.exe
2014-02-12 19:11 - 2014-02-12 19:11 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{70178661-68E3-44CF-9C3E-53323359B712}
2014-02-12 19:03 - 2013-08-14 12:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 19:03 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-12 18:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-02-12 18:45 - 2007-12-17 18:11 - 00000000 ____D () C:\Users\Vítek
2014-02-12 18:45 - 2007-12-14 11:21 - 00000000 ____D () C:\Users\oem.oem-PC
2014-02-12 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-02-12 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 18:45 - 2006-11-02 11:22 - 72876032 _____ () C:\Windows\system32\config\software_previous
2014-02-12 18:45 - 2006-11-02 11:22 - 46399488 _____ () C:\Windows\system32\config\components_previous
2014-02-12 18:45 - 2006-11-02 11:22 - 125829120 _____ () C:\Windows\system32\config\system_previous
2014-02-12 18:45 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-02-12 18:45 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-02-12 18:45 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-02-12 18:44 - 2012-02-22 15:23 - 00000000 ____D () C:\Users\Vítek\AppData\Roaming\PSpad
2014-02-12 18:44 - 2011-03-23 13:09 - 00000000 ____D () C:\ProgramData\SendMails
2014-02-12 18:44 - 2010-08-05 18:37 - 00000000 ____D () C:\ProgramData\Protexis
2014-02-12 18:44 - 2010-03-28 00:06 - 00000000 ____D () C:\Aplikace
2014-02-12 18:44 - 2009-04-30 11:14 - 00000000 ____D () C:\Program Files\Nokia
2014-02-12 18:44 - 2007-12-21 17:26 - 00000000 ____D () C:\Users\Vítek\AppData\Roaming\GHISLER
2014-02-12 18:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-02-12 18:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-12 18:18 - 2008-12-07 14:36 - 00007944 _____ () C:\Users\Vítek\AppData\Local\d3d9caps.dat
2014-02-12 18:16 - 2014-02-12 18:16 - 00000000 ____D () C:\Users\oem.oem-PC\AppData\Roaming\Seznam.cz
2014-02-12 14:55 - 2008-04-02 21:28 - 00000000 ____D () C:\Windows\Minidump
2014-02-12 12:27 - 2007-11-16 11:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 12:25 - 2014-02-12 12:24 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{1B9DCC14-078D-42DD-AAD4-4B87A8738F8D}
2014-02-11 23:38 - 2014-02-11 23:38 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{0CD96D3D-0685-446B-A68B-C601EE197B25}
2014-02-11 11:16 - 2014-02-11 11:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{EBA27D69-92C7-47A3-BFCF-A5978EDCBFF7}
2014-02-10 23:16 - 2014-02-10 23:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8B035B02-30B3-4F2C-8E65-645F70FC0522}
2014-02-10 11:16 - 2014-02-10 11:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{292AC2BB-1410-4884-830F-0E5A3BE99D1A}
2014-02-09 23:15 - 2014-02-09 23:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{54C7C163-7B47-495D-B4E6-805168A3974F}
2014-02-09 11:15 - 2014-02-09 11:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{3722D9BE-E162-4DF8-8010-B918BADCAD99}
2014-02-08 23:14 - 2014-02-08 23:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{4E5F929A-A593-4825-9700-911E6ECCE1F5}
2014-02-08 14:03 - 2012-04-24 22:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-08 11:14 - 2014-02-08 11:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8CFDD359-A26F-4C5F-8ECB-0EC7819472BA}
2014-02-07 23:13 - 2014-02-07 23:13 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{92D90FB4-6BD0-49D2-AE70-50330C2F0425}
2014-02-07 07:43 - 2014-02-07 07:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{6AD0019B-0AAC-4277-8F67-B49787DBDDD0}
2014-02-06 19:43 - 2014-02-06 19:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{1154A75E-3281-4DC0-8388-01EED1B8B7C9}
2014-02-06 19:05 - 2014-02-06 19:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-06 19:04 - 2011-03-23 13:09 - 00000000 ____D () C:\ProgramData\Microsoft NT Ident
2014-02-06 15:13 - 2014-02-04 16:15 - 00000776 _____ () C:\Users\Vítek\Desktop\SendMails.lnk
2014-02-06 15:13 - 2014-02-04 16:15 - 00000687 _____ () C:\Users\Vítek\Desktop\SendMails manuál PDF.lnk
2014-02-06 15:13 - 2014-02-04 16:15 - 00000000 ____D () C:\Program Files\SendMails
2014-02-06 07:42 - 2014-02-06 07:42 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{5F5D9C0D-0F45-49C2-B980-DFCDA9A9DB77}
2014-02-05 15:32 - 2012-04-11 06:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 15:32 - 2011-06-28 07:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 14:35 - 2014-02-05 14:35 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{DE821688-7DA6-4029-A7E5-027632A17466}
2014-02-05 09:58 - 2014-02-12 18:57 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-12 18:57 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-12 18:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-12 18:57 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-12 18:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-12 18:57 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-12 18:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-12 18:57 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-12 18:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-12 18:57 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-12 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-12 18:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-12 18:57 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-12 18:57 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-12 18:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-12 18:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 00:21 - 2014-02-05 00:21 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{7A8D3D64-6DAE-4030-ACC8-D5FDBEBE7621}
2014-02-04 12:20 - 2014-02-04 12:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{62EDBF14-D81B-446F-8705-6F104DD4B30E}
2014-02-04 09:44 - 2008-12-08 20:44 - 00000000 ____D () C:\Users\Vítek\AppData\Roaming\SmarThru4
2014-02-04 00:30 - 2009-03-09 15:49 - 00002079 _____ () C:\Users\Vítek\Desktop\Google Chrome.lnk
2014-02-04 00:20 - 2014-02-04 00:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{873A23A0-0F7D-4516-8FCF-63BCFC31AC01}
2014-02-03 23:00 - 2007-12-19 23:09 - 00082432 _____ () C:\Users\Vítek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-03 14:29 - 2008-01-19 12:36 - 00000000 ____D () C:\Users\Vítek\Documents\_Pajuska
2014-02-01 16:35 - 2008-01-11 18:06 - 00000000 ___SD () C:\Users\Vítek\Documents\Weby
2014-01-21 11:41 - 2014-01-21 11:41 - 00291868 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smprtf2
2014-01-21 11:41 - 2014-01-21 11:41 - 00035238 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadr
2014-01-21 11:41 - 2014-01-21 11:41 - 00011030 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadrn
2014-01-21 11:41 - 2014-01-21 11:41 - 00000956 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smplog
2014-01-21 11:41 - 2014-01-21 11:41 - 00000794 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smp
2014-01-21 11:41 - 2014-01-21 11:41 - 00000704 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpsubj
2014-01-21 11:41 - 2014-01-21 11:41 - 00000670 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smptxt2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000640 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smphtml2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000005 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpomem
2014-01-21 11:41 - 2014-01-21 11:41 - 00000000 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpatt
2014-01-21 11:40 - 2012-02-25 17:28 - 00000000 ____D () C:\Users\Vítek\Documents\log
2014-01-21 11:39 - 2014-01-21 11:15 - 00291868 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smprtf2
2014-01-21 11:39 - 2014-01-21 11:15 - 00250458 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smplog
2014-01-21 11:39 - 2014-01-21 11:15 - 00034147 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadr
2014-01-21 11:39 - 2014-01-21 11:15 - 00011030 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadrn
2014-01-21 11:39 - 2014-01-21 11:15 - 00000794 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smp
2014-01-21 11:39 - 2014-01-21 11:15 - 00000704 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpsubj
2014-01-21 11:39 - 2014-01-21 11:15 - 00000670 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smptxt2
2014-01-21 11:39 - 2014-01-21 11:15 - 00000640 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smphtml2
2014-01-21 11:39 - 2014-01-21 11:15 - 00000005 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpomem
2014-01-21 11:39 - 2014-01-21 11:15 - 00000000 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpatt
2014-01-16 09:18 - 2013-09-14 20:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 09:18 - 2011-08-10 12:29 - 00000000 ____D () C:\Users\Vítek\AppData\Local\Adobe
2014-01-16 09:17 - 2014-01-16 09:16 - 00005298 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 09:17 - 2013-09-14 20:41 - 00000000 ____D () C:\Program Files\Java
2014-01-15 10:29 - 2014-01-15 10:29 - 00004608 _____ () C:\Users\Vítek\Downloads\tree.xls
2014-01-15 10:26 - 2014-01-15 10:26 - 00001448 _____ () C:\Users\Vítek\Downloads\report.xls
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-14 01:16
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014
Ran by Vítek (administrator) on VITEK on 14-02-2014 01:15:48
Running from C:\Users\Vítek\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(ABBYY) C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
() C:\Program Files\Kooperativa\Services\KoopPDFServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(The Firebird Project) C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Google Inc.) C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\Vítek\AppData\Roaming\Seznam.cz\szninstall.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(forum.viry.cz) C:\Users\Vítek\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\PING.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2615624 2007-10-23] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [906648 2007-10-23] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-10-23] (Acronis)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264 2011-09-22] (ESET)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-10-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [seznam-listicka-distribuce] - C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [OEXPRESS] - [X]
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-13] (Google Inc.)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [Google Update] - C:\Users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-03-09] (Google Inc.)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Vítek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Vítek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [{E17D4FA8-14FA-09AA-A22B-B5450757126A}] - C:\Users\Vítek\AppData\Roaming\SmarThru4\SmarThru4xpers.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {44f9f64e-afea-11dc-951f-001a4d56511b} - I:\setupSNK.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {74373a53-f86d-11df-aa3a-001a4d56511b} - D:\APPInst.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {856d1b10-aff0-11dc-bbf7-806e6f6e6963} - I:\autorun.EXE
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} - D:\SETUP95.EXE
Lsa: [Authentication Packages] msv1_0 relog_ap
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {09FE69F2-7673-4647-8D6E-54AD4A476931} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {31047C32-35F4-4397-9CD3-6577ED642C29} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {44535E1B-B9F1-43C3-9E89-3820E981DBEB} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {64BA73B2-D017-4041-B11D-1BC0D47B5ECB} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKCU - {7A6A937F-8E0B-4C15-9E84-46A6F933476C} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {ACD5ADCA-A900-4484-92B9-D84A308071F1} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {B13612A7-9636-4B61-B56E-C52585042FD9} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {B392C84E-531F-4271-9B6E-E79E120FB726} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {F967467D-238B-45C8-9F0F-81AE41FD8969} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
Toolbar: HKLM - &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll (Seznam.cz a.s.)
Toolbar: HKLM - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
Toolbar: HKCU - &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll (Seznam.cz a.s.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default
FF Homepage: hxxp://www.oriflame-e-kosmetika.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler - C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Vítek\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Vítek\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Vítek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\firmycz.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\mapycz.xml
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\searchplugins\zbocz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-09-23]
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\cs@dictionaries.addons.mozilla.org [2013-01-22]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-05]
FF Extension: Seznam lištička - C:\Users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-03-13]
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\V\u00EDtek\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\V\u00EDtek\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\V\u00EDtek\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (No Name) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2014-01-06]
CHR Extension: (No Name) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-01-06]
CHR Extension: (YouTube) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Vyhledávání Google) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Peněženka Google) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (No Name) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-01-06]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-09-25]
CHR Extension: (Gmail) - C:\Users\Vítek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR StartMenuInternet: Google Chrome - C:\Users\Vítek\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-10-23] (Acronis)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944 2011-09-22] (ESET)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [65536 2005-01-04] (The Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [1527893 2005-01-04] (The Firebird Project)
R2 KoopPdfService; C:\Program Files\Kooperativa\Services\KoopPDFServer.exe [2454016 2011-01-10] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [65536 2009-10-28] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [495832 2007-10-23] ()
==================== Drivers (Whitelisted) ====================
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21275 2007-12-21] (Meetinghouse Data Communications)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [81936 2011-06-06] (Advanced Micro Devices)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163424 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [147480 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [33656 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2011-08-04] (ESET)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-12] (Malwarebytes Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368736 2008-02-07] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2008-02-07] (Acronis)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-09-15] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-09-15] (Windows (R) Codename Longhorn DDK provider)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RT61; system32\DRIVERS\RT61.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-14 01:15 - 2014-02-14 01:15 - 00024733 _____ () C:\Users\Vítek\Desktop\FRST.txt
2014-02-14 01:15 - 2014-02-14 01:15 - 00015327 _____ () C:\Users\Vítek\Desktop\LM.bat
2014-02-14 01:03 - 2014-02-14 01:03 - 00000000 ____D () C:\_OTM
2014-02-14 00:30 - 2014-02-14 00:31 - 00522240 _____ (OldTimer Tools) C:\Users\Vítek\Desktop\OTM.exe
2014-02-13 21:08 - 2014-02-13 21:08 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{BBCF5ABA-1E9C-4857-8BAB-3A6AB08CB7B3}
2014-02-13 09:07 - 2014-02-13 09:08 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{80EA4550-1A2E-439D-BB21-00447EC5520E}
2014-02-12 21:16 - 2014-02-12 21:19 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-12 21:16 - 2014-02-12 21:16 - 00000866 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 21:16 - 2014-02-12 21:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-12 21:16 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-12 21:11 - 2014-02-14 01:15 - 00029696 _____ () C:\Users\Vítek\AppData\Local\MSGBOX.EXE
2014-02-12 21:10 - 2014-02-12 21:10 - 01141248 _____ (Farbar) C:\Users\Vítek\Desktop\FRST.exe
2014-02-12 21:09 - 2014-02-12 21:09 - 00112640 _____ (forum.viry.cz) C:\Users\Vítek\Desktop\FRSTLauncher.exe
2014-02-12 19:11 - 2014-02-12 19:11 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{70178661-68E3-44CF-9C3E-53323359B712}
2014-02-12 18:57 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:57 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:57 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:57 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:57 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:57 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 18:57 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 18:57 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:57 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 18:57 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 18:57 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 18:57 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:57 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:57 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:57 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 18:57 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 18:16 - 2014-02-12 18:16 - 00000000 ____D () C:\Users\oem.oem-PC\AppData\Roaming\Seznam.cz
2014-02-12 14:32 - 2014-02-12 23:27 - 00312382 _____ () C:\Windows\PFRO.log
2014-02-12 12:24 - 2014-02-12 12:25 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{1B9DCC14-078D-42DD-AAD4-4B87A8738F8D}
2014-02-12 12:01 - 2014-02-14 01:15 - 00000000 ____D () C:\FRST
2014-02-11 23:38 - 2014-02-11 23:38 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{0CD96D3D-0685-446B-A68B-C601EE197B25}
2014-02-11 11:16 - 2014-02-11 11:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{EBA27D69-92C7-47A3-BFCF-A5978EDCBFF7}
2014-02-10 23:16 - 2014-02-10 23:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8B035B02-30B3-4F2C-8E65-645F70FC0522}
2014-02-10 11:15 - 2014-02-10 11:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{292AC2BB-1410-4884-830F-0E5A3BE99D1A}
2014-02-09 23:15 - 2014-02-09 23:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{54C7C163-7B47-495D-B4E6-805168A3974F}
2014-02-09 11:15 - 2014-02-09 11:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{3722D9BE-E162-4DF8-8010-B918BADCAD99}
2014-02-08 23:14 - 2014-02-08 23:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{4E5F929A-A593-4825-9700-911E6ECCE1F5}
2014-02-08 11:14 - 2014-02-08 11:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8CFDD359-A26F-4C5F-8ECB-0EC7819472BA}
2014-02-07 23:13 - 2014-02-07 23:13 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{92D90FB4-6BD0-49D2-AE70-50330C2F0425}
2014-02-07 07:43 - 2014-02-07 07:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{6AD0019B-0AAC-4277-8F67-B49787DBDDD0}
2014-02-06 19:43 - 2014-02-06 19:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{1154A75E-3281-4DC0-8388-01EED1B8B7C9}
2014-02-06 19:04 - 2014-02-06 19:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-06 07:42 - 2014-02-06 07:42 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{5F5D9C0D-0F45-49C2-B980-DFCDA9A9DB77}
2014-02-05 14:35 - 2014-02-05 14:35 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{DE821688-7DA6-4029-A7E5-027632A17466}
2014-02-05 00:21 - 2014-02-05 00:21 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{7A8D3D64-6DAE-4030-ACC8-D5FDBEBE7621}
2014-02-04 16:15 - 2014-02-06 15:13 - 00000776 _____ () C:\Users\Vítek\Desktop\SendMails.lnk
2014-02-04 16:15 - 2014-02-06 15:13 - 00000687 _____ () C:\Users\Vítek\Desktop\SendMails manuál PDF.lnk
2014-02-04 16:15 - 2014-02-06 15:13 - 00000000 ____D () C:\Program Files\SendMails
2014-02-04 12:20 - 2014-02-04 12:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{62EDBF14-D81B-446F-8705-6F104DD4B30E}
2014-02-04 00:20 - 2014-02-04 00:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{873A23A0-0F7D-4516-8FCF-63BCFC31AC01}
2014-01-21 11:41 - 2014-01-21 11:41 - 00291868 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smprtf2
2014-01-21 11:41 - 2014-01-21 11:41 - 00035238 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadr
2014-01-21 11:41 - 2014-01-21 11:41 - 00011030 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadrn
2014-01-21 11:41 - 2014-01-21 11:41 - 00000956 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smplog
2014-01-21 11:41 - 2014-01-21 11:41 - 00000794 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smp
2014-01-21 11:41 - 2014-01-21 11:41 - 00000704 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpsubj
2014-01-21 11:41 - 2014-01-21 11:41 - 00000670 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smptxt2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000640 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smphtml2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000005 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpomem
2014-01-21 11:41 - 2014-01-21 11:41 - 00000000 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpatt
2014-01-21 11:15 - 2014-01-21 11:39 - 00291868 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smprtf2
2014-01-21 11:15 - 2014-01-21 11:39 - 00250458 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smplog
2014-01-21 11:15 - 2014-01-21 11:39 - 00034147 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadr
2014-01-21 11:15 - 2014-01-21 11:39 - 00011030 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadrn
2014-01-21 11:15 - 2014-01-21 11:39 - 00000794 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smp
2014-01-21 11:15 - 2014-01-21 11:39 - 00000704 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpsubj
2014-01-21 11:15 - 2014-01-21 11:39 - 00000670 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smptxt2
2014-01-21 11:15 - 2014-01-21 11:39 - 00000640 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smphtml2
2014-01-21 11:15 - 2014-01-21 11:39 - 00000005 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpomem
2014-01-21 11:15 - 2014-01-21 11:39 - 00000000 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpatt
2014-01-16 09:17 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 09:17 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 09:17 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 09:17 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 09:16 - 2014-01-16 09:17 - 00005298 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 10:29 - 2014-01-15 10:29 - 00004608 _____ () C:\Users\Vítek\Downloads\tree.xls
2014-01-15 10:26 - 2014-01-15 10:26 - 00001448 _____ () C:\Users\Vítek\Downloads\report.xls
==================== One Month Modified Files and Folders =======
2014-02-14 01:16 - 2014-02-14 01:15 - 00024733 _____ () C:\Users\Vítek\Desktop\FRST.txt
2014-02-14 01:15 - 2014-02-14 01:15 - 00015327 _____ () C:\Users\Vítek\Desktop\LM.bat
2014-02-14 01:15 - 2014-02-12 21:11 - 00029696 _____ () C:\Users\Vítek\AppData\Local\MSGBOX.EXE
2014-02-14 01:15 - 2014-02-12 12:01 - 00000000 ____D () C:\FRST
2014-02-14 01:11 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 01:11 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 01:11 - 2006-11-02 13:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 01:06 - 2007-12-21 19:18 - 01352810 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 01:06 - 2006-11-02 14:01 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-14 01:03 - 2014-02-14 01:03 - 00000000 ____D () C:\_OTM
2014-02-14 00:32 - 2013-02-02 11:07 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-14 00:31 - 2014-02-14 00:30 - 00522240 _____ (OldTimer Tools) C:\Users\Vítek\Desktop\OTM.exe
2014-02-14 00:29 - 2009-03-08 22:41 - 00000000 ____D () C:\FORM studio 2009
2014-02-13 22:14 - 2012-09-28 22:22 - 00000000 ____D () C:\ProgramData\firebird
2014-02-13 22:14 - 2011-04-18 22:11 - 00000000 ____D () C:\Users\Vítek\Documents\MailStore Home
2014-02-13 21:08 - 2014-02-13 21:08 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{BBCF5ABA-1E9C-4857-8BAB-3A6AB08CB7B3}
2014-02-13 09:08 - 2014-02-13 09:07 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{80EA4550-1A2E-439D-BB21-00447EC5520E}
2014-02-12 23:39 - 2014-01-06 23:38 - 00000000 ____D () C:\Users\Vítek\AppData\Roaming\Seznam.cz
2014-02-12 23:27 - 2014-02-12 14:32 - 00312382 _____ () C:\Windows\PFRO.log
2014-02-12 21:19 - 2014-02-12 21:16 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-12 21:16 - 2014-02-12 21:16 - 00000866 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 21:16 - 2014-02-12 21:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-12 21:12 - 2007-12-26 01:08 - 00000000 ____D () C:\Program Files\Google
2014-02-12 21:10 - 2014-02-12 21:10 - 01141248 _____ (Farbar) C:\Users\Vítek\Desktop\FRST.exe
2014-02-12 21:09 - 2014-02-12 21:09 - 00112640 _____ (forum.viry.cz) C:\Users\Vítek\Desktop\FRSTLauncher.exe
2014-02-12 19:11 - 2014-02-12 19:11 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{70178661-68E3-44CF-9C3E-53323359B712}
2014-02-12 19:03 - 2013-08-14 12:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 19:03 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-12 18:46 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-02-12 18:45 - 2007-12-17 18:11 - 00000000 ____D () C:\Users\Vítek
2014-02-12 18:45 - 2007-12-14 11:21 - 00000000 ____D () C:\Users\oem.oem-PC
2014-02-12 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-02-12 18:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 18:45 - 2006-11-02 11:22 - 72876032 _____ () C:\Windows\system32\config\software_previous
2014-02-12 18:45 - 2006-11-02 11:22 - 46399488 _____ () C:\Windows\system32\config\components_previous
2014-02-12 18:45 - 2006-11-02 11:22 - 125829120 _____ () C:\Windows\system32\config\system_previous
2014-02-12 18:45 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-02-12 18:45 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-02-12 18:45 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-02-12 18:44 - 2012-02-22 15:23 - 00000000 ____D () C:\Users\Vítek\AppData\Roaming\PSpad
2014-02-12 18:44 - 2011-03-23 13:09 - 00000000 ____D () C:\ProgramData\SendMails
2014-02-12 18:44 - 2010-08-05 18:37 - 00000000 ____D () C:\ProgramData\Protexis
2014-02-12 18:44 - 2010-03-28 00:06 - 00000000 ____D () C:\Aplikace
2014-02-12 18:44 - 2009-04-30 11:14 - 00000000 ____D () C:\Program Files\Nokia
2014-02-12 18:44 - 2007-12-21 17:26 - 00000000 ____D () C:\Users\Vítek\AppData\Roaming\GHISLER
2014-02-12 18:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-02-12 18:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-12 18:18 - 2008-12-07 14:36 - 00007944 _____ () C:\Users\Vítek\AppData\Local\d3d9caps.dat
2014-02-12 18:16 - 2014-02-12 18:16 - 00000000 ____D () C:\Users\oem.oem-PC\AppData\Roaming\Seznam.cz
2014-02-12 14:55 - 2008-04-02 21:28 - 00000000 ____D () C:\Windows\Minidump
2014-02-12 12:27 - 2007-11-16 11:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 12:25 - 2014-02-12 12:24 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{1B9DCC14-078D-42DD-AAD4-4B87A8738F8D}
2014-02-11 23:38 - 2014-02-11 23:38 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{0CD96D3D-0685-446B-A68B-C601EE197B25}
2014-02-11 11:16 - 2014-02-11 11:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{EBA27D69-92C7-47A3-BFCF-A5978EDCBFF7}
2014-02-10 23:16 - 2014-02-10 23:16 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8B035B02-30B3-4F2C-8E65-645F70FC0522}
2014-02-10 11:16 - 2014-02-10 11:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{292AC2BB-1410-4884-830F-0E5A3BE99D1A}
2014-02-09 23:15 - 2014-02-09 23:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{54C7C163-7B47-495D-B4E6-805168A3974F}
2014-02-09 11:15 - 2014-02-09 11:15 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{3722D9BE-E162-4DF8-8010-B918BADCAD99}
2014-02-08 23:14 - 2014-02-08 23:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{4E5F929A-A593-4825-9700-911E6ECCE1F5}
2014-02-08 14:03 - 2012-04-24 22:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-08 11:14 - 2014-02-08 11:14 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{8CFDD359-A26F-4C5F-8ECB-0EC7819472BA}
2014-02-07 23:13 - 2014-02-07 23:13 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{92D90FB4-6BD0-49D2-AE70-50330C2F0425}
2014-02-07 07:43 - 2014-02-07 07:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{6AD0019B-0AAC-4277-8F67-B49787DBDDD0}
2014-02-06 19:43 - 2014-02-06 19:43 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{1154A75E-3281-4DC0-8388-01EED1B8B7C9}
2014-02-06 19:05 - 2014-02-06 19:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-06 19:04 - 2011-03-23 13:09 - 00000000 ____D () C:\ProgramData\Microsoft NT Ident
2014-02-06 15:13 - 2014-02-04 16:15 - 00000776 _____ () C:\Users\Vítek\Desktop\SendMails.lnk
2014-02-06 15:13 - 2014-02-04 16:15 - 00000687 _____ () C:\Users\Vítek\Desktop\SendMails manuál PDF.lnk
2014-02-06 15:13 - 2014-02-04 16:15 - 00000000 ____D () C:\Program Files\SendMails
2014-02-06 07:42 - 2014-02-06 07:42 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{5F5D9C0D-0F45-49C2-B980-DFCDA9A9DB77}
2014-02-05 15:32 - 2012-04-11 06:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 15:32 - 2011-06-28 07:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 14:35 - 2014-02-05 14:35 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{DE821688-7DA6-4029-A7E5-027632A17466}
2014-02-05 09:58 - 2014-02-12 18:57 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-12 18:57 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-12 18:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-12 18:57 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-12 18:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-12 18:57 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:49 - 2014-02-12 18:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:48 - 2014-02-12 18:57 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-12 18:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-12 18:57 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-12 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-12 18:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-12 18:57 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-12 18:57 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-12 18:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-12 18:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 00:21 - 2014-02-05 00:21 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{7A8D3D64-6DAE-4030-ACC8-D5FDBEBE7621}
2014-02-04 12:20 - 2014-02-04 12:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{62EDBF14-D81B-446F-8705-6F104DD4B30E}
2014-02-04 09:44 - 2008-12-08 20:44 - 00000000 ____D () C:\Users\Vítek\AppData\Roaming\SmarThru4
2014-02-04 00:30 - 2009-03-09 15:49 - 00002079 _____ () C:\Users\Vítek\Desktop\Google Chrome.lnk
2014-02-04 00:20 - 2014-02-04 00:20 - 00000000 ____D () C:\Users\Vítek\AppData\Local\{873A23A0-0F7D-4516-8FCF-63BCFC31AC01}
2014-02-03 23:00 - 2007-12-19 23:09 - 00082432 _____ () C:\Users\Vítek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-03 14:29 - 2008-01-19 12:36 - 00000000 ____D () C:\Users\Vítek\Documents\_Pajuska
2014-02-01 16:35 - 2008-01-11 18:06 - 00000000 ___SD () C:\Users\Vítek\Documents\Weby
2014-01-21 11:41 - 2014-01-21 11:41 - 00291868 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smprtf2
2014-01-21 11:41 - 2014-01-21 11:41 - 00035238 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadr
2014-01-21 11:41 - 2014-01-21 11:41 - 00011030 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpadrn
2014-01-21 11:41 - 2014-01-21 11:41 - 00000956 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smplog
2014-01-21 11:41 - 2014-01-21 11:41 - 00000794 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smp
2014-01-21 11:41 - 2014-01-21 11:41 - 00000704 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpsubj
2014-01-21 11:41 - 2014-01-21 11:41 - 00000670 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smptxt2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000640 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smphtml2
2014-01-21 11:41 - 2014-01-21 11:41 - 00000005 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpomem
2014-01-21 11:41 - 2014-01-21 11:41 - 00000000 _____ () C:\Users\Vítek\Documents\Nový katalog Oriflame 2-2014.smpatt
2014-01-21 11:40 - 2012-02-25 17:28 - 00000000 ____D () C:\Users\Vítek\Documents\log
2014-01-21 11:39 - 2014-01-21 11:15 - 00291868 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smprtf2
2014-01-21 11:39 - 2014-01-21 11:15 - 00250458 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smplog
2014-01-21 11:39 - 2014-01-21 11:15 - 00034147 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadr
2014-01-21 11:39 - 2014-01-21 11:15 - 00011030 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpadrn
2014-01-21 11:39 - 2014-01-21 11:15 - 00000794 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smp
2014-01-21 11:39 - 2014-01-21 11:15 - 00000704 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpsubj
2014-01-21 11:39 - 2014-01-21 11:15 - 00000670 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smptxt2
2014-01-21 11:39 - 2014-01-21 11:15 - 00000640 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smphtml2
2014-01-21 11:39 - 2014-01-21 11:15 - 00000005 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpomem
2014-01-21 11:39 - 2014-01-21 11:15 - 00000000 _____ () C:\Users\Vítek\Documents\Katalog Oriflame 2-2014.smpatt
2014-01-16 09:18 - 2013-09-14 20:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 09:18 - 2011-08-10 12:29 - 00000000 ____D () C:\Users\Vítek\AppData\Local\Adobe
2014-01-16 09:17 - 2014-01-16 09:16 - 00005298 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 09:17 - 2013-09-14 20:41 - 00000000 ____D () C:\Program Files\Java
2014-01-15 10:29 - 2014-01-15 10:29 - 00004608 _____ () C:\Users\Vítek\Downloads\tree.xls
2014-01-15 10:26 - 2014-01-15 10:26 - 00001448 _____ () C:\Users\Vítek\Downloads\report.xls
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-14 01:16
==================== End Of Log ============================
-
Rudy
- Site Admin
- Příspěvky: 119534
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, prosím o kontrolu logu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-13] (Google Inc.)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {44f9f64e-afea-11dc-951f-001a4d56511b} - I:\setupSNK.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {74373a53-f86d-11df-aa3a-001a4d56511b} - D:\APPInst.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {856d1b10-aff0-11dc-bbf7-806e6f6e6963} - I:\autorun.EXE
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} - D:\SETUP95.EXE
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, prosím o kontrolu logu
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014
Ran by Vítek at 2014-02-15 00:00:12 Run:2
Running from C:\Users\Vítek\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-13] (Google Inc.)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {44f9f64e-afea-11dc-951f-001a4d56511b} - I:\setupSNK.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {74373a53-f86d-11df-aa3a-001a4d56511b} - D:\APPInst.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {856d1b10-aff0-11dc-bbf7-806e6f6e6963} - I:\autorun.EXE
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} - D:\SETUP95.EXE
End
*****************
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\Software\Microsoft\Windows\CurrentVersion\Run\\swg =>
LOG
Value deleted successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44f9f64e-afea-11dc-951f-001a4d56511b} => Key not found.
HKCR\CLSID\{44f9f64e-afea-11dc-951f-001a4d56511b} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74373a53-f86d-11df-aa3a-001a4d56511b} => Key not found.
HKCR\CLSID\{74373a53-f86d-11df-aa3a-001a4d56511b} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{856d1b10-aff0-11dc-bbf7-806e6f6e6963} => Key not found.
HKCR\CLSID\{856d1b10-aff0-11dc-bbf7-806e6f6e6963} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} => Key not found.
HKCR\CLSID\{d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} => Key not found.
==== End of Fixlog ====
Ran by Vítek at 2014-02-15 00:00:12 Run:2
Running from C:\Users\Vítek\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-13] (Google Inc.)
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {44f9f64e-afea-11dc-951f-001a4d56511b} - I:\setupSNK.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {74373a53-f86d-11df-aa3a-001a4d56511b} - D:\APPInst.exe
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {856d1b10-aff0-11dc-bbf7-806e6f6e6963} - I:\autorun.EXE
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\...\MountPoints2: {d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} - D:\SETUP95.EXE
End
*****************
HKU\S-1-5-21-1102432394-2755357371-3648797907-1002\Software\Microsoft\Windows\CurrentVersion\Run\\swg =>
LOG
Value deleted successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44f9f64e-afea-11dc-951f-001a4d56511b} => Key not found.
HKCR\CLSID\{44f9f64e-afea-11dc-951f-001a4d56511b} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74373a53-f86d-11df-aa3a-001a4d56511b} => Key not found.
HKCR\CLSID\{74373a53-f86d-11df-aa3a-001a4d56511b} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{856d1b10-aff0-11dc-bbf7-806e6f6e6963} => Key not found.
HKCR\CLSID\{856d1b10-aff0-11dc-bbf7-806e6f6e6963} => Key not found.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} => Key not found.
HKCR\CLSID\{d7f9359c-e964-11e1-867f-c3f2ad3f5c9f} => Key not found.
==== End of Fixlog ====
-
Rudy
- Site Admin
- Příspěvky: 119534
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, prosím o kontrolu logu
Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, prosím o kontrolu logu
řekl bych, že je to rychlejší.
Nevím, jestli nemám v PC nějakého vira, někdo se mi naboural do bank. účtu (mbank), ale včas jsem to odhalil. Antivirus Eset nic nehlásí. Navíc mi od včerejška přestala fungovat WIFI na routeru EDIMAX BR 6304wg ( nastavení jsem neměnil)
Nevím, jestli nemám v PC nějakého vira, někdo se mi naboural do bank. účtu (mbank), ale včas jsem to odhalil. Antivirus Eset nic nehlásí. Navíc mi od včerejška přestala fungovat WIFI na routeru EDIMAX BR 6304wg ( nastavení jsem neměnil)
-
Rudy
- Site Admin
- Příspěvky: 119534
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé PC, prosím o kontrolu logu
Uděláme hloubkový sken na viry. Dejte log ComboFix:
Předpokládám, že jste si po nabourání změnil příslušná hesla.Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé PC, prosím o kontrolu logu
Hesla jsem hned změnil. posílám log z ComboFix
ComboFix 14-02-14.01 - Vítek 16.02.2014 0:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.801 [GMT 1:00]
Spuštěný z: c:\users\VÝtek\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\5D68CB4516.sys
c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Recent\lesk-pink-me-perfect-very-me.pdf
c:\windows\IsUn0407.exe
c:\windows\system32\CddbCdda.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-15 do 2014-02-15 )))))))))))))))))))))))))))))))
.
.
2014-02-15 23:40 . 2014-02-15 23:40 -------- d-----w- c:\users\Vítek\AppData\Local\{1005D704-BD73-475E-92D7-4ADAF2BAE558}
2014-02-15 10:09 . 2014-02-15 10:09 -------- d-----w- c:\windows\CheckSur
2014-02-15 09:00 . 2014-02-15 09:01 -------- d-----w- c:\users\Vítek\AppData\Local\{ADEC49FC-FC44-4142-9204-EB31A8153D1F}
2014-02-14 20:57 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B956800-BF5F-4BC7-A2DA-189A68314ECE}\mpengine.dll
2014-02-14 20:57 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-14 15:47 . 2014-02-14 15:47 -------- d-----w- c:\users\Vítek\AppData\Local\{514D62FB-9E89-46A7-BC39-25DBCB20CDB9}
2014-02-14 00:03 . 2014-02-14 00:03 -------- d-----w- C:\_OTM
2014-02-13 20:08 . 2014-02-13 20:08 -------- d-----w- c:\users\Vítek\AppData\Local\{BBCF5ABA-1E9C-4857-8BAB-3A6AB08CB7B3}
2014-02-13 08:07 . 2014-02-13 08:08 -------- d-----w- c:\users\Vítek\AppData\Local\{80EA4550-1A2E-439D-BB21-00447EC5520E}
2014-02-12 20:16 . 2014-02-12 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-12 20:16 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-12 18:11 . 2014-02-12 18:11 -------- d-----w- c:\users\Vítek\AppData\Local\{70178661-68E3-44CF-9C3E-53323359B712}
2014-02-12 17:16 . 2014-02-12 17:16 -------- d-----w- c:\users\oem.oem-PC\AppData\Roaming\Seznam.cz
2014-02-12 11:24 . 2014-02-12 11:25 -------- d-----w- c:\users\Vítek\AppData\Local\{1B9DCC14-078D-42DD-AAD4-4B87A8738F8D}
2014-02-12 11:01 . 2014-02-14 23:00 -------- d-----w- C:\FRST
2014-02-11 22:38 . 2014-02-11 22:38 -------- d-----w- c:\users\Vítek\AppData\Local\{0CD96D3D-0685-446B-A68B-C601EE197B25}
2014-02-11 10:16 . 2014-02-11 10:16 -------- d-----w- c:\users\Vítek\AppData\Local\{EBA27D69-92C7-47A3-BFCF-A5978EDCBFF7}
2014-02-10 22:16 . 2014-02-10 22:16 -------- d-----w- c:\users\Vítek\AppData\Local\{8B035B02-30B3-4F2C-8E65-645F70FC0522}
2014-02-10 10:15 . 2014-02-10 10:16 -------- d-----w- c:\users\Vítek\AppData\Local\{292AC2BB-1410-4884-830F-0E5A3BE99D1A}
2014-02-09 22:15 . 2014-02-09 22:15 -------- d-----w- c:\users\Vítek\AppData\Local\{54C7C163-7B47-495D-B4E6-805168A3974F}
2014-02-09 10:15 . 2014-02-09 10:15 -------- d-----w- c:\users\Vítek\AppData\Local\{3722D9BE-E162-4DF8-8010-B918BADCAD99}
2014-02-08 22:14 . 2014-02-08 22:14 -------- d-----w- c:\users\Vítek\AppData\Local\{4E5F929A-A593-4825-9700-911E6ECCE1F5}
2014-02-08 10:14 . 2014-02-08 10:14 -------- d-----w- c:\users\Vítek\AppData\Local\{8CFDD359-A26F-4C5F-8ECB-0EC7819472BA}
2014-02-07 22:13 . 2014-02-07 22:13 -------- d-----w- c:\users\Vítek\AppData\Local\{92D90FB4-6BD0-49D2-AE70-50330C2F0425}
2014-02-07 06:43 . 2014-02-07 06:43 -------- d-----w- c:\users\Vítek\AppData\Local\{6AD0019B-0AAC-4277-8F67-B49787DBDDD0}
2014-02-06 18:43 . 2014-02-06 18:43 -------- d-----w- c:\users\Vítek\AppData\Local\{1154A75E-3281-4DC0-8388-01EED1B8B7C9}
2014-02-06 06:42 . 2014-02-06 06:42 -------- d-----w- c:\users\Vítek\AppData\Local\{5F5D9C0D-0F45-49C2-B980-DFCDA9A9DB77}
2014-02-05 13:35 . 2014-02-05 13:35 -------- d-----w- c:\users\Vítek\AppData\Local\{DE821688-7DA6-4029-A7E5-027632A17466}
2014-02-04 23:21 . 2014-02-04 23:21 -------- d-----w- c:\users\Vítek\AppData\Local\{7A8D3D64-6DAE-4030-ACC8-D5FDBEBE7621}
2014-02-04 15:15 . 2014-02-06 14:13 -------- d-----w- c:\program files\SendMails
2014-02-04 11:20 . 2014-02-04 11:20 -------- d-----w- c:\users\Vítek\AppData\Local\{62EDBF14-D81B-446F-8705-6F104DD4B30E}
2014-02-03 23:20 . 2014-02-03 23:20 -------- d-----w- c:\users\Vítek\AppData\Local\{873A23A0-0F7D-4516-8FCF-63BCFC31AC01}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 14:32 . 2012-04-11 05:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 14:32 . 2011-06-28 06:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 20:10 . 2014-01-16 08:17 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-18 05:13 . 2009-10-03 07:46 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"cz.seznam.software.autoupdate"="c:\users\Vítek\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Vítek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Smart Panel.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Smart Panel.lnk
backup=c:\windows\pss\Smart Panel.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kooperativa - PDF Server.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kooperativa - PDF Server.lnk
backup=c:\windows\pss\Kooperativa - PDF Server.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
backup=c:\windows\pss\PMB Media Check Tool.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Guage.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
backup=c:\windows\pss\Samsung Auto Backup Guage.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Real-Time Daemon.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
backup=c:\windows\pss\Samsung Auto Backup Real-Time Daemon.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Scheduler.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk
backup=c:\windows\pss\Samsung Auto Backup Scheduler.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3170 Scan2PC]
2008-08-07 06:58 495616 ----a-w- c:\windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-24 22:01 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-09 14:48 133104 ----atw- c:\users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 18:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2013-04-04 13:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 13:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 10:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
2011-02-19 07:55 826368 ----a-w- c:\windows\System32\PrintDisp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-08-11 07:49 524288 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-13 20:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 14:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=13415
uInternet Settings,ProxyOverride = *.local
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
TCP: DhcpNameServer = 141.170.136.3 141.170.136.2 46.36.32.1
FF - ProfilePath - c:\users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.oriflame-e-kosmetika.cz/
FF - ExtSQL: !HIDDEN! 2009-09-02 09:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-{E17D4FA8-14FA-09AA-A22B-B5450757126A} - c:\users\Vítek\AppData\Roaming\SmarThru4\SmarThru4xpers.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_231F3FD17DB59CFD.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-16 00:59
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2014-02-16 01:03:56
ComboFix-quarantined-files.txt 2014-02-16 00:03
.
Před spuštěním: Volných bajtů: 41 202 790 400
Po spuštění: Volných bajtů: 41 058 865 152
.
- - End Of File - - FF3FEC1F06F163BD052964C23E603355
71FEC3C90220FEE7A1D286BE5405F7C4
ComboFix 14-02-14.01 - Vítek 16.02.2014 0:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.801 [GMT 1:00]
Spuštěný z: c:\users\VÝtek\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\5D68CB4516.sys
c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Recent\lesk-pink-me-perfect-very-me.pdf
c:\windows\IsUn0407.exe
c:\windows\system32\CddbCdda.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-15 do 2014-02-15 )))))))))))))))))))))))))))))))
.
.
2014-02-15 23:40 . 2014-02-15 23:40 -------- d-----w- c:\users\Vítek\AppData\Local\{1005D704-BD73-475E-92D7-4ADAF2BAE558}
2014-02-15 10:09 . 2014-02-15 10:09 -------- d-----w- c:\windows\CheckSur
2014-02-15 09:00 . 2014-02-15 09:01 -------- d-----w- c:\users\Vítek\AppData\Local\{ADEC49FC-FC44-4142-9204-EB31A8153D1F}
2014-02-14 20:57 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B956800-BF5F-4BC7-A2DA-189A68314ECE}\mpengine.dll
2014-02-14 20:57 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-14 15:47 . 2014-02-14 15:47 -------- d-----w- c:\users\Vítek\AppData\Local\{514D62FB-9E89-46A7-BC39-25DBCB20CDB9}
2014-02-14 00:03 . 2014-02-14 00:03 -------- d-----w- C:\_OTM
2014-02-13 20:08 . 2014-02-13 20:08 -------- d-----w- c:\users\Vítek\AppData\Local\{BBCF5ABA-1E9C-4857-8BAB-3A6AB08CB7B3}
2014-02-13 08:07 . 2014-02-13 08:08 -------- d-----w- c:\users\Vítek\AppData\Local\{80EA4550-1A2E-439D-BB21-00447EC5520E}
2014-02-12 20:16 . 2014-02-12 20:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-12 20:16 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-12 18:11 . 2014-02-12 18:11 -------- d-----w- c:\users\Vítek\AppData\Local\{70178661-68E3-44CF-9C3E-53323359B712}
2014-02-12 17:16 . 2014-02-12 17:16 -------- d-----w- c:\users\oem.oem-PC\AppData\Roaming\Seznam.cz
2014-02-12 11:24 . 2014-02-12 11:25 -------- d-----w- c:\users\Vítek\AppData\Local\{1B9DCC14-078D-42DD-AAD4-4B87A8738F8D}
2014-02-12 11:01 . 2014-02-14 23:00 -------- d-----w- C:\FRST
2014-02-11 22:38 . 2014-02-11 22:38 -------- d-----w- c:\users\Vítek\AppData\Local\{0CD96D3D-0685-446B-A68B-C601EE197B25}
2014-02-11 10:16 . 2014-02-11 10:16 -------- d-----w- c:\users\Vítek\AppData\Local\{EBA27D69-92C7-47A3-BFCF-A5978EDCBFF7}
2014-02-10 22:16 . 2014-02-10 22:16 -------- d-----w- c:\users\Vítek\AppData\Local\{8B035B02-30B3-4F2C-8E65-645F70FC0522}
2014-02-10 10:15 . 2014-02-10 10:16 -------- d-----w- c:\users\Vítek\AppData\Local\{292AC2BB-1410-4884-830F-0E5A3BE99D1A}
2014-02-09 22:15 . 2014-02-09 22:15 -------- d-----w- c:\users\Vítek\AppData\Local\{54C7C163-7B47-495D-B4E6-805168A3974F}
2014-02-09 10:15 . 2014-02-09 10:15 -------- d-----w- c:\users\Vítek\AppData\Local\{3722D9BE-E162-4DF8-8010-B918BADCAD99}
2014-02-08 22:14 . 2014-02-08 22:14 -------- d-----w- c:\users\Vítek\AppData\Local\{4E5F929A-A593-4825-9700-911E6ECCE1F5}
2014-02-08 10:14 . 2014-02-08 10:14 -------- d-----w- c:\users\Vítek\AppData\Local\{8CFDD359-A26F-4C5F-8ECB-0EC7819472BA}
2014-02-07 22:13 . 2014-02-07 22:13 -------- d-----w- c:\users\Vítek\AppData\Local\{92D90FB4-6BD0-49D2-AE70-50330C2F0425}
2014-02-07 06:43 . 2014-02-07 06:43 -------- d-----w- c:\users\Vítek\AppData\Local\{6AD0019B-0AAC-4277-8F67-B49787DBDDD0}
2014-02-06 18:43 . 2014-02-06 18:43 -------- d-----w- c:\users\Vítek\AppData\Local\{1154A75E-3281-4DC0-8388-01EED1B8B7C9}
2014-02-06 06:42 . 2014-02-06 06:42 -------- d-----w- c:\users\Vítek\AppData\Local\{5F5D9C0D-0F45-49C2-B980-DFCDA9A9DB77}
2014-02-05 13:35 . 2014-02-05 13:35 -------- d-----w- c:\users\Vítek\AppData\Local\{DE821688-7DA6-4029-A7E5-027632A17466}
2014-02-04 23:21 . 2014-02-04 23:21 -------- d-----w- c:\users\Vítek\AppData\Local\{7A8D3D64-6DAE-4030-ACC8-D5FDBEBE7621}
2014-02-04 15:15 . 2014-02-06 14:13 -------- d-----w- c:\program files\SendMails
2014-02-04 11:20 . 2014-02-04 11:20 -------- d-----w- c:\users\Vítek\AppData\Local\{62EDBF14-D81B-446F-8705-6F104DD4B30E}
2014-02-03 23:20 . 2014-02-03 23:20 -------- d-----w- c:\users\Vítek\AppData\Local\{873A23A0-0F7D-4516-8FCF-63BCFC31AC01}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 14:32 . 2012-04-11 05:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 14:32 . 2011-06-28 06:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 20:10 . 2014-01-16 08:17 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-18 05:13 . 2009-10-03 07:46 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"cz.seznam.software.autoupdate"="c:\users\Vítek\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\Vítek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2013-04-12 92664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Smart Panel.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Smart Panel.lnk
backup=c:\windows\pss\Smart Panel.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kooperativa - PDF Server.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kooperativa - PDF Server.lnk
backup=c:\windows\pss\Kooperativa - PDF Server.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
backup=c:\windows\pss\PMB Media Check Tool.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Guage.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
backup=c:\windows\pss\Samsung Auto Backup Guage.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Real-Time Daemon.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
backup=c:\windows\pss\Samsung Auto Backup Real-Time Daemon.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Scheduler.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk
backup=c:\windows\pss\Samsung Auto Backup Scheduler.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vítek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Vítek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3170 Scan2PC]
2008-08-07 06:58 495616 ----a-w- c:\windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-24 22:01 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-09 14:48 133104 ----atw- c:\users\Vítek\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 18:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2013-04-04 13:50 887432 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 13:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 10:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintDisp]
2011-02-19 07:55 826368 ----a-w- c:\windows\System32\PrintDisp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2008-08-11 07:49 524288 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-13 20:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 14:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=13415
uInternet Settings,ProxyOverride = *.local
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
TCP: DhcpNameServer = 141.170.136.3 141.170.136.2 46.36.32.1
FF - ProfilePath - c:\users\Vítek\AppData\Roaming\Mozilla\Firefox\Profiles\j1kh7c0r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.oriflame-e-kosmetika.cz/
FF - ExtSQL: !HIDDEN! 2009-09-02 09:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-{E17D4FA8-14FA-09AA-A22B-B5450757126A} - c:\users\Vítek\AppData\Roaming\SmarThru4\SmarThru4xpers.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_231F3FD17DB59CFD.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-16 00:59
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2014-02-16 01:03:56
ComboFix-quarantined-files.txt 2014-02-16 00:03
.
Před spuštěním: Volných bajtů: 41 202 790 400
Po spuštění: Volných bajtů: 41 058 865 152
.
- - End Of File - - FF3FEC1F06F163BD052964C23E603355
71FEC3C90220FEE7A1D286BE5405F7C4
Přispějete na provoz fóra?