Dobrý večer,
prosím o preventivku na notebook, který byl dlouho připojen na internetu bez jakékoliv ochrany. Díky
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by zuza (administrator) on ZUZA-PC on 13-01-2015 22:19:40
Running from C:\Users\zuza\Desktop
Loaded Profile: zuza (Available profiles: zuza)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(SafeBoot International) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-24] (InterVideo Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3842048 2008-03-19] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [10244096 2008-05-14] (Hewlett-Packard)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-10-01] (ESET)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-24] (Google Inc.)
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {55e1da1c-6b4b-11df-9d1f-0022645cdb1a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
AppInit_DLLs: APSHook.dll => C:\windows\system32\APSHook.dll [76048 2008-03-25] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://www.icq.com/search/results.php?q ... &ch_id=osd
URLSearchHook: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 - (No Name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 - (No Name) - *{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - No File
URLSearchHook: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 - (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL No File
SearchScopes: HKLM -> {41BE54D5-4ABD-4E9A-A9E6-8C4804E0FFDF} URL = http://slirsredirect.search.aol.com/sli ... bie7-cs-cz
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> {41BE54D5-4ABD-4E9A-A9E6-8C4804E0FFDF} URL = http://slirsredirect.search.aol.com/sli ... bie7-cs-cz
SearchScopes: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
SearchScopes: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
BHO: BHO_Startup Class -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO: No Name -> {A3BC75A2-1F87-4686-AA43-5347D756017C} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 C:\windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-03]
Chrome:
=======
CHR Profile: C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-25]
CHR Extension: (Disk Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-25]
CHR Extension: (YouTube) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Peněženka Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR Extension: (Gmail) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity)
R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.)
R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2014-10-01] (ESET)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [18944 2008-06-02] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-30] (SafeBoot International)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-14] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-05-12] (PDF Complete Inc)
R2 PLFlash DeviceIoControl Service; C:\windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET)
R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET)
R2 epfw; C:\windows\System32\DRIVERS\epfw.sys [176448 2014-10-10] (ESET)
R1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [37928 2014-10-10] (ESET)
R0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [51288 2014-10-10] (ESET)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [12496 2008-05-30] (SafeBoot International)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [108752 2008-05-30] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51376 2008-05-30] (SafeBoot N.V.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [12928 2008-05-30] (SafeBoot International)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 22:19 - 2015-01-13 22:20 - 00016701 _____ () C:\Users\zuza\Desktop\FRST.txt
2015-01-13 22:19 - 2015-01-13 22:19 - 00000000 ____D () C:\FRST
2015-01-13 22:18 - 2015-01-13 22:16 - 00112640 _____ (forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
2015-01-13 22:17 - 2015-01-13 22:14 - 01115648 _____ (Farbar) C:\Users\zuza\Desktop\FRST.exe
2015-01-13 22:13 - 2015-01-13 22:14 - 01115648 _____ (Farbar) C:\Users\zuza\Downloads\FRST.exe
2015-01-13 14:01 - 2015-01-13 14:01 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\ESET
2015-01-13 14:01 - 2015-01-13 14:01 - 00000000 ____D () C:\Users\zuza\AppData\Local\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\ProgramData\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\Program Files\ESET
2015-01-13 13:44 - 2015-01-13 13:44 - 01660616 _____ (ESET) C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe
2015-01-11 21:06 - 2015-01-11 20:57 - 00116878 _____ () C:\Users\zuza\Desktop\The.Holiday.2006.BrRip.x264.720p.YIFY.srt
2015-01-11 21:01 - 2015-01-08 21:34 - 840641319 _____ () C:\Users\zuza\Desktop\The.Holiday.2006.BrRip.x264.720p.YIFY.mp4
2015-01-08 19:42 - 2015-01-08 19:42 - 19843800 _____ () C:\Users\zuza\Downloads\BioluminescentForest_Image_Collection.zip
2015-01-07 00:07 - 2015-01-07 00:09 - 00000000 ____D () C:\Users\zuza\Desktop\The.Boat.That.Rocked.2009.720p.Bluray.x264.anoXmous
2015-01-06 21:31 - 2015-01-06 21:31 - 00142600 _____ () C:\windows\Minidump\Mini010615-01.dmp
2015-01-03 23:10 - 2015-01-03 23:15 - 1196435940 _____ () C:\Users\zuza\Downloads\Notting Hill =1999-J.Roberts,H.Grant-DVD-CZ.avi
2015-01-02 21:46 - 2015-01-02 21:46 - 00000318 _____ () C:\Users\zuza\Desktop\SDÍLEJ.CZ Manager.appref-ms
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDÍLEJ.CZ
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Local\Deployment
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Local\Apps\2.0
2015-01-02 21:45 - 2015-01-02 21:45 - 00467263 _____ () C:\Users\zuza\Downloads\Manager_1_42.zip
2015-01-02 21:09 - 2015-01-02 19:21 - 00100827 _____ () C:\Users\zuza\Desktop\Love.Actually.2003.720p.BluRay.x264.YIFY.srt
2015-01-02 21:09 - 2015-01-02 19:20 - 975125715 _____ () C:\Users\zuza\Desktop\Love.Actually.2003.720p.BluRay.x264.YIFY.mp4
2014-12-20 16:34 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 16:27 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-12-18 14:06 - 2014-12-18 14:10 - 00000000 ____D () C:\Users\zuza\Desktop\Begin.Again.2013.HDRip.XviD.AC3-EVO
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 22:18 - 2006-11-02 13:52 - 00393784 _____ () C:\windows\setupact.log
2015-01-13 21:50 - 2010-02-04 21:41 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 20:36 - 2006-11-02 13:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 20:36 - 2006-11-02 13:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:07 - 2009-03-03 22:48 - 01224903 _____ () C:\windows\WindowsUpdate.log
2015-01-13 14:42 - 2010-02-04 21:41 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 14:36 - 2008-08-04 11:10 - 00000000 ____D () C:\ProgramData\hpqLog
2015-01-13 14:36 - 2006-11-02 14:01 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-13 14:35 - 2006-11-02 14:00 - 00228650 _____ () C:\windows\PFRO.log
2015-01-13 14:34 - 2009-03-03 22:47 - 00002140 _____ () C:\windows\bthservsdp.dat
2015-01-13 14:34 - 2006-11-02 14:01 - 00032614 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-13 13:57 - 2009-03-03 15:08 - 00000000 ____D () C:\Users\zuza
2015-01-11 21:50 - 2012-08-13 12:22 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\vlc
2015-01-08 09:55 - 2009-10-04 15:07 - 00249488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-06 21:31 - 2011-09-23 08:49 - 00000000 ____D () C:\windows\Minidump
2015-01-06 21:31 - 2011-09-23 08:48 - 193792446 _____ () C:\windows\MEMORY.DMP
2015-01-03 23:21 - 2009-03-07 10:16 - 00089600 _____ () C:\Users\zuza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-31 11:51 - 2014-11-06 09:59 - 02533222 _____ () C:\Users\zuza\Desktop\light on pranayama překlad.odt
2014-12-20 16:34 - 2013-10-22 18:49 - 00000000 ____D () C:\windows\system32\MRT
2014-12-20 16:29 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2014-12-18 20:05 - 2008-04-17 18:00 - 01603480 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-15 21:54 - 2014-09-25 09:08 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
Some content of TEMP:
====================
C:\Users\zuza\AppData\Local\Temp\avgnt.exe
C:\Users\zuza\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\zuza\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\zuza\AppData\Local\Temp\InstHelper.exe
C:\Users\zuza\AppData\Local\Temp\SDShelEx-win32.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\zuza\Desktop" je 6224 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub
"c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS
rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor
"C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete
C:\Program Files\PDF Complete\pdfsty.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
"C:\Program Files\Winamp\winampa.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^zuza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventiva notebook
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Preventiva notebook
- Přílohy
-
- Addition.rar
- (7.72 KiB) Staženo 57 x
Re: Preventiva notebook
Zdravim 
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Po spusteni probehne stazeni databaze
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Preventiva notebook
# AdwCleaner v4.107 - Report created 13/01/2015 at 23:04:43
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Username : zuza - ZUZA-PC
# Running from : C:\Users\zuza\Desktop\adwcleaner_4.107.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\ICQ6Toolbar
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9CB65206-89C4-402C-BA80-02D8C59F9B1D}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{41BE54D5-4ABD-4E9A-A9E6-8C4804E0FFDF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41BE54D5-4ABD-4E9A-A9E6-8C4804E0FFDF}
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\AskTBar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16599
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v
-\\ Google Chrome v39.0.2171.95
*************************
AdwCleaner[R0].txt - [4011 octets] - [13/01/2015 23:02:01]
AdwCleaner[S0].txt - [3918 octets] - [13/01/2015 23:04:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3978 octets] ##########
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Username : zuza - ZUZA-PC
# Running from : C:\Users\zuza\Desktop\adwcleaner_4.107.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\ICQ6Toolbar
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9CB65206-89C4-402C-BA80-02D8C59F9B1D}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{41BE54D5-4ABD-4E9A-A9E6-8C4804E0FFDF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41BE54D5-4ABD-4E9A-A9E6-8C4804E0FFDF}
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\AskTBar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16599
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v
-\\ Google Chrome v39.0.2171.95
*************************
AdwCleaner[R0].txt - [4011 octets] - [13/01/2015 23:02:01]
AdwCleaner[S0].txt - [3918 octets] - [13/01/2015 23:04:43]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3978 octets] ##########
Re: Preventiva notebook
Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
- Do okna vlozte skript nize
Kód: Vybrat vše
autoclean; resethosts; emptyclsid; IEdefaults; FFdefaults; CHRdefaults; emptyIEcache; emptyFFcache; emptyCHRcache; emptyalltemp; emptyflash; emptyjava; emptyrecycle.bin;- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventiva notebook
Po spuštění programu vyskočí okno:
Skriptovací stroj VBScript pro script
C:/User/zuza/AppData/Local/Temp/os.vbs nebyl nalezen.
Co s tím? Díky
Skriptovací stroj VBScript pro script
C:/User/zuza/AppData/Local/Temp/os.vbs nebyl nalezen.
Co s tím?
DíkyRe: Preventiva notebook
Zkuste jej spustit v nouzovem rezimu...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventiva notebook
Zoek.exe v5.0.0.0 Updated 07-December-2014
Tool run by zuza on Łt 13.01.2015 at 23:24:26,84.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\zuza\Desktop\zoek.exe.scr [Scan all users] [Script inserted]
==== System Restore Info ======================
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\OLYMPUS deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\zuza\AppData\Roaming\HpUpdate deleted successfully
C:\Users\zuza\AppData\Roaming\WinRAR deleted successfully
C:\Users\zuza\AppData\Local\Adobe deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\*{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\*{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\zuza\AppData\Roaming\Mozilla\Firefox\Profiles\V1LEerWf.default\prefs.js:
Added to C:\Users\zuza\AppData\Roaming\Mozilla\Firefox\Profiles\V1LEerWf.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\PROGRA~2\ICQ deleted
C:\Users\zuza\AppData\LocalLow\AVGTOOLBAR deleted
C:\windows\system32\config\systemprofile\Searches deleted
C:\Users\zuza\AppData\Roaming\Mozilla\Firefox\Profiles\V1LEerWf.default\extensions\abs@avira.com deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02.09.2009 15:17]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... PB_enCZ317"
==== Reset Google Chrome ======================
C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\zuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\zuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=173 folders=33 3873536 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\zuza\AppData\Local\Temp will be emptied at reboot
C:\windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\zuza\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\zuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on Łt 13.01.2015 at 23:42:26,15 ======================
Tool run by zuza on Łt 13.01.2015 at 23:24:26,84.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\zuza\Desktop\zoek.exe.scr [Scan all users] [Script inserted]
==== System Restore Info ======================
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\OLYMPUS deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\zuza\AppData\Roaming\HpUpdate deleted successfully
C:\Users\zuza\AppData\Roaming\WinRAR deleted successfully
C:\Users\zuza\AppData\Local\Adobe deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\*{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\*{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\zuza\AppData\Roaming\Mozilla\Firefox\Profiles\V1LEerWf.default\prefs.js:
Added to C:\Users\zuza\AppData\Roaming\Mozilla\Firefox\Profiles\V1LEerWf.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\PROGRA~2\ICQ deleted
C:\Users\zuza\AppData\LocalLow\AVGTOOLBAR deleted
C:\windows\system32\config\systemprofile\Searches deleted
C:\Users\zuza\AppData\Roaming\Mozilla\Firefox\Profiles\V1LEerWf.default\extensions\abs@avira.com deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02.09.2009 15:17]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... PB_enCZ317"
==== Reset Google Chrome ======================
C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\zuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\zuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=173 folders=33 3873536 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\zuza\AppData\Local\Temp will be emptied at reboot
C:\windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\zuza\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\zuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on Łt 13.01.2015 at 23:42:26,15 ======================
Re: Preventiva notebook
Poprosim o novy log z FRST
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventiva notebook
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by zuza (administrator) on ZUZA-PC on 13-01-2015 23:50:14
Running from C:\Users\zuza\Desktop
Loaded Profile: zuza (Available profiles: zuza)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-24] (InterVideo Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3842048 2008-03-19] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [10244096 2008-05-14] (Hewlett-Packard)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-10-01] (ESET)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-24] (Google Inc.)
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {55e1da1c-6b4b-11df-9d1f-0022645cdb1a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
AppInit_DLLs: APSHook.dll => C:\windows\system32\APSHook.dll [76048 2008-03-25] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: BHO_Startup Class -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 C:\windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-03]
Chrome:
=======
CHR Profile: C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-25]
CHR Extension: (Disk Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-25]
CHR Extension: (YouTube) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Peněženka Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR Extension: (Gmail) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity)
S2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.)
S2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2014-10-01] (ESET)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [18944 2008-06-02] (Hewlett-Packard Development Company, L.P) [File not signed]
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-30] (SafeBoot International)
S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-14] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-05-12] (PDF Complete Inc)
S2 PLFlash DeviceIoControl Service; C:\windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET)
S1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET)
S2 epfw; C:\windows\System32\DRIVERS\epfw.sys [176448 2014-10-10] (ESET)
S1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [37928 2014-10-10] (ESET)
S0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [51288 2014-10-10] (ESET)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [12496 2008-05-30] (SafeBoot International)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [108752 2008-05-30] (SafeBoot International)
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51376 2008-05-30] (SafeBoot N.V.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [12928 2008-05-30] (SafeBoot International)
S3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 23:39 - 2014-02-13 23:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-01-13 23:27 - 2015-01-13 23:42 - 00009278 _____ () C:\zoek-results.log
2015-01-13 23:24 - 2015-01-13 23:24 - 00000069 _____ () C:\windows\NeroDigital.ini
2015-01-13 23:15 - 2015-01-13 23:15 - 04134156 _____ () C:\Users\zuza\Downloads\zoek.zip
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.scr
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.com
2015-01-13 23:15 - 2014-11-30 00:27 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe.exe
2015-01-13 23:14 - 2015-01-13 23:38 - 00000000 ____D () C:\zoek_backup
2015-01-13 23:13 - 2015-01-13 23:13 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe
2015-01-13 23:01 - 2015-01-13 23:04 - 00000000 ____D () C:\AdwCleaner
2015-01-13 22:59 - 2015-01-13 22:59 - 02191360 _____ () C:\Users\zuza\Desktop\adwcleaner_4.107.exe
2015-01-13 22:23 - 2015-01-13 22:23 - 00007901 _____ () C:\Users\zuza\Desktop\Addition.rar
2015-01-13 22:19 - 2015-01-13 23:51 - 00012017 _____ () C:\Users\zuza\Desktop\FRST.txt
2015-01-13 22:19 - 2015-01-13 23:50 - 00000000 ____D () C:\FRST
2015-01-13 22:18 - 2015-01-13 22:16 - 00112640 _____ (forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
2015-01-13 22:17 - 2015-01-13 22:14 - 01115648 _____ (Farbar) C:\Users\zuza\Desktop\FRST.exe
2015-01-13 22:13 - 2015-01-13 22:14 - 01115648 _____ (Farbar) C:\Users\zuza\Downloads\FRST.exe
2015-01-13 14:01 - 2015-01-13 14:01 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\ESET
2015-01-13 14:01 - 2015-01-13 14:01 - 00000000 ____D () C:\Users\zuza\AppData\Local\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\ProgramData\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\Program Files\ESET
2015-01-13 13:44 - 2015-01-13 13:44 - 01660616 _____ (ESET) C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe
2015-01-08 19:42 - 2015-01-08 19:42 - 19843800 _____ () C:\Users\zuza\Downloads\BioluminescentForest_Image_Collection.zip
2015-01-06 21:31 - 2015-01-06 21:31 - 00142600 _____ () C:\windows\Minidump\Mini010615-01.dmp
2015-01-03 23:10 - 2015-01-03 23:15 - 1196435940 _____ () C:\Users\zuza\Downloads\Notting Hill =1999-J.Roberts,H.Grant-DVD-CZ.avi
2015-01-02 21:46 - 2015-01-02 21:46 - 00000318 _____ () C:\Users\zuza\Desktop\SDÍLEJ.CZ Manager.appref-ms
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDÍLEJ.CZ
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Local\Deployment
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Local\Apps\2.0
2015-01-02 21:45 - 2015-01-02 21:45 - 00467263 _____ () C:\Users\zuza\Downloads\Manager_1_42.zip
2014-12-20 16:34 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 16:27 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-12-18 14:06 - 2014-12-18 14:10 - 00000000 ____D () C:\Users\zuza\Desktop\Begin.Again.2013.HDRip.XviD.AC3-EVO
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 23:41 - 2006-11-02 14:00 - 00231730 _____ () C:\windows\PFRO.log
2015-01-13 23:20 - 2009-03-03 22:48 - 01231311 _____ () C:\windows\WindowsUpdate.log
2015-01-13 23:20 - 2009-03-03 22:47 - 00002140 _____ () C:\windows\bthservsdp.dat
2015-01-13 23:20 - 2006-11-02 14:01 - 00032614 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-13 23:20 - 2006-11-02 14:01 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-13 23:20 - 2006-11-02 13:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 23:20 - 2006-11-02 13:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 23:07 - 2010-02-04 21:41 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 23:06 - 2008-08-04 11:10 - 00000000 ____D () C:\ProgramData\hpqLog
2015-01-13 22:50 - 2010-02-04 21:41 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 22:29 - 2009-03-23 09:41 - 00000000 ____D () C:\Users\zuza\Documents\FILM
2015-01-13 22:21 - 2008-04-17 18:00 - 01603480 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-13 22:18 - 2006-11-02 13:52 - 00393784 _____ () C:\windows\setupact.log
2015-01-13 13:57 - 2009-03-03 15:08 - 00000000 ____D () C:\Users\zuza
2015-01-11 21:50 - 2012-08-13 12:22 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\vlc
2015-01-08 09:55 - 2009-10-04 15:07 - 00249488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-06 21:31 - 2011-09-23 08:49 - 00000000 ____D () C:\windows\Minidump
2015-01-06 21:31 - 2011-09-23 08:48 - 193792446 _____ () C:\windows\MEMORY.DMP
2015-01-03 23:21 - 2009-03-07 10:16 - 00089600 _____ () C:\Users\zuza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-31 11:51 - 2014-11-06 09:59 - 02533222 _____ () C:\Users\zuza\Desktop\light on pranayama překlad.odt
2014-12-20 16:34 - 2013-10-22 18:49 - 00000000 ____D () C:\windows\system32\MRT
2014-12-20 16:29 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2014-12-15 21:54 - 2014-09-25 09:08 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\zuza\Desktop" je 3424 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub
"c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS
rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete
C:\Program Files\PDF Complete\pdfsty.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^zuza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by zuza (administrator) on ZUZA-PC on 13-01-2015 23:50:14
Running from C:\Users\zuza\Desktop
Loaded Profile: zuza (Available profiles: zuza)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-24] (InterVideo Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3842048 2008-03-19] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [10244096 2008-05-14] (Hewlett-Packard)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-10-01] (ESET)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-24] (Google Inc.)
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {55e1da1c-6b4b-11df-9d1f-0022645cdb1a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
AppInit_DLLs: APSHook.dll => C:\windows\system32\APSHook.dll [76048 2008-03-25] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: BHO_Startup Class -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 C:\windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-03]
Chrome:
=======
CHR Profile: C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-25]
CHR Extension: (Disk Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-25]
CHR Extension: (YouTube) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Peněženka Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR Extension: (Gmail) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity)
S2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.)
S2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2014-10-01] (ESET)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [18944 2008-06-02] (Hewlett-Packard Development Company, L.P) [File not signed]
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-30] (SafeBoot International)
S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-14] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-05-12] (PDF Complete Inc)
S2 PLFlash DeviceIoControl Service; C:\windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET)
S1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET)
S2 epfw; C:\windows\System32\DRIVERS\epfw.sys [176448 2014-10-10] (ESET)
S1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [37928 2014-10-10] (ESET)
S0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [51288 2014-10-10] (ESET)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [12496 2008-05-30] (SafeBoot International)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [108752 2008-05-30] (SafeBoot International)
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51376 2008-05-30] (SafeBoot N.V.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [12928 2008-05-30] (SafeBoot International)
S3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 23:39 - 2014-02-13 23:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-01-13 23:27 - 2015-01-13 23:42 - 00009278 _____ () C:\zoek-results.log
2015-01-13 23:24 - 2015-01-13 23:24 - 00000069 _____ () C:\windows\NeroDigital.ini
2015-01-13 23:15 - 2015-01-13 23:15 - 04134156 _____ () C:\Users\zuza\Downloads\zoek.zip
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.scr
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.com
2015-01-13 23:15 - 2014-11-30 00:27 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe.exe
2015-01-13 23:14 - 2015-01-13 23:38 - 00000000 ____D () C:\zoek_backup
2015-01-13 23:13 - 2015-01-13 23:13 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe
2015-01-13 23:01 - 2015-01-13 23:04 - 00000000 ____D () C:\AdwCleaner
2015-01-13 22:59 - 2015-01-13 22:59 - 02191360 _____ () C:\Users\zuza\Desktop\adwcleaner_4.107.exe
2015-01-13 22:23 - 2015-01-13 22:23 - 00007901 _____ () C:\Users\zuza\Desktop\Addition.rar
2015-01-13 22:19 - 2015-01-13 23:51 - 00012017 _____ () C:\Users\zuza\Desktop\FRST.txt
2015-01-13 22:19 - 2015-01-13 23:50 - 00000000 ____D () C:\FRST
2015-01-13 22:18 - 2015-01-13 22:16 - 00112640 _____ (forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
2015-01-13 22:17 - 2015-01-13 22:14 - 01115648 _____ (Farbar) C:\Users\zuza\Desktop\FRST.exe
2015-01-13 22:13 - 2015-01-13 22:14 - 01115648 _____ (Farbar) C:\Users\zuza\Downloads\FRST.exe
2015-01-13 14:01 - 2015-01-13 14:01 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\ESET
2015-01-13 14:01 - 2015-01-13 14:01 - 00000000 ____D () C:\Users\zuza\AppData\Local\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\ProgramData\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\Program Files\ESET
2015-01-13 13:44 - 2015-01-13 13:44 - 01660616 _____ (ESET) C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe
2015-01-08 19:42 - 2015-01-08 19:42 - 19843800 _____ () C:\Users\zuza\Downloads\BioluminescentForest_Image_Collection.zip
2015-01-06 21:31 - 2015-01-06 21:31 - 00142600 _____ () C:\windows\Minidump\Mini010615-01.dmp
2015-01-03 23:10 - 2015-01-03 23:15 - 1196435940 _____ () C:\Users\zuza\Downloads\Notting Hill =1999-J.Roberts,H.Grant-DVD-CZ.avi
2015-01-02 21:46 - 2015-01-02 21:46 - 00000318 _____ () C:\Users\zuza\Desktop\SDÍLEJ.CZ Manager.appref-ms
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDÍLEJ.CZ
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Local\Deployment
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Local\Apps\2.0
2015-01-02 21:45 - 2015-01-02 21:45 - 00467263 _____ () C:\Users\zuza\Downloads\Manager_1_42.zip
2014-12-20 16:34 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 16:27 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-12-18 14:06 - 2014-12-18 14:10 - 00000000 ____D () C:\Users\zuza\Desktop\Begin.Again.2013.HDRip.XviD.AC3-EVO
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-13 23:41 - 2006-11-02 14:00 - 00231730 _____ () C:\windows\PFRO.log
2015-01-13 23:20 - 2009-03-03 22:48 - 01231311 _____ () C:\windows\WindowsUpdate.log
2015-01-13 23:20 - 2009-03-03 22:47 - 00002140 _____ () C:\windows\bthservsdp.dat
2015-01-13 23:20 - 2006-11-02 14:01 - 00032614 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-13 23:20 - 2006-11-02 14:01 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-13 23:20 - 2006-11-02 13:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 23:20 - 2006-11-02 13:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 23:07 - 2010-02-04 21:41 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 23:06 - 2008-08-04 11:10 - 00000000 ____D () C:\ProgramData\hpqLog
2015-01-13 22:50 - 2010-02-04 21:41 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 22:29 - 2009-03-23 09:41 - 00000000 ____D () C:\Users\zuza\Documents\FILM
2015-01-13 22:21 - 2008-04-17 18:00 - 01603480 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-13 22:18 - 2006-11-02 13:52 - 00393784 _____ () C:\windows\setupact.log
2015-01-13 13:57 - 2009-03-03 15:08 - 00000000 ____D () C:\Users\zuza
2015-01-11 21:50 - 2012-08-13 12:22 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\vlc
2015-01-08 09:55 - 2009-10-04 15:07 - 00249488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-06 21:31 - 2011-09-23 08:49 - 00000000 ____D () C:\windows\Minidump
2015-01-06 21:31 - 2011-09-23 08:48 - 193792446 _____ () C:\windows\MEMORY.DMP
2015-01-03 23:21 - 2009-03-07 10:16 - 00089600 _____ () C:\Users\zuza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-31 11:51 - 2014-11-06 09:59 - 02533222 _____ () C:\Users\zuza\Desktop\light on pranayama překlad.odt
2014-12-20 16:34 - 2013-10-22 18:49 - 00000000 ____D () C:\windows\system32\MRT
2014-12-20 16:29 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2014-12-15 21:54 - 2014-09-25 09:08 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\zuza\Desktop" je 3424 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub
"c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS
rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete
C:\Program Files\PDF Complete\pdfsty.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^zuza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Re: Preventiva notebook
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: HKLM\...\Run: [] => [X] HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-24] (Google Inc.) HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} - "G:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {55e1da1c-6b4b-11df-9d1f-0022645cdb1a} - "H:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\InprocServer32: [Default-pngfilt] <==== ATTENTION! SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR Extension: (Avira Browser Safety) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25] U4 eabfiltr; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] 2015-01-13 23:39 - 2014-02-13 23:59 - 00024064 _____ () C:\windows\zoek-delete.exe 2015-01-13 23:27 - 2015-01-13 23:42 - 00009278 _____ () C:\zoek-results.log 2015-01-13 23:15 - 2015-01-13 23:15 - 04134156 _____ () C:\Users\zuza\Downloads\zoek.zip 2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.scr 2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.com 2015-01-13 23:15 - 2014-11-30 00:27 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe.exe 2015-01-13 23:14 - 2015-01-13 23:38 - 00000000 ____D () C:\zoek_backup 2015-01-13 23:13 - 2015-01-13 23:13 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe 2015-01-13 23:01 - 2015-01-13 23:04 - 00000000 ____D () C:\AdwCleaner 2015-01-13 22:59 - 2015-01-13 22:59 - 02191360 _____ () C:\Users\zuza\Desktop\adwcleaner_4.107.exe 2015-01-13 22:23 - 2015-01-13 22:23 - 00007901 _____ () C:\Users\zuza\Desktop\Addition.rar 2015-01-13 22:19 - 2015-01-13 23:51 - 00012017 _____ () C:\Users\zuza\Desktop\FRST.txt 2015-01-13 22:18 - 2015-01-13 22:16 - 00112640 _____ (forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe 2015-01-13 13:44 - 2015-01-13 13:44 - 01660616 _____ (ESET) C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f Hosts: EmptyTemp: Reboot: End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventiva notebook
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-01-2015 01
Ran by zuza at 2015-01-14 21:59:26 Run:1
Running from C:\Users\zuza\Desktop
Loaded Profiles: zuza (Available profiles: zuza)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-24] (Google Inc.)
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {55e1da1c-6b4b-11df-9d1f-0022645cdb1a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR Extension: (Avira Browser Safety) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2015-01-13 23:39 - 2014-02-13 23:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-01-13 23:27 - 2015-01-13 23:42 - 00009278 _____ () C:\zoek-results.log
2015-01-13 23:15 - 2015-01-13 23:15 - 04134156 _____ () C:\Users\zuza\Downloads\zoek.zip
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.scr
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.com
2015-01-13 23:15 - 2014-11-30 00:27 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe.exe
2015-01-13 23:14 - 2015-01-13 23:38 - 00000000 ____D () C:\zoek_backup
2015-01-13 23:13 - 2015-01-13 23:13 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe
2015-01-13 23:01 - 2015-01-13 23:04 - 00000000 ____D () C:\AdwCleaner
2015-01-13 22:59 - 2015-01-13 22:59 - 02191360 _____ () C:\Users\zuza\Desktop\adwcleaner_4.107.exe
2015-01-13 22:23 - 2015-01-13 22:23 - 00007901 _____ () C:\Users\zuza\Desktop\Addition.rar
2015-01-13 22:19 - 2015-01-13 23:51 - 00012017 _____ () C:\Users\zuza\Desktop\FRST.txt
2015-01-13 22:18 - 2015-01-13 22:16 - 00112640 _____ (forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
2015-01-13 13:44 - 2015-01-13 13:44 - 01660616 _____ (ESET) C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Windows\CurrentVersion\Run\\swg => value deleted successfully.
"HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cdfdf9b-7fd6-11e1-915b-0022645cdb1a}" => Key deleted successfully.
HKCR\CLSID\{1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} => Key not found.
"HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55e1da1c-6b4b-11df-9d1f-0022645cdb1a}" => Key deleted successfully.
HKCR\CLSID\{55e1da1c-6b4b-11df-9d1f-0022645cdb1a} => Key not found.
"HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}" => Key deleted successfully.
"HKCR\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
"HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key deleted successfully.
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Moved successfully.
eabfiltr => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\Users\zuza\Downloads\zoek.zip => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe.scr => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe.com => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe.exe => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\zuza\Desktop\adwcleaner_4.107.exe => Moved successfully.
C:\Users\zuza\Desktop\Addition.rar => Moved successfully.
"C:\Users\zuza\Desktop\FRST.txt" => File/Directory not found.
"C:\Users\zuza\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe => Moved successfully.
========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f =========
CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.
========= End of Reg: =========
========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f =========
CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.
========= End of Reg: =========
========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f =========
CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.
========= End of Reg: =========
========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f =========
CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 259.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog 22:01:10 ====
Ran by zuza at 2015-01-14 21:59:26 Run:1
Running from C:\Users\zuza\Desktop
Loaded Profiles: zuza (Available profiles: zuza)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-24] (Google Inc.)
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {55e1da1c-6b4b-11df-9d1f-0022645cdb1a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR Extension: (Avira Browser Safety) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2015-01-13 23:39 - 2014-02-13 23:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-01-13 23:27 - 2015-01-13 23:42 - 00009278 _____ () C:\zoek-results.log
2015-01-13 23:15 - 2015-01-13 23:15 - 04134156 _____ () C:\Users\zuza\Downloads\zoek.zip
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.scr
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.com
2015-01-13 23:15 - 2014-11-30 00:27 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe.exe
2015-01-13 23:14 - 2015-01-13 23:38 - 00000000 ____D () C:\zoek_backup
2015-01-13 23:13 - 2015-01-13 23:13 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe
2015-01-13 23:01 - 2015-01-13 23:04 - 00000000 ____D () C:\AdwCleaner
2015-01-13 22:59 - 2015-01-13 22:59 - 02191360 _____ () C:\Users\zuza\Desktop\adwcleaner_4.107.exe
2015-01-13 22:23 - 2015-01-13 22:23 - 00007901 _____ () C:\Users\zuza\Desktop\Addition.rar
2015-01-13 22:19 - 2015-01-13 23:51 - 00012017 _____ () C:\Users\zuza\Desktop\FRST.txt
2015-01-13 22:18 - 2015-01-13 22:16 - 00112640 _____ (forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
2015-01-13 13:44 - 2015-01-13 13:44 - 01660616 _____ (ESET) C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Windows\CurrentVersion\Run\\swg => value deleted successfully.
"HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cdfdf9b-7fd6-11e1-915b-0022645cdb1a}" => Key deleted successfully.
HKCR\CLSID\{1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} => Key not found.
"HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55e1da1c-6b4b-11df-9d1f-0022645cdb1a}" => Key deleted successfully.
HKCR\CLSID\{55e1da1c-6b4b-11df-9d1f-0022645cdb1a} => Key not found.
"HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}" => Key deleted successfully.
"HKCR\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
"HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key deleted successfully.
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Moved successfully.
eabfiltr => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\Users\zuza\Downloads\zoek.zip => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe.scr => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe.com => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe.exe => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\zuza\Desktop\adwcleaner_4.107.exe => Moved successfully.
C:\Users\zuza\Desktop\Addition.rar => Moved successfully.
"C:\Users\zuza\Desktop\FRST.txt" => File/Directory not found.
"C:\Users\zuza\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe => Moved successfully.
========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f =========
CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.
========= End of Reg: =========
========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f =========
CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.
========= End of Reg: =========
========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f =========
CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.
========= End of Reg: =========
========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f =========
CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 259.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog 22:01:10 ====
Re: Preventiva notebook
Jeste jeden fixlist s timto obsahem
Kód: Vybrat vše
Start
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f
Reboot:
End
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventiva notebook
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-01-2015 01
Ran by zuza at 2015-01-14 22:32:26 Run:2
Running from C:\Users\zuza\Desktop
Loaded Profiles: zuza (Available profiles: zuza)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f
Reboot:
End
*****************
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
The system needed a reboot.
==== End of Fixlog 22:32:26 ====
Ran by zuza at 2015-01-14 22:32:26 Run:2
Running from C:\Users\zuza\Desktop
Loaded Profiles: zuza (Available profiles: zuza)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f
Reboot:
End
*****************
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
The system needed a reboot.
==== End of Fixlog 22:32:26 ====
Re: Preventiva notebook
Tak jeste uklidime 
DelFix https://toolslib.net/downloads/finish/2/
Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
DelFix https://toolslib.net/downloads/finish/2/
- Stahnete a spustte
- Ponechte zatrzitkou pouze u volby Remote disinfection tools
- Kliknete na Run
Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standardPanel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Preventiva notebook
Díky moc!!!
Přispějete na provoz fóra?