objevila se mi modrá ikonka SEARCH PROTECT aplikace, kterou nechci. zároveň se mi změnil vyhledávací engine ve Chromu, ale to jsem přes nastavení vrátil zpět.
PC je starší odprodaný z rodinný firmy - proto W7 Ultimate
přikládám log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Honza at 2015-07-23 15:18:57
Microsoft Windows 7 Ultimate
System drive C: has 79 GB (51%) free of 153 GB
Total RAM: 1979 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:19:29, on 23.7.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\MiuiTab\cmdshell.exe
C:\Program Files\MiuiTab\HPNotify.exe
C:\Program Files\SFK\SFKEX.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Honza\Desktop\RSIT (1).exe
C:\Program Files\trend micro\Honza.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: GoodTab Class - {1F91A9A1-01BA-4c81-863D-3BA0751E1419} - C:\Program Files\MiuiTab\SupTab.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7F5A1536901808934F0FA412D4DB0056] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switches-begin --touch-events=disabled --flag-switches-end --flag-switches-begin --touch-events=disabled --flag-switches-end --restore-last-session -- http://email.seznam.cz/gate?sessionId=1 ... j9Wi%3d%3d
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IHProtect Service - XTab system - C:\Program Files\MiuiTab\ProtectService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: SSFK - TODO: <???> - C:\Program Files\SFK\SSFK.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - DTools LIMITED - C:\ProgramData\gWinManProg\ProtectWindowsManager.exe
--
End of file - 7862 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}]
GoodTab Class - C:\Program Files\MiuiTab\SupTab.dll [2015-07-23 544952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-06 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-06 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-13 1537320]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-11 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-11 151064]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-18 271744]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2015-07-11 157992]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"=C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe [2012-12-19 323752]
"iCloudServices"=C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe []
"GoogleChromeAutoLaunch_7F5A1536901808934F0FA412D4DB0056"=C:\Program Files\Google\Chrome\Application\chrome.exe [2015-07-13 813896]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #1"=C:\Program Files\Google\Chrome\Application\chrome.exe [2015-07-13 813896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10 472984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCEPServiceManager]
C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [2013-05-16 1039240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\Honza\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-18 271744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-28 216576]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FMVC"=fmcodec.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "C:\Windows\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2015-07-23 15:18:58 ----D---- C:\Program Files\trend micro
2015-07-23 15:18:57 ----D---- C:\rsit
2015-07-23 15:06:53 ----D---- C:\Program Files\SFK
2015-07-23 15:06:24 ----D---- C:\ProgramData\IHProtectUpDate
2015-07-23 15:05:38 ----D---- C:\Program Files\MiuiTab
2015-07-23 15:05:03 ----D---- C:\ProgramData\gWinManProg
2015-07-23 14:12:26 ----D---- C:\Program Files\iPod
2015-07-23 14:12:22 ----D---- C:\Program Files\iTunes
======List of files/folders modified in the last 1 month======
2015-07-23 15:18:58 ----RD---- C:\Program Files
2015-07-23 15:18:44 ----D---- C:\Windows\Temp
2015-07-23 15:07:38 ----D---- C:\Windows\System32
2015-07-23 15:06:24 ----HD---- C:\ProgramData
2015-07-23 15:04:47 ----D---- C:\Windows\Prefetch
2015-07-23 15:04:41 ----D---- C:\ProgramData\WindowsMangerProtect
2015-07-23 14:16:16 ----SHD---- C:\Windows\Installer
2015-07-23 14:12:23 ----D---- C:\Program Files\Common Files\Apple
2015-07-20 17:40:49 ----D---- C:\Windows\Tasks
2015-07-13 19:43:58 ----D---- C:\Windows\inf
2015-07-13 19:43:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-07-13 09:24:42 ----AD---- C:\Windows
2015-07-09 22:06:44 ----D---- C:\Users\Honza\AppData\Roaming\Nitro PDF
2015-07-09 21:58:50 ----D---- C:\Windows\system32\drivers
2015-07-08 08:09:51 ----D---- C:\Windows\system32\catroot
2015-07-05 12:11:18 ----N---- C:\Windows\system32\MpSigStub.exe
2015-07-04 10:44:37 ----D---- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-07-04 10:38:06 ----D---- C:\Windows\system32\DriverStore
2015-07-03 13:24:59 ----D---- C:\Program Files\The KMPlayer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-03-18 243128]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-07-28 5924864]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-14 50688]
R3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw1v32.sys [2014-03-13 5958656]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2014-03-13 212400]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 DisplayLinkUsbPort;DisplayLink USB Device; C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.27797.0.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Users\Honza\AppData\Local\Temp\RarSFX0\kerneld.wnt []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]
S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2012-04-18 15720]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
S3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service; C:\Windows\system32\DRIVERS\lan9500-x86-n51f.sys [2014-10-03 57344]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2013-08-06 18944]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2015-06-10 45056]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-05-29 60744]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 IHProtect Service;IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [2015-07-23 125112]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [2014-05-19 197128]
R2 NitroUpdateService;NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [2014-05-19 392712]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\system32\NLSSRV32.EXE [2014-05-19 69640]
R2 SSFK;SSFK; C:\Program Files\SFK\SSFK.exe [2015-07-21 459464]
R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\gWinManProg\ProtectWindowsManager.exe [2015-07-23 429568]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2015-07-11 541992]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-13 116648]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2014-03-26 85096]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-13 116648]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2012-07-09 46528]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Objevil se Search Protect a jak se ho mám zbavit??
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
strongpajda
- Návštěvník
- Příspěvky: 33
- Registrován: 14 říj 2006 13:45
- Kontaktovat uživatele:
Re: Objevil se Search Protect a jak se ho mám zbavit??
Zdravim 
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 /md5start atapi.sys autochk.exe cdrom.sys explorer.exe hal.dll scecli.dll services.exe svchost.exe tcpip.sys userinit.exe winlogon.exe /md5stop %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 %PROGRAMFILES%\Opera\opera.exe /md5 %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 %SystemDrive%\PhysicalMBR.bin /md5 *crack* /s *keygen* /s *loader* /s- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
- Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
strongpajda
- Návštěvník
- Příspěvky: 33
- Registrován: 14 říj 2006 13:45
- Kontaktovat uživatele:
Re: Objevil se Search Protect a jak se ho mám zbavit??
OTL logfile created on: 23.7.2015 15:30:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Honza\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,93 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 46,60% Memory free
3,87 Gb Paging File | 2,64 Gb Available in Paging File | 68,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,01 Gb Total Space | 76,71 Gb Free Space | 51,48% Space Free | Partition Type: NTFS
Computer Name: HONZA-PC | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2015.07.23 15:27:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Honza\Desktop\OTL.exe
PRC - [2015.07.23 15:05:03 | 000,429,568 | ---- | M] (DTools LIMITED) -- C:\ProgramData\gWinManProg\ProtectWindowsManager.exe
PRC - [2015.07.23 10:34:02 | 000,125,112 | ---- | M] (XTab system) -- C:\Program Files\MiuiTab\ProtectService.exe
PRC - [2015.07.23 10:34:00 | 000,674,488 | ---- | M] (XTab system) -- C:\Program Files\MiuiTab\HPNotify.exe
PRC - [2015.07.23 10:34:00 | 000,031,928 | ---- | M] (SearchProtect) -- C:\Program Files\MiuiTab\CmdShell.exe
PRC - [2015.07.21 04:26:32 | 000,459,464 | ---- | M] (TODO: <公司名>) -- C:\Program Files\SFK\SSFK.exe
PRC - [2015.07.13 23:55:16 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2015.07.10 18:17:48 | 000,109,568 | ---- | M] () -- C:\Program Files\SFK\SFKEX.exe
PRC - [2015.05.29 17:46:42 | 000,060,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2014.05.19 13:25:56 | 000,392,712 | ---- | M] () -- C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
PRC - [2014.05.19 13:25:56 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2014.05.19 13:25:46 | 000,197,128 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
PRC - [2013.10.23 16:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013.10.23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013.10.23 15:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.12.19 12:03:20 | 000,323,752 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
========== Modules (No Company Name) ==========
MOD - [2015.07.13 23:55:14 | 001,281,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
MOD - [2015.07.13 23:55:13 | 000,080,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\43.0.2357.134\libegl.dll
MOD - [2015.07.10 18:19:16 | 000,353,280 | ---- | M] () -- C:\Program Files\SFK\SFKEX.dll
MOD - [2015.07.10 18:17:48 | 000,109,568 | ---- | M] () -- C:\Program Files\SFK\SFKEX.exe
MOD - [2015.05.15 16:27:04 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014.02.12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.12.19 12:03:20 | 000,323,752 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe
MOD - [2012.12.19 11:58:46 | 000,886,408 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\core.4.dll
MOD - [2012.12.19 10:12:56 | 000,615,560 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\email.4.dll
========== Services (SafeList) ==========
SRV - [2015.07.23 15:05:03 | 000,429,568 | ---- | M] (DTools LIMITED) [Auto | Running] -- C:\ProgramData\gWinManProg\ProtectWindowsManager.exe -- (WindowsMangerProtect)
SRV - [2015.07.23 10:34:02 | 000,125,112 | ---- | M] (XTab system) [Auto | Running] -- C:\Program Files\MiuiTab\ProtectService.exe -- (IHProtect Service)
SRV - [2015.07.21 04:26:32 | 000,459,464 | ---- | M] (TODO: <公司名>) [Auto | Running] -- C:\Program Files\SFK\SSFK.exe -- (SSFK)
SRV - [2014.05.19 13:25:56 | 000,392,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe -- (NitroUpdateService)
SRV - [2014.05.19 13:25:56 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2014.05.19 13:25:46 | 000,197,128 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe -- (NitroDriverReadSpool9)
SRV - [2014.03.26 23:51:37 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2013.10.23 16:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.10.23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewdcsc.sys -- (Huawei)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Honza\AppData\Local\Temp\RarSFX0\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DisplayLinkUsbPort_5.5.27797.0.sys -- (DisplayLinkUsbPort)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2014.10.03 14:53:47 | 000,057,344 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lan9500-x86-n51f.sys -- (LAN9500)
DRV - [2014.03.18 14:34:41 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2014.03.13 01:40:57 | 005,958,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw1v32.sys -- (NETw1v32)
DRV - [2013.09.27 10:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013.08.06 16:13:30 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.05.26 05:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\..\SearchScopes,DefaultScope = {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://do-search.com/web/?utm_source=b& ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://do-search.com/web/?utm_source=b& ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://do-search.com/web/?utm_source=b& ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://do-search.com/web/?utm_source=b& ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.75.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.75.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2014.08.07 08:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Extensions
[2015.04.05 19:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default\extensions
[2015.04.05 19:21:18 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.36.2_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (GoodTab Class) - {1F91A9A1-01BA-4c81-863D-3BA0751E1419} - C:\Program Files\MiuiTab\SupTab.dll (Thinkgood Co. Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1795661789-398196264-492586550-1000..\Run: [GoogleChromeAutoLaunch_7F5A1536901808934F0FA412D4DB0056] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1795661789-398196264-492586550-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe File not found
O4 - HKU\S-1-5-21-1795661789-398196264-492586550-1000..\Run: [Seznam Postak] C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1795661789-398196264-492586550-1000..\RunOnce: [Application Restart #1] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15DE8D79-33BC-44D4-8D77-646E1D2965BE}: DhcpNameServer = 93.153.117.33 93.153.117.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{621A2FA8-A037-4568-9E2E-5F196D2BA853}: DhcpNameServer = 10.9.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{653B14EF-1FCF-4685-9CF0-846497B1F979}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFD030C6-C887-4A05-99B4-C2EB0A823625}: DhcpNameServer = 172.20.10.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f324168-f599-11e3-a28b-001e644452f2}\Shell - "" = AutoRun
O33 - MountPoints2\{0f324168-f599-11e3-a28b-001e644452f2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c0d9ad6c-ae98-11e3-a311-c80aa92c7fa8}\Shell - "" = AutoRun
O33 - MountPoints2\{c0d9ad6c-ae98-11e3-a311-c80aa92c7fa8}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c0d9ad6c-ae98-11e3-a311-c80aa92c7fa8}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c0d9ad6c-ae98-11e3-a311-c80aa92c7fa8}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2015.07.23 15:27:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Honza\Desktop\OTL.exe
[2015.07.23 15:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.07.23 15:18:57 | 000,000,000 | ---D | C] -- C:\rsit
[2015.07.23 15:13:44 | 001,638,912 | ---- | C] (Farbar) -- C:\Users\Honza\Desktop\FRST.exe
[2015.07.23 15:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\SFK
[2015.07.23 15:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IHProtectUpDate
[2015.07.23 15:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\MiuiTab
[2015.07.23 15:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\gWinManProg
[2015.07.23 14:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015.07.23 14:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015.07.23 14:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
========== Files - Modified Within 7 Days ==========
[2015.07.23 15:33:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.07.23 15:27:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Honza\Desktop\OTL.exe
[2015.07.23 15:25:40 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.07.23 15:25:40 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.07.23 15:17:48 | 001,107,968 | ---- | M] () -- C:\Users\Honza\Desktop\RSIT (1).exe
[2015.07.23 15:14:01 | 001,638,912 | ---- | M] (Farbar) -- C:\Users\Honza\Desktop\FRST.exe
[2015.07.23 15:05:14 | 000,002,517 | ---- | M] () -- C:\Users\Honza\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015.07.23 15:05:14 | 000,001,699 | ---- | M] () -- C:\Users\Honza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015.07.23 14:45:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.07.23 14:16:09 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.07.23 14:03:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
========== Files Created - No Company Name ==========
[2015.07.23 15:33:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.07.23 15:17:44 | 001,107,968 | ---- | C] () -- C:\Users\Honza\Desktop\RSIT (1).exe
[2014.12.02 19:04:50 | 000,007,594 | ---- | C] () -- C:\Users\Honza\AppData\Local\Resmon.ResmonCfg
[2014.03.13 12:22:11 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2014.03.13 12:22:06 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2014.03.13 12:22:00 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2014.03.13 12:22:00 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2014.03.13 12:21:58 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014.12.05 00:19:07 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\.purple
[2014.04.16 11:58:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Autodesk
[2014.09.10 09:33:22 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2015.04.02 22:40:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Downloaded Installations
[2015.06.07 12:25:18 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Garmin
[2015.04.02 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nitro
[2015.07.09 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nitro PDF
[2015.04.25 08:43:05 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\OpenCandy
[2015.06.09 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Opera Software
[2015.02.06 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Oracle
[2014.03.16 13:39:30 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Seznam.cz
[2014.06.16 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Telefónica Móviles
[2015.06.20 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\uTorrent
[2014.03.18 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 06:53:46 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2014.03.13 01:15:21 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.03.13 01:15:27 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.04.09 09:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2010.04.09 09:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\System32\drivers\tcpip.sys
[2010.04.09 09:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a244dfe6b93bd4dde4376c7f8577d114\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a244dfe6b93bd4dde4376c7f8577d114\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\abc6612d2c714da9de76d36949bd22ac\*.tmp files -> C:\Windows\SoftwareDistribution\Download\abc6612d2c714da9de76d36949bd22ac\*.tmp -> ]
[3 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2014.12.05 00:19:07 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\.purple
[2014.03.19 12:46:02 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Adobe
[2015.03.15 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Apple Computer
[2014.04.16 11:58:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Autodesk
[2014.03.19 13:04:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Corel
[2014.09.10 09:33:22 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2015.04.02 22:40:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Downloaded Installations
[2014.04.02 21:50:14 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\FastStone
[2015.06.07 12:25:18 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Garmin
[2014.03.13 01:06:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Identities
[2014.03.18 22:37:40 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Macromedia
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Media Center Programs
[2015.03.31 09:44:15 | 000,000,000 | --SD | M] -- C:\Users\Honza\AppData\Roaming\Microsoft
[2014.08.07 08:57:34 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Mozilla
[2015.04.02 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nitro
[2015.07.09 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nitro PDF
[2015.04.25 08:43:05 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\OpenCandy
[2015.06.09 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Opera Software
[2015.02.06 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Oracle
[2014.03.16 13:39:30 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Seznam.cz
[2015.06.06 21:55:19 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Skype
[2014.06.16 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Telefónica Móviles
[2015.06.20 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\uTorrent
[2014.03.18 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2015.04.25 08:43:11 | 000,085,568 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\OpenCandy\A55E0FF9C79B4E3681F96B062A6ECD7E\skacvtp1_v4.exe
[2013.05.16 15:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 15:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\sznsetup.exe
[2012.12.19 11:59:28 | 001,996,936 | ---- | M] (Seznam.cz a.s.) -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\MiniBrowser.exe
[2012.12.19 12:03:20 | 000,323,752 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe
[2014.06.21 15:07:44 | 001,271,376 | ---- | M] (BitTorrent Inc.) -- C:\Users\Honza\AppData\Roaming\uTorrent\uTorrent.exe
[2014.05.15 09:22:01 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\Honza\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe
[2014.06.21 15:06:31 | 001,271,376 | ---- | M] (BitTorrent Inc.) -- C:\Users\Honza\AppData\Roaming\uTorrent\updates\3.4.1_31395.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2015.07.23 14:16:09 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.07.23 15:45:19 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2015.07.23 15:25:40 | 000,010,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.07.23 15:25:40 | 000,010,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Seznam Postak" = "C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe" -s -- [2012.12.19 12:03:20 | 000,323,752 | ---- | M] ()
"iCloudServices" = C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
"GoogleChromeAutoLaunch_7F5A1536901808934F0FA412D4DB0056" = "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window -- [2015.07.13 23:55:16 | 000,813,896 | ---- | M] (Google Inc.)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2015.07.13 23:55:16 | 000,813,896 | ---- | M] (Google Inc.) MD5=3BBEC4CC2A388B4C5D1EFE20EAD7D98F -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.07.23 15:33:58 | 000,000,512 | ---- | M] () MD5=E866E4EB8FAED90E34A271D0C463A898 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[1999.06.11 20:18:36 | 000,092,827 | ---- | M] () -- \Program Files\Corel\Corel Graphics 11\Custom Data\Bumpmap\Cracks.cpt
[2002.01.30 17:31:34 | 000,016,068 | ---- | M] () -- \Program Files\Corel\Corel Graphics 11\Custom Data\Canvas\cracks2c.pcx
[2002.01.30 18:15:39 | 000,010,560 | ---- | M] () -- \Program Files\Corel\Corel Graphics 11\Custom Data\Tiles\CRACKS2M.CPT
< *keygen* /s >
[2015.04.02 22:35:10 | 000,019,569 | ---- | M] () -- \Users\Honza\AppData\Roaming\uTorrent\Nitro Pro 9.5.1.5 Final (x86-x64) Incl. Keygen-CORE.torrent
< *loader* /s >
[2007.01.31 09:07:46 | 000,027,752 | ---- | M] () -- \Program Files\AutoCAD 2008\AecLoader.arx
[2015.05.15 16:27:10 | 000,060,712 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\YSLoader.exe
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2015.06.08 15:52:46 | 000,009,418 | ---- | M] () -- \Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.36.2_0\img\gifloader.gif
[2014.05.14 21:01:20 | 000,003,072 | ---- | M] () -- \Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ytddownloader.com_0.localstorage
[2014.10.04 10:27:36 | 000,000,121 | ---- | M] () -- \Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YQ4YAJ9N\uk-extreme.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
[2014.07.24 14:53:16 | 000,072,638 | ---- | M] () -- \Users\Honza\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.07.24 14:53:16 | 000,003,032 | ---- | M] () -- \Users\Honza\AppData\Local\Skype\Apps\login\images\loader.png
[2014.07.24 14:53:16 | 000,006,012 | ---- | M] () -- \Users\Honza\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.07.24 14:53:16 | 000,021,956 | ---- | M] () -- \Users\Honza\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.07.24 14:53:16 | 000,009,772 | ---- | M] () -- \Users\Honza\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.04.15 10:11:08 | 000,031,512 | ---- | M] () -- \Users\Honza\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.1.2-win32.zip
[2008.07.02 01:09:28 | 005,524,068 | ---- | M] () -- \Users\Honza\Music\MIX\Toploader - Dancing In The Moonlight.mp3
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2009.07.14 04:17:55 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 04:17:55 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winload.exe_75835076
[2009.07.14 04:17:55 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
< End of report >
OTL Extras logfile created on: 23.7.2015 15:30:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Honza\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,93 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 46,60% Memory free
3,87 Gb Paging File | 2,64 Gb Available in Paging File | 68,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,01 Gb Total Space | 76,71 Gb Free Space | 51,48% Space Free | Partition Type: NTFS
Computer Name: HONZA-PC | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [KMPlayer.Enqueue] -- "C:\Program Files\The KMPlayer\KMPlayer.exe"/ADD "%1"
Directory [KMPlayer.Play] -- "C:\Program Files\The KMPlayer\KMPlayer.exe" "%1" (PandoraTV)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B4E737A-54A7-4357-A77E-188F8CE12D96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{134A0778-1144-4D23-A780-6DB173C33B9E}" = rport=138 | protocol=17 | dir=out | app=system |
"{3386AA25-C59C-47E4-87E8-AC79B97A6920}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FE9556E-4121-47F1-B658-AF9503D66D56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{445AD65D-FB59-4EAD-B504-984C255D94EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53C8F6E5-0C51-4278-BC28-325B76D20B58}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{6259D844-F509-4432-BA6D-E6629683A608}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6D817D2D-EB5C-47BB-89E9-A838DCAB321F}" = lport=138 | protocol=17 | dir=in | app=system |
"{7DC801D6-50C8-43C5-ABDF-6C1A70CB51BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88ED77BA-A4F1-4AA2-A7EA-05E374B9C5C1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A46FC426-A5EB-4742-9654-3AC95A8E411C}" = rport=139 | protocol=6 | dir=out | app=system |
"{B3D0D962-6A16-4DD6-B2E8-9074E18F6E55}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B58AF13F-F530-43C3-A267-FF316AB3A627}" = lport=137 | protocol=17 | dir=in | app=system |
"{B5D39F58-9920-4A30-A8E5-307939C36A78}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C096BC7A-5D35-4EA1-835F-A70E24B2381F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C655815F-E7A9-42E9-B282-5F8708FA85FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3BEC6A1-2DB1-491D-A904-CF0C4EB29345}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E72E236F-E0C4-4D7C-96C8-4AB4A8176E4B}" = rport=137 | protocol=17 | dir=out | app=system |
"{FADCAF10-7FAE-4BF5-935B-699CAAB69C91}" = lport=139 | protocol=6 | dir=in | app=system |
"{FCEE06E7-0F99-470E-99DB-2D521503AE52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFD674C4-DEBA-483E-BA5E-70B83DAEEB8A}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15522014-DEE6-4A7C-B88C-B7588D71FCE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{382C30A5-C7AA-48AB-B910-AACCA9F1C650}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{932CFE9A-D836-4B06-B383-5F8C2CA9706A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B992D84-656C-4EE8-BD4D-318836DC3A28}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A694B3AF-D7D4-4650-90B3-3B60CEB31A35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD0CAD68-FA86-47BF-A099-32CD6B3D65C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF3B6286-704E-4ED1-8C81-5FB923D9228B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB924716-8132-4183-98C7-15435342DCD3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D6CCF067-9CCE-4DB6-84E4-56B103EF0EEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EE4A3F32-DD7D-456E-8B28-F2D39A10D3EF}" = protocol=17 | dir=in | app=c:\users\honza\appdata\roaming\utorrent\utorrent.exe |
"{F2FB070C-A833-4C53-A7E0-3A468455D533}" = protocol=6 | dir=in | app=c:\users\honza\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{C5D3124B-ACA9-46B8-A438-1FC637CBC2B0}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"TCP Query User{E35FE254-B5D7-4D58-A7D0-E109E83EFAA7}C:\program files\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files\connectify\connectify.exe |
"UDP Query User{6619354B-5EFA-4D20-BA6A-86FE7DBC6F2D}C:\program files\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files\connectify\connectify.exe |
"UDP Query User{A042D3DD-B222-4364-92F5-707221FBB32B}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{26A24AE4-039D-4CA4-87B4-2F03217075FF}" = Java 7 Update 75
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{37241A20-3FEC-4D40-A6AA-97E0FA0DC256}" = Albania Geopolitical GPS Basemap
"{46E7E808-5AD2-44B6-B52C-68EB15182D8A}" = TrekMap v2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}" = Apple Mobile Device Support
"{5783F2D7-6001-0405-0002-0060B0CE6BBA}" = AutoCAD 2008 - Český
"{5A5B1119-BDD8-4FD8-86E6-299605754DBE}" = Nitro Pro 9
"{5CC1B8CB-4B4A-4DB6-AA7D-7167D033E93C}" = VirtualDJ 8
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AA38575-25A1-4C2F-B40B-2188EB73FF0E}" = Garmin TOPO Österreich v2
"{7C69F731-6471-48FE-899B-1C40F80042C7}" = Garmin BaseCamp
"{7FE25256-B7C1-480D-B736-10A67A833AEA}" = Podpora aplikací Apple (32bitová)
"{8E2A1F3F-0E67-4B33-B8F4-A2A53FDDD844}" = TOPO Czech PRO 2013
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}" = iTunes
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Czech
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AutoCAD 2008 - Český" = AutoCAD 2008 - Český
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Earth Pro 7.1.1.1888 Final7.1.1.1888" = Google Earth Pro 7.1.1.1888 Final
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = CorelDRAW Graphics Suite 11
"MediaHuman YouTube to MP3 Converter_is1" = MediaHuman YouTube to MP3 Converter version 3.7.5
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SeznamInstall" = Seznam Software
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.7.2015 14:53:19 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.7.2015 14:53:19 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2854
Error - 15.7.2015 14:53:19 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2854
Error - 15.7.2015 14:53:22 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.7.2015 14:53:22 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6910
Error - 15.7.2015 14:53:22 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6910
Error - 15.7.2015 14:53:25 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.7.2015 14:53:25 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9687
Error - 15.7.2015 14:53:25 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9687
Error - 20.7.2015 11:50:58 | Computer Name = Honza-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/m ... ootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
[ System Events ]
Error - 9.7.2015 16:06:52 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1206.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11804.0
Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 13.7.2015 3:24:02 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2
Error - 13.7.2015 3:24:08 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 13.7.2015 13:57:01 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1206.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11804.0
Error
code: 0x80072ee2 Error description: The operation timed out
Error - 13.7.2015 13:58:04 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1206.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.11804.0 Error code: 0x80072ee2 Error description: The
operation timed out
Error - 13.7.2015 13:58:04 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1206.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.11804.0 Error code: 0x80072ee2 Error description: The
operation timed out
Error - 13.7.2015 14:00:19 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 115.3.0.0 Update Source: %%851 Update Stage:
%%853 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094
Signature
Type: %%886 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 2.1.11804.0 Error code: 0x80072ee2 Error description: The
operation timed out
Error - 15.7.2015 13:24:55 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1653.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11804.0
Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 15.7.2015 14:02:35 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1653.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11804.0
Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 20.7.2015 11:17:25 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Honza\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,93 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 46,60% Memory free
3,87 Gb Paging File | 2,64 Gb Available in Paging File | 68,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,01 Gb Total Space | 76,71 Gb Free Space | 51,48% Space Free | Partition Type: NTFS
Computer Name: HONZA-PC | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2015.07.23 15:27:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Honza\Desktop\OTL.exe
PRC - [2015.07.23 15:05:03 | 000,429,568 | ---- | M] (DTools LIMITED) -- C:\ProgramData\gWinManProg\ProtectWindowsManager.exe
PRC - [2015.07.23 10:34:02 | 000,125,112 | ---- | M] (XTab system) -- C:\Program Files\MiuiTab\ProtectService.exe
PRC - [2015.07.23 10:34:00 | 000,674,488 | ---- | M] (XTab system) -- C:\Program Files\MiuiTab\HPNotify.exe
PRC - [2015.07.23 10:34:00 | 000,031,928 | ---- | M] (SearchProtect) -- C:\Program Files\MiuiTab\CmdShell.exe
PRC - [2015.07.21 04:26:32 | 000,459,464 | ---- | M] (TODO: <公司名>) -- C:\Program Files\SFK\SSFK.exe
PRC - [2015.07.13 23:55:16 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2015.07.10 18:17:48 | 000,109,568 | ---- | M] () -- C:\Program Files\SFK\SFKEX.exe
PRC - [2015.05.29 17:46:42 | 000,060,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2014.05.19 13:25:56 | 000,392,712 | ---- | M] () -- C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
PRC - [2014.05.19 13:25:56 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2014.05.19 13:25:46 | 000,197,128 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
PRC - [2013.10.23 16:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013.10.23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013.10.23 15:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.12.19 12:03:20 | 000,323,752 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
========== Modules (No Company Name) ==========
MOD - [2015.07.13 23:55:14 | 001,281,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
MOD - [2015.07.13 23:55:13 | 000,080,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\43.0.2357.134\libegl.dll
MOD - [2015.07.10 18:19:16 | 000,353,280 | ---- | M] () -- C:\Program Files\SFK\SFKEX.dll
MOD - [2015.07.10 18:17:48 | 000,109,568 | ---- | M] () -- C:\Program Files\SFK\SFKEX.exe
MOD - [2015.05.15 16:27:04 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014.02.12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.12.19 12:03:20 | 000,323,752 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe
MOD - [2012.12.19 11:58:46 | 000,886,408 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\core.4.dll
MOD - [2012.12.19 10:12:56 | 000,615,560 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\email.4.dll
========== Services (SafeList) ==========
SRV - [2015.07.23 15:05:03 | 000,429,568 | ---- | M] (DTools LIMITED) [Auto | Running] -- C:\ProgramData\gWinManProg\ProtectWindowsManager.exe -- (WindowsMangerProtect)
SRV - [2015.07.23 10:34:02 | 000,125,112 | ---- | M] (XTab system) [Auto | Running] -- C:\Program Files\MiuiTab\ProtectService.exe -- (IHProtect Service)
SRV - [2015.07.21 04:26:32 | 000,459,464 | ---- | M] (TODO: <公司名>) [Auto | Running] -- C:\Program Files\SFK\SSFK.exe -- (SSFK)
SRV - [2014.05.19 13:25:56 | 000,392,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe -- (NitroUpdateService)
SRV - [2014.05.19 13:25:56 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2014.05.19 13:25:46 | 000,197,128 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe -- (NitroDriverReadSpool9)
SRV - [2014.03.26 23:51:37 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2013.10.23 16:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.10.23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewdcsc.sys -- (Huawei)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Honza\AppData\Local\Temp\RarSFX0\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DisplayLinkUsbPort_5.5.27797.0.sys -- (DisplayLinkUsbPort)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2014.10.03 14:53:47 | 000,057,344 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lan9500-x86-n51f.sys -- (LAN9500)
DRV - [2014.03.18 14:34:41 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2014.03.13 01:40:57 | 005,958,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw1v32.sys -- (NETw1v32)
DRV - [2013.09.27 10:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013.08.06 16:13:30 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.05.26 05:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... XX5VCDAJ57
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\..\SearchScopes,DefaultScope = {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://do-search.com/web/?utm_source=b& ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://do-search.com/web/?utm_source=b& ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://do-search.com/web/?utm_source=b& ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://do-search.com/web/?utm_source=b& ... earchTerms}
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1795661789-398196264-492586550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.75.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.75.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2014.08.07 08:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Extensions
[2015.04.05 19:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default\extensions
[2015.04.05 19:21:18 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.36.2_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
CHR - Extension: No name found = C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (GoodTab Class) - {1F91A9A1-01BA-4c81-863D-3BA0751E1419} - C:\Program Files\MiuiTab\SupTab.dll (Thinkgood Co. Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1795661789-398196264-492586550-1000..\Run: [GoogleChromeAutoLaunch_7F5A1536901808934F0FA412D4DB0056] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1795661789-398196264-492586550-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe File not found
O4 - HKU\S-1-5-21-1795661789-398196264-492586550-1000..\Run: [Seznam Postak] C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1795661789-398196264-492586550-1000..\RunOnce: [Application Restart #1] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15DE8D79-33BC-44D4-8D77-646E1D2965BE}: DhcpNameServer = 93.153.117.33 93.153.117.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{621A2FA8-A037-4568-9E2E-5F196D2BA853}: DhcpNameServer = 10.9.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{653B14EF-1FCF-4685-9CF0-846497B1F979}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFD030C6-C887-4A05-99B4-C2EB0A823625}: DhcpNameServer = 172.20.10.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f324168-f599-11e3-a28b-001e644452f2}\Shell - "" = AutoRun
O33 - MountPoints2\{0f324168-f599-11e3-a28b-001e644452f2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c0d9ad6c-ae98-11e3-a311-c80aa92c7fa8}\Shell - "" = AutoRun
O33 - MountPoints2\{c0d9ad6c-ae98-11e3-a311-c80aa92c7fa8}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c0d9ad6c-ae98-11e3-a311-c80aa92c7fa8}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c0d9ad6c-ae98-11e3-a311-c80aa92c7fa8}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2015.07.23 15:27:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Honza\Desktop\OTL.exe
[2015.07.23 15:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.07.23 15:18:57 | 000,000,000 | ---D | C] -- C:\rsit
[2015.07.23 15:13:44 | 001,638,912 | ---- | C] (Farbar) -- C:\Users\Honza\Desktop\FRST.exe
[2015.07.23 15:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\SFK
[2015.07.23 15:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IHProtectUpDate
[2015.07.23 15:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\MiuiTab
[2015.07.23 15:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\gWinManProg
[2015.07.23 14:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015.07.23 14:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015.07.23 14:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
========== Files - Modified Within 7 Days ==========
[2015.07.23 15:33:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.07.23 15:27:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Honza\Desktop\OTL.exe
[2015.07.23 15:25:40 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015.07.23 15:25:40 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.07.23 15:17:48 | 001,107,968 | ---- | M] () -- C:\Users\Honza\Desktop\RSIT (1).exe
[2015.07.23 15:14:01 | 001,638,912 | ---- | M] (Farbar) -- C:\Users\Honza\Desktop\FRST.exe
[2015.07.23 15:05:14 | 000,002,517 | ---- | M] () -- C:\Users\Honza\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015.07.23 15:05:14 | 000,001,699 | ---- | M] () -- C:\Users\Honza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015.07.23 14:45:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.07.23 14:16:09 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.07.23 14:03:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
========== Files Created - No Company Name ==========
[2015.07.23 15:33:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.07.23 15:17:44 | 001,107,968 | ---- | C] () -- C:\Users\Honza\Desktop\RSIT (1).exe
[2014.12.02 19:04:50 | 000,007,594 | ---- | C] () -- C:\Users\Honza\AppData\Local\Resmon.ResmonCfg
[2014.03.13 12:22:11 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2014.03.13 12:22:06 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2014.03.13 12:22:00 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2014.03.13 12:22:00 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2014.03.13 12:21:58 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014.12.05 00:19:07 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\.purple
[2014.04.16 11:58:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Autodesk
[2014.09.10 09:33:22 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2015.04.02 22:40:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Downloaded Installations
[2015.06.07 12:25:18 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Garmin
[2015.04.02 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nitro
[2015.07.09 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nitro PDF
[2015.04.25 08:43:05 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\OpenCandy
[2015.06.09 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Opera Software
[2015.02.06 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Oracle
[2014.03.16 13:39:30 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Seznam.cz
[2014.06.16 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Telefónica Móviles
[2015.06.20 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\uTorrent
[2014.03.18 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009.07.14 06:53:46 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2014.03.13 01:15:21 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.03.13 01:15:27 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.04.09 09:16:33 | 001,289,096 | ---- | M] (Microsoft Corporation) MD5=5D6A83E928F22AF5AC9868B162FFAD0D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_b38009a0e0d5a32d\tcpip.sys
[2010.04.09 09:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\System32\drivers\tcpip.sys
[2010.04.09 09:24:54 | 001,285,000 | ---- | M] (Microsoft Corporation) MD5=63170B9EE1D0EF0032F0408605671D1A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_b30e0d41c7a5fe2f\tcpip.sys
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a244dfe6b93bd4dde4376c7f8577d114\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a244dfe6b93bd4dde4376c7f8577d114\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\abc6612d2c714da9de76d36949bd22ac\*.tmp files -> C:\Windows\SoftwareDistribution\Download\abc6612d2c714da9de76d36949bd22ac\*.tmp -> ]
[3 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2014.12.05 00:19:07 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\.purple
[2014.03.19 12:46:02 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Adobe
[2015.03.15 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Apple Computer
[2014.04.16 11:58:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Autodesk
[2014.03.19 13:04:29 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Corel
[2014.09.10 09:33:22 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
[2015.04.02 22:40:21 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Downloaded Installations
[2014.04.02 21:50:14 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\FastStone
[2015.06.07 12:25:18 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Garmin
[2014.03.13 01:06:52 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Identities
[2014.03.18 22:37:40 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Macromedia
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Media Center Programs
[2015.03.31 09:44:15 | 000,000,000 | --SD | M] -- C:\Users\Honza\AppData\Roaming\Microsoft
[2014.08.07 08:57:34 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Mozilla
[2015.04.02 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nitro
[2015.07.09 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Nitro PDF
[2015.04.25 08:43:05 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\OpenCandy
[2015.06.09 11:34:59 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Opera Software
[2015.02.06 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Oracle
[2014.03.16 13:39:30 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Seznam.cz
[2015.06.06 21:55:19 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Skype
[2014.06.16 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Telefónica Móviles
[2015.06.20 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\uTorrent
[2014.03.18 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\Honza\AppData\Roaming\Zoner
< %APPDATA%\*.exe /s >
[2015.04.25 08:43:11 | 000,085,568 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\OpenCandy\A55E0FF9C79B4E3681F96B062A6ECD7E\skacvtp1_v4.exe
[2013.05.16 15:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 15:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\sznsetup.exe
[2012.12.19 11:59:28 | 001,996,936 | ---- | M] (Seznam.cz a.s.) -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\MiniBrowser.exe
[2012.12.19 12:03:20 | 000,323,752 | ---- | M] () -- C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe
[2014.06.21 15:07:44 | 001,271,376 | ---- | M] (BitTorrent Inc.) -- C:\Users\Honza\AppData\Roaming\uTorrent\uTorrent.exe
[2014.05.15 09:22:01 | 001,272,400 | ---- | M] (BitTorrent Inc.) -- C:\Users\Honza\AppData\Roaming\uTorrent\updates\3.4.1_31139.exe
[2014.06.21 15:06:31 | 001,271,376 | ---- | M] (BitTorrent Inc.) -- C:\Users\Honza\AppData\Roaming\uTorrent\updates\3.4.1_31395.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2015.07.23 14:16:09 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.07.23 15:45:19 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2015.07.23 15:25:40 | 000,010,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015.07.23 15:25:40 | 000,010,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Seznam Postak" = "C:\Users\Honza\AppData\Roaming\Seznam.cz\bin\postak.exe" -s -- [2012.12.19 12:03:20 | 000,323,752 | ---- | M] ()
"iCloudServices" = C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
"GoogleChromeAutoLaunch_7F5A1536901808934F0FA412D4DB0056" = "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window -- [2015.07.13 23:55:16 | 000,813,896 | ---- | M] (Google Inc.)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2015.07.13 23:55:16 | 000,813,896 | ---- | M] (Google Inc.) MD5=3BBEC4CC2A388B4C5D1EFE20EAD7D98F -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.07.23 15:33:58 | 000,000,512 | ---- | M] () MD5=E866E4EB8FAED90E34A271D0C463A898 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[1999.06.11 20:18:36 | 000,092,827 | ---- | M] () -- \Program Files\Corel\Corel Graphics 11\Custom Data\Bumpmap\Cracks.cpt
[2002.01.30 17:31:34 | 000,016,068 | ---- | M] () -- \Program Files\Corel\Corel Graphics 11\Custom Data\Canvas\cracks2c.pcx
[2002.01.30 18:15:39 | 000,010,560 | ---- | M] () -- \Program Files\Corel\Corel Graphics 11\Custom Data\Tiles\CRACKS2M.CPT
< *keygen* /s >
[2015.04.02 22:35:10 | 000,019,569 | ---- | M] () -- \Users\Honza\AppData\Roaming\uTorrent\Nitro Pro 9.5.1.5 Final (x86-x64) Incl. Keygen-CORE.torrent
< *loader* /s >
[2007.01.31 09:07:46 | 000,027,752 | ---- | M] () -- \Program Files\AutoCAD 2008\AecLoader.arx
[2015.05.15 16:27:10 | 000,060,712 | ---- | M] () -- \Program Files\Common Files\Apple\Apple Application Support\YSLoader.exe
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2015.06.08 15:52:46 | 000,009,418 | ---- | M] () -- \Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.36.2_0\img\gifloader.gif
[2014.05.14 21:01:20 | 000,003,072 | ---- | M] () -- \Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ytddownloader.com_0.localstorage
[2014.10.04 10:27:36 | 000,000,121 | ---- | M] () -- \Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\YQ4YAJ9N\uk-extreme.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
[2014.07.24 14:53:16 | 000,072,638 | ---- | M] () -- \Users\Honza\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.07.24 14:53:16 | 000,003,032 | ---- | M] () -- \Users\Honza\AppData\Local\Skype\Apps\login\images\loader.png
[2014.07.24 14:53:16 | 000,006,012 | ---- | M] () -- \Users\Honza\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.07.24 14:53:16 | 000,021,956 | ---- | M] () -- \Users\Honza\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.07.24 14:53:16 | 000,009,772 | ---- | M] () -- \Users\Honza\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2013.04.15 10:11:08 | 000,031,512 | ---- | M] () -- \Users\Honza\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.1.2-win32.zip
[2008.07.02 01:09:28 | 005,524,068 | ---- | M] () -- \Users\Honza\Music\MIX\Toploader - Dancing In The Moonlight.mp3
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 06:56:40 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 06:56:40 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winload.exe.mui_3bc5b827
[2009.07.14 06:56:40 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4_winresume.exe.mui_ff8b5358
[2009.07.14 04:17:55 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 04:17:55 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winload.exe_75835076
[2009.07.14 04:17:55 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winresume.exe_85cd1215
[2009.07.14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 04:29:12 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2009.07.14 03:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
< End of report >
OTL Extras logfile created on: 23.7.2015 15:30:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Honza\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1,93 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 46,60% Memory free
3,87 Gb Paging File | 2,64 Gb Available in Paging File | 68,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,01 Gb Total Space | 76,71 Gb Free Space | 51,48% Space Free | Partition Type: NTFS
Computer Name: HONZA-PC | User Name: Honza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [KMPlayer.Enqueue] -- "C:\Program Files\The KMPlayer\KMPlayer.exe"/ADD "%1"
Directory [KMPlayer.Play] -- "C:\Program Files\The KMPlayer\KMPlayer.exe" "%1" (PandoraTV)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B4E737A-54A7-4357-A77E-188F8CE12D96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{134A0778-1144-4D23-A780-6DB173C33B9E}" = rport=138 | protocol=17 | dir=out | app=system |
"{3386AA25-C59C-47E4-87E8-AC79B97A6920}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FE9556E-4121-47F1-B658-AF9503D66D56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{445AD65D-FB59-4EAD-B504-984C255D94EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53C8F6E5-0C51-4278-BC28-325B76D20B58}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{6259D844-F509-4432-BA6D-E6629683A608}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6D817D2D-EB5C-47BB-89E9-A838DCAB321F}" = lport=138 | protocol=17 | dir=in | app=system |
"{7DC801D6-50C8-43C5-ABDF-6C1A70CB51BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88ED77BA-A4F1-4AA2-A7EA-05E374B9C5C1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A46FC426-A5EB-4742-9654-3AC95A8E411C}" = rport=139 | protocol=6 | dir=out | app=system |
"{B3D0D962-6A16-4DD6-B2E8-9074E18F6E55}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B58AF13F-F530-43C3-A267-FF316AB3A627}" = lport=137 | protocol=17 | dir=in | app=system |
"{B5D39F58-9920-4A30-A8E5-307939C36A78}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C096BC7A-5D35-4EA1-835F-A70E24B2381F}" = lport=445 | protocol=6 | dir=in | app=system |
"{C655815F-E7A9-42E9-B282-5F8708FA85FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3BEC6A1-2DB1-491D-A904-CF0C4EB29345}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E72E236F-E0C4-4D7C-96C8-4AB4A8176E4B}" = rport=137 | protocol=17 | dir=out | app=system |
"{FADCAF10-7FAE-4BF5-935B-699CAAB69C91}" = lport=139 | protocol=6 | dir=in | app=system |
"{FCEE06E7-0F99-470E-99DB-2D521503AE52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFD674C4-DEBA-483E-BA5E-70B83DAEEB8A}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15522014-DEE6-4A7C-B88C-B7588D71FCE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{382C30A5-C7AA-48AB-B910-AACCA9F1C650}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{932CFE9A-D836-4B06-B383-5F8C2CA9706A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B992D84-656C-4EE8-BD4D-318836DC3A28}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A694B3AF-D7D4-4650-90B3-3B60CEB31A35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD0CAD68-FA86-47BF-A099-32CD6B3D65C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF3B6286-704E-4ED1-8C81-5FB923D9228B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB924716-8132-4183-98C7-15435342DCD3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D6CCF067-9CCE-4DB6-84E4-56B103EF0EEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EE4A3F32-DD7D-456E-8B28-F2D39A10D3EF}" = protocol=17 | dir=in | app=c:\users\honza\appdata\roaming\utorrent\utorrent.exe |
"{F2FB070C-A833-4C53-A7E0-3A468455D533}" = protocol=6 | dir=in | app=c:\users\honza\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{C5D3124B-ACA9-46B8-A438-1FC637CBC2B0}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"TCP Query User{E35FE254-B5D7-4D58-A7D0-E109E83EFAA7}C:\program files\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files\connectify\connectify.exe |
"UDP Query User{6619354B-5EFA-4D20-BA6A-86FE7DBC6F2D}C:\program files\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files\connectify\connectify.exe |
"UDP Query User{A042D3DD-B222-4364-92F5-707221FBB32B}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{26A24AE4-039D-4CA4-87B4-2F03217075FF}" = Java 7 Update 75
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{37241A20-3FEC-4D40-A6AA-97E0FA0DC256}" = Albania Geopolitical GPS Basemap
"{46E7E808-5AD2-44B6-B52C-68EB15182D8A}" = TrekMap v2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}" = Apple Mobile Device Support
"{5783F2D7-6001-0405-0002-0060B0CE6BBA}" = AutoCAD 2008 - Český
"{5A5B1119-BDD8-4FD8-86E6-299605754DBE}" = Nitro Pro 9
"{5CC1B8CB-4B4A-4DB6-AA7D-7167D033E93C}" = VirtualDJ 8
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AA38575-25A1-4C2F-B40B-2188EB73FF0E}" = Garmin TOPO Österreich v2
"{7C69F731-6471-48FE-899B-1C40F80042C7}" = Garmin BaseCamp
"{7FE25256-B7C1-480D-B736-10A67A833AEA}" = Podpora aplikací Apple (32bitová)
"{8E2A1F3F-0E67-4B33-B8F4-A2A53FDDD844}" = TOPO Czech PRO 2013
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}" = iTunes
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Czech
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AutoCAD 2008 - Český" = AutoCAD 2008 - Český
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Earth Pro 7.1.1.1888 Final7.1.1.1888" = Google Earth Pro 7.1.1.1888 Final
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = CorelDRAW Graphics Suite 11
"MediaHuman YouTube to MP3 Converter_is1" = MediaHuman YouTube to MP3 Converter version 3.7.5
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The KMPlayer" = KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1795661789-398196264-492586550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SeznamInstall" = Seznam Software
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.7.2015 14:53:19 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.7.2015 14:53:19 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2854
Error - 15.7.2015 14:53:19 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2854
Error - 15.7.2015 14:53:22 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.7.2015 14:53:22 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6910
Error - 15.7.2015 14:53:22 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6910
Error - 15.7.2015 14:53:25 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.7.2015 14:53:25 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9687
Error - 15.7.2015 14:53:25 | Computer Name = Honza-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9687
Error - 20.7.2015 11:50:58 | Computer Name = Honza-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/m ... ootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
[ System Events ]
Error - 9.7.2015 16:06:52 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1206.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11804.0
Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 13.7.2015 3:24:02 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2
Error - 13.7.2015 3:24:08 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 13.7.2015 13:57:01 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1206.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11804.0
Error
code: 0x80072ee2 Error description: The operation timed out
Error - 13.7.2015 13:58:04 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1206.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.11804.0 Error code: 0x80072ee2 Error description: The
operation timed out
Error - 13.7.2015 13:58:04 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1206.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.11804.0 Error code: 0x80072ee2 Error description: The
operation timed out
Error - 13.7.2015 14:00:19 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 115.3.0.0 Update Source: %%851 Update Stage:
%%853 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094
Signature
Type: %%886 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 2.1.11804.0 Error code: 0x80072ee2 Error description: The
operation timed out
Error - 15.7.2015 13:24:55 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1653.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11804.0
Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 15.7.2015 14:02:35 | Computer Name = Honza-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.201.1653.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.11804.0
Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 20.7.2015 11:17:25 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
< End of report >
Re: Objevil se Search Protect a jak se ho mám zbavit??
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Po spusteni probehne stazeni databaze
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
strongpajda
- Návštěvník
- Příspěvky: 33
- Registrován: 14 říj 2006 13:45
- Kontaktovat uživatele:
Re: Objevil se Search Protect a jak se ho mám zbavit??
# AdwCleaner v4.208 - Logfile created 24/07/2015 at 11:39:11
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 7 Ultimate (x86)
# Username : Honza - HONZA-PC
# Running from : C:\Users\Honza\Desktop\adwcleaner_4.208.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : IHProtect Service
[#] Service Deleted : WindowsMangerProtect
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\miuitab
Folder Deleted : C:\Users\Honza\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
File Deleted : C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage
File Deleted : C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2335267C-DBBA-4DD5-A9D0-C4DB8E6A75A4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2335267C-DBBA-4DD5-A9D0-C4DB8E6A75A4}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\WajIntEnhance
Key Deleted : HKCU\Software\SearchProtectWS
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Kromtech
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\omniboxesSoftware
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\AIM Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v
-\\ Google Chrome v43.0.2357.134
[C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ostrava.cz/cs/search?SearchableText={searchTerms}
[C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.rb-bike.cz/cz/uvod/vyhledavani?mact ... ailpage=50
[C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] :
[C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 02113194F1E39218D6B703144E2C1E0C2276F8B53A64EC945B5BB32EFBB8D7ED"},"software_reporter":{"prompt_reason":"3D2450B0D05F36DBCC0DF7D310D5A59D980C9AD81EDB4DADEC4399181EE6E15C","prompt_seed":"D675D57ABBBF1D4694AED8C4257FED985B2927601FB7178A687B329765C7F93E","prompt_version":"2BA36005BEEA6D8F6A52AB86E302153A4878AC5170867D5BA64159329184AD7C"},"sync":{"remaining_rollback_tries":"3B7555C85D123C27449FD59492C934D566E4646F48B566A8B0A1D323B29BEA2E"}},"super_mac":"D2A7BC4C727E28D4D86FEC88E139666EA694D19CCD464EF4632A091F7E48790D"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.omniboxes.com/?type=hp&ts=143384191 ... XX5VCDAJ57
*************************
AdwCleaner[R0].txt - [13638 bytes] - [24/07/2015 11:27:35]
AdwCleaner[S0].txt - [7535 bytes] - [24/07/2015 11:39:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7594 bytes] ##########
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 7 Ultimate (x86)
# Username : Honza - HONZA-PC
# Running from : C:\Users\Honza\Desktop\adwcleaner_4.208.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : IHProtect Service
[#] Service Deleted : WindowsMangerProtect
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\miuitab
Folder Deleted : C:\Users\Honza\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
File Deleted : C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage
File Deleted : C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2335267C-DBBA-4DD5-A9D0-C4DB8E6A75A4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2335267C-DBBA-4DD5-A9D0-C4DB8E6A75A4}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\WajIntEnhance
Key Deleted : HKCU\Software\SearchProtectWS
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Kromtech
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\omniboxesSoftware
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\AIM Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v
-\\ Google Chrome v43.0.2357.134
[C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ostrava.cz/cs/search?SearchableText={searchTerms}
[C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.rb-bike.cz/cz/uvod/vyhledavani?mact ... ailpage=50
[C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] :
[C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 02113194F1E39218D6B703144E2C1E0C2276F8B53A64EC945B5BB32EFBB8D7ED"},"software_reporter":{"prompt_reason":"3D2450B0D05F36DBCC0DF7D310D5A59D980C9AD81EDB4DADEC4399181EE6E15C","prompt_seed":"D675D57ABBBF1D4694AED8C4257FED985B2927601FB7178A687B329765C7F93E","prompt_version":"2BA36005BEEA6D8F6A52AB86E302153A4878AC5170867D5BA64159329184AD7C"},"sync":{"remaining_rollback_tries":"3B7555C85D123C27449FD59492C934D566E4646F48B566A8B0A1D323B29BEA2E"}},"super_mac":"D2A7BC4C727E28D4D86FEC88E139666EA694D19CCD464EF4632A091F7E48790D"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.omniboxes.com/?type=hp&ts=143384191 ... XX5VCDAJ57
*************************
AdwCleaner[R0].txt - [13638 bytes] - [24/07/2015 11:27:35]
AdwCleaner[S0].txt - [7535 bytes] - [24/07/2015 11:39:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7594 bytes] ##########
Re: Objevil se Search Protect a jak se ho mám zbavit??
Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
- Do okna vlozte skript nize
Kód: Vybrat vše
autoclean; resethosts; emptyclsid; IEdefaults; FFdefaults; CHRdefaults; emptyIEcache; emptyFFcache; emptyCHRcache; emptyalltemp; emptyflash; emptyjava; emptyrecycle.bin;- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
strongpajda
- Návštěvník
- Příspěvky: 33
- Registrován: 14 říj 2006 13:45
- Kontaktovat uživatele:
Re: Objevil se Search Protect a jak se ho mám zbavit??
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Honza on p 24.07.2015 at 12:53:22,91.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Honza\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
24.7.2015 12:55:04 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\DsNET Corp deleted successfully
C:\Users\Honza\AppData\Roaming\Opera Software deleted successfully
C:\Users\Honza\AppData\Local\GHISLER deleted successfully
C:\Users\Honza\AppData\Local\Opera Software deleted successfully
C:\Users\Honza\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1795661789-398196264-492586550-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default\prefs.js:
Added to C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Program Files\DsNET Corp not found
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default
BBCA738ABB9FE2F7F0A3B0D74D2D9BFB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U75
773401F7A4065EC806712D5E09FEBB97 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.750.13
46A59E6F7F7C1679AC7C4655E055326D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
157B6F5BC94B33D3FA5E24F4A273341E - C:\Program Files\Nitro\Pro 9\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
FA62CB8C9B7DC884692DC519F9203403 - C:\Program Files\Garmin GPS Plugin\npGarmin.dll - Garmin Communicator Plug-In
212CCB988F4EB1D7AB67B65A04926D25 - C:\Program Files\Nitro\Pro 9\npnitroie.dll - Nitro PDF plugin for Internet Explorer
6E58DA19921D957398E86959E6CD3CB9 - C:\Program Files\Nitro\Pro 9\npdf.dll - FileOpen WebPublisher3+ MSO Security exchange
6D33B1A2C5FA7D8A4EFAAF345DE6CC48 - C:\Program Files\Nitro\Pro 9\NPShellExtension.dll - Nitro Pro ShellExtension
==== Chromium Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Honza\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[]
AdBlock - Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
==== Chromium Startpages ======================
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Preferences
adg":"E5DA94E9228136569390623749584954251C3362AE5135BAC5FBEDD1F8E8DBD2","gfdkimpbcpahaombhbimeihdjnejgicl":"C40A03B07C707E172376B7E8B524269A208AEC617C3DB55406EBB1A2360E65A0","gighmmpiobklfepjocnamgkkbiglidom":"8149EA3322E0BD752E5E239B03ABD6DCF157D81122012C3EF39BC3E6EF0188CE","kmendfapggjehodndflmmgagdbamhnfd":"35B73C430EF2581D3FF62096A91B6D996E32C77DEBBB592DD8F1D7D38DA41063","mfehgcgbbipciphmccgaenjidiccnmng":"D077FA8BF772AC15A69FEC68F5DA720C3F9977DAB354ECA8E1384533061A1054","mfffpogegjflfpflabcdkioaeobkgjik":"EF873DDFAFBCE990D70FB105BF52F2A991D8B42AD374E06C8D49D0CB1C15EAC8","mgndgikekgjfcpckkfioiadnlibdjbkf":"6B5C441D25817B399328294CCB36F6EC1406F6704A29BBCD39A3B9D8E1166409","mhjfbmdgcfjbbpaeojofohoefgiehjai":"5A0EA24DD2376915DD9CE5E67EBDBE0CC323D607CB8B990F44270F5BE775D1C8","neajdppkdcdipfabeoofebfddakdcjhd":"D034B539AE7F01F5C580580A8697C438090B7BCD7CBDEA59AFA52EBC5EAB4CDF","nkeimhogjdpnpccoofpliimaahmaaome":"9B940CCC0BC705A8527B8CCE1C4F4A84F95482BDAB6038A4E2207B62D83F728C","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"EAED1E3E8BA8F9BDC27BCC44EDC783A39F10EA47D092B63EF56216F4C1274C12"}},"google":{"services":{"last_username":"196A05384286BBE08ED9DDDE46E81A22E1439C2224F44BB155CD638E0591A379","username":"B59E598EB2BDB64DEF9144BC4BB2EB06C85BC2C5AFB15ED06009CA2B7973A0A2"}},"homepage":"920DF4AC33A0AE8B5951A885AE993F07D47A385D52F871C7E3E10D5DD0C67F2B","homepage_is_newtabpage":"E48B958B40F92861DC00E4CA68677FE61347B57EF3AF0535A8C87B260B0B1595","pinned_tabs":"CE9865570488209DABF4396E588517EB1F8BBC202A582A957821E0586B20467B","prefs":{"preference_reset_time":"CF800BCABA53C13C19BD9998C132C66665DE056D32948C689E530BBE65289BA2"},"profile":{"reset_prompt_memento":"0CA8ACA665B4FEC6922C94147BB0AC9B5BA1088394B37750595A0C2ECCC6D936"},"safebrowsing":{"incidents_sent":"E378B8977B99E770A8E93EF223278B1E40DEA0E643BCB435420BA7F04E6E3618"},"search_provider_overrides":"5B90BD6CA7740C1D472D8CE4ACAFF03FAC34E952CED18783C41338E0519CF41B","session":{"restore_on_startup":"386A361FA2AD45DEED4A4945DD2AEC37E411556DCD4BC858005F557CE1E12D9D","startup_urls":"02113194F1E39218D6B703144E2C1E0C2276F8B53A64EC945B5BB32EFBB8D7ED"},"software_reporter":{"prompt_reason":"7565A3B8B0CD364719D4F06108BA1F45FAD2CA50FA727CB9F0993DC463FF6D0F","prompt_seed":"8FD3DEAB5096D1B22612AEDEA649501CFB6FBD467946B7A53207CC4FA3527BC6","prompt_version":"A22061855A0DE365C7826456539D883D1E8F96213F2CC07795AE82C326055F4A"},"sync":{"remaining_rollback_tries":"3B7555C85D123C27449FD59492C934D566E4646F48B566A8B0A1D323B29BEA2E"}},"super_mac":"0634EC68A468EAF1439BBA1ED84563FD24085FD9DE15F9F3C9E32EBD0B8F7108"},"session":{"restore_on_startup":5,"startup_urls":["http://www.omniboxes.com/?type=hp&ts=14 ... XX5VCDAJ57"]},"sync":{"remaining_rollback_tries":0}}
==== Chromium Fix ======================
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_products.trovit.co.uk_0.localstorage deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_products.trovit.co.uk_0.localstorage-journal deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ass-savers.com_0.localstorage deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ass-savers.com_0.localstorage-journal deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully
==== Empty IE Cache ======================
C:\Users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Honza\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Honza\AppData\Local\Mozilla\Firefox\Profiles\tjijnvps.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=11 folders=0 49274 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Honza\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Honza\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on p 24.07.2015 at 14:32:32,62 ======================
Tool run by Honza on p 24.07.2015 at 12:53:22,91.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Honza\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
24.7.2015 12:55:04 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\DsNET Corp deleted successfully
C:\Users\Honza\AppData\Roaming\Opera Software deleted successfully
C:\Users\Honza\AppData\Local\GHISLER deleted successfully
C:\Users\Honza\AppData\Local\Opera Software deleted successfully
C:\Users\Honza\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1795661789-398196264-492586550-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default\prefs.js:
Added to C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Program Files\DsNET Corp not found
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\tjijnvps.default
BBCA738ABB9FE2F7F0A3B0D74D2D9BFB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U75
773401F7A4065EC806712D5E09FEBB97 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.750.13
46A59E6F7F7C1679AC7C4655E055326D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
157B6F5BC94B33D3FA5E24F4A273341E - C:\Program Files\Nitro\Pro 9\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
FA62CB8C9B7DC884692DC519F9203403 - C:\Program Files\Garmin GPS Plugin\npGarmin.dll - Garmin Communicator Plug-In
212CCB988F4EB1D7AB67B65A04926D25 - C:\Program Files\Nitro\Pro 9\npnitroie.dll - Nitro PDF plugin for Internet Explorer
6E58DA19921D957398E86959E6CD3CB9 - C:\Program Files\Nitro\Pro 9\npdf.dll - FileOpen WebPublisher3+ MSO Security exchange
6D33B1A2C5FA7D8A4EFAAF345DE6CC48 - C:\Program Files\Nitro\Pro 9\NPShellExtension.dll - Nitro Pro ShellExtension
==== Chromium Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Honza\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[]
AdBlock - Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
==== Chromium Startpages ======================
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Preferences
adg":"E5DA94E9228136569390623749584954251C3362AE5135BAC5FBEDD1F8E8DBD2","gfdkimpbcpahaombhbimeihdjnejgicl":"C40A03B07C707E172376B7E8B524269A208AEC617C3DB55406EBB1A2360E65A0","gighmmpiobklfepjocnamgkkbiglidom":"8149EA3322E0BD752E5E239B03ABD6DCF157D81122012C3EF39BC3E6EF0188CE","kmendfapggjehodndflmmgagdbamhnfd":"35B73C430EF2581D3FF62096A91B6D996E32C77DEBBB592DD8F1D7D38DA41063","mfehgcgbbipciphmccgaenjidiccnmng":"D077FA8BF772AC15A69FEC68F5DA720C3F9977DAB354ECA8E1384533061A1054","mfffpogegjflfpflabcdkioaeobkgjik":"EF873DDFAFBCE990D70FB105BF52F2A991D8B42AD374E06C8D49D0CB1C15EAC8","mgndgikekgjfcpckkfioiadnlibdjbkf":"6B5C441D25817B399328294CCB36F6EC1406F6704A29BBCD39A3B9D8E1166409","mhjfbmdgcfjbbpaeojofohoefgiehjai":"5A0EA24DD2376915DD9CE5E67EBDBE0CC323D607CB8B990F44270F5BE775D1C8","neajdppkdcdipfabeoofebfddakdcjhd":"D034B539AE7F01F5C580580A8697C438090B7BCD7CBDEA59AFA52EBC5EAB4CDF","nkeimhogjdpnpccoofpliimaahmaaome":"9B940CCC0BC705A8527B8CCE1C4F4A84F95482BDAB6038A4E2207B62D83F728C","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"EAED1E3E8BA8F9BDC27BCC44EDC783A39F10EA47D092B63EF56216F4C1274C12"}},"google":{"services":{"last_username":"196A05384286BBE08ED9DDDE46E81A22E1439C2224F44BB155CD638E0591A379","username":"B59E598EB2BDB64DEF9144BC4BB2EB06C85BC2C5AFB15ED06009CA2B7973A0A2"}},"homepage":"920DF4AC33A0AE8B5951A885AE993F07D47A385D52F871C7E3E10D5DD0C67F2B","homepage_is_newtabpage":"E48B958B40F92861DC00E4CA68677FE61347B57EF3AF0535A8C87B260B0B1595","pinned_tabs":"CE9865570488209DABF4396E588517EB1F8BBC202A582A957821E0586B20467B","prefs":{"preference_reset_time":"CF800BCABA53C13C19BD9998C132C66665DE056D32948C689E530BBE65289BA2"},"profile":{"reset_prompt_memento":"0CA8ACA665B4FEC6922C94147BB0AC9B5BA1088394B37750595A0C2ECCC6D936"},"safebrowsing":{"incidents_sent":"E378B8977B99E770A8E93EF223278B1E40DEA0E643BCB435420BA7F04E6E3618"},"search_provider_overrides":"5B90BD6CA7740C1D472D8CE4ACAFF03FAC34E952CED18783C41338E0519CF41B","session":{"restore_on_startup":"386A361FA2AD45DEED4A4945DD2AEC37E411556DCD4BC858005F557CE1E12D9D","startup_urls":"02113194F1E39218D6B703144E2C1E0C2276F8B53A64EC945B5BB32EFBB8D7ED"},"software_reporter":{"prompt_reason":"7565A3B8B0CD364719D4F06108BA1F45FAD2CA50FA727CB9F0993DC463FF6D0F","prompt_seed":"8FD3DEAB5096D1B22612AEDEA649501CFB6FBD467946B7A53207CC4FA3527BC6","prompt_version":"A22061855A0DE365C7826456539D883D1E8F96213F2CC07795AE82C326055F4A"},"sync":{"remaining_rollback_tries":"3B7555C85D123C27449FD59492C934D566E4646F48B566A8B0A1D323B29BEA2E"}},"super_mac":"0634EC68A468EAF1439BBA1ED84563FD24085FD9DE15F9F3C9E32EBD0B8F7108"},"session":{"restore_on_startup":5,"startup_urls":["http://www.omniboxes.com/?type=hp&ts=14 ... XX5VCDAJ57"]},"sync":{"remaining_rollback_tries":0}}
==== Chromium Fix ======================
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_products.trovit.co.uk_0.localstorage deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_products.trovit.co.uk_0.localstorage-journal deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ass-savers.com_0.localstorage deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ass-savers.com_0.localstorage-journal deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully
==== Empty IE Cache ======================
C:\Users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Honza\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Honza\AppData\Local\Mozilla\Firefox\Profiles\tjijnvps.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=11 folders=0 49274 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Honza\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Honza\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Honza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on p 24.07.2015 at 14:32:32,62 ======================
-
strongpajda
- Návštěvník
- Příspěvky: 33
- Registrován: 14 říj 2006 13:45
- Kontaktovat uživatele:
Re: Objevil se Search Protect a jak se ho mám zbavit??
PC vypadá v pořádku, jen nejsem schopen nastavit Novou kartu jako google.com. Při spuštění Chromu mám jako startovací stránku mysearch123.com a tu nechci....!!! co s tím
-
strongpajda
- Návštěvník
- Příspěvky: 33
- Registrován: 14 říj 2006 13:45
- Kontaktovat uživatele:
Re: Objevil se Search Protect a jak se ho mám zbavit??
problém vyřešen, prosím o LOCK
Re: Objevil se Search Protect a jak se ho mám zbavit??
Tak jeste uklidime 
DelFix https://toolslib.net/downloads/finish/2/
Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
DelFix https://toolslib.net/downloads/finish/2/
- Stahnete a spustte
- Ponechte zatrzitkou pouze u volby Remove disinfection tools
- Kliknete na Run
Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standardPanel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?
