Dobrý den,
prosím o preventivní kontrolu logu. Neustále mi pracuje HDD a počítač je lehce pomalejší.
Děkuji
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-10-2015 01
Ran by Admin (administrator) on ADMIN-PC (16-10-2015 17:29:31)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & UpdatusUser (Available Profiles: Admin & UpdatusUser & Eliška & Anička)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(PS Media s.r.o.) C:\Windows\System32\ssins.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\HP\HP UT\bin\hppusg.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-14] (Realtek Semiconductor)
HKLM\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [103936 2014-03-04] (Leadtek Research Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-11-02] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Run: [StereoLinksInstall] => "C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2916352 2013-01-09] (Leadtek Research Inc.)
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [SystemProc] => C:\Users\Public\Other\run.vbs [74 2014-02-06] ()
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2014-05-28]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2014-11-16]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1003\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1002\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{090E7DE2-A2F0-4E73-82EC-52C2B884DE8C}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xrs4pk9.default-1413125801048
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-15]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-10]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-10]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-10]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-10]
CHR Extension: (mfhcchbdblkggcenfmmpgkpgphfhfcbe) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcchbdblkggcenfmmpgkpgphfhfcbe [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-10]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 ssinstall; C:\Windows\System32\ssins.exe [2324216 2014-06-21] (PS Media s.r.o.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
R3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-16 17:29 - 2015-10-16 17:30 - 00013180 _____ C:\Users\Admin\Desktop\FRST.txt
2015-10-16 17:27 - 2015-10-16 17:27 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
2015-10-16 17:24 - 2015-10-16 17:25 - 01700352 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-10-16 17:21 - 2015-10-16 17:22 - 01700352 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-10-12 11:35 - 2015-10-01 11:18 - 05284082 _____ C:\Windows\system32\nvcoproc.bin
2015-10-12 11:32 - 2015-10-03 06:58 - 37882672 _____ C:\Windows\system32\nvcompiler.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 18359928 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 15002304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 13518496 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 12769216 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 12032392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 09368696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-10-12 11:32 - 2015-10-03 06:58 - 03154104 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 02489976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 01053304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3235850.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 00921448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 00916784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3235850.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 00171352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2015-10-12 11:32 - 2015-10-03 06:58 - 00037208 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2015-10-12 11:10 - 2015-10-12 11:10 - 00000000 ____D C:\NVIDIA
2015-09-29 16:55 - 2015-09-29 16:55 - 00165560 _____ C:\Windows\Minidump\Mini092915-01.dmp
2015-09-29 16:55 - 2015-09-29 16:55 - 00000000 ____D C:\Windows\Minidump
2015-09-29 16:54 - 2015-09-29 17:52 - 187237967 _____ C:\Windows\MEMORY.DMP
2015-09-28 17:05 - 2015-09-28 17:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Minecraft
2015-09-24 19:13 - 2015-09-24 19:13 - 00000382 _____ C:\Users\Admin\Desktop\Kat Jaro Slávik poprvé v historii zmáčkl zlatý bzučák. Až uvidíte tohle vystoupení, pochopíte proč! - You.bo.URL
2015-09-21 19:33 - 2015-09-21 19:33 - 00000236 _____ C:\Users\Admin\Desktop\Test z matematiky.URL
2015-09-20 14:21 - 2015-09-20 15:48 - 734404607 _____ C:\Users\Admin\Downloads\Scary-movie-4-CZ.avi
2015-09-20 12:40 - 2015-09-20 13:59 - 734316543 _____ C:\Users\Admin\Downloads\Scary-Movie-3-cz.avi
2015-09-18 13:39 - 2015-09-18 13:39 - 00000239 _____ C:\Users\Admin\Desktop\písnička husta ela.URL
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-16 17:30 - 2008-01-21 03:35 - 01717515 _____ C:\Windows\WindowsUpdate.log
2015-10-16 17:29 - 2014-10-10 19:45 - 00000000 ____D C:\FRST
2015-10-16 17:14 - 2014-05-15 11:51 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-16 17:14 - 2014-05-15 11:51 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-16 17:14 - 2014-05-15 11:51 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-16 16:57 - 2006-11-02 14:47 - 00004192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-16 16:57 - 2006-11-02 14:47 - 00004192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-16 16:56 - 2014-06-22 19:09 - 00000418 ____H C:\Windows\Tasks\User_Feed_Synchronization-{51E04949-6895-40C7-BF86-63B994B17111}.job
2015-10-16 16:53 - 2014-06-21 20:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2015-10-16 16:53 - 2006-11-02 14:52 - 00100016 _____ C:\Windows\setupact.log
2015-10-16 16:52 - 2008-01-21 08:47 - 01530430 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-12 11:42 - 2014-06-21 19:57 - 00000000 _____ C:\Windows\system32\sinstall.log
2015-10-12 11:42 - 2014-05-15 12:08 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-12 11:42 - 2008-01-21 04:47 - 00191638 _____ C:\Windows\PFRO.log
2015-10-12 11:42 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-12 11:41 - 2014-06-20 20:14 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-10-12 11:41 - 2006-11-02 15:01 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-12 11:40 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-12 11:36 - 2014-05-15 12:38 - 00000000 ____D C:\Users\Admin
2015-10-12 11:36 - 2014-05-15 12:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-12 11:11 - 2014-05-15 12:38 - 00001356 _____ C:\Users\Admin\AppData\Local\d3d9caps.dat
2015-10-03 06:58 - 2014-05-15 12:08 - 00105080 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-10-03 06:58 - 2013-02-26 00:22 - 00028754 _____ C:\Windows\system32\nvinfo.pb
2015-10-03 04:22 - 2014-05-15 12:08 - 03937072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 02580088 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 00671536 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-10-03 04:22 - 2014-05-15 12:08 - 00374904 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 00061744 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-29 19:17 - 2014-08-15 20:35 - 00000000 ___RD C:\Filmy
2015-09-29 16:48 - 2014-05-15 12:29 - 148229005 _____ C:\Windows\DUMP4327.tmp
2015-09-29 16:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-28 17:17 - 2014-06-07 13:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2015-09-27 20:05 - 2014-05-29 19:42 - 00000000 ____D C:\Foto
2015-09-27 19:57 - 2014-08-03 20:42 - 00000000 ____D C:\Users\Admin\Desktop\ANI
2015-09-27 09:24 - 2015-08-27 20:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-27 09:24 - 2014-05-15 11:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-21 19:05 - 2014-12-15 00:11 - 00000000 ____D C:\Hudba
==================== Files in the root of some directories =======
2014-05-15 12:38 - 2015-10-12 11:11 - 0001356 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2014-06-22 19:08 - 2014-06-22 19:08 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\nvStInst.exe
C:\Users\Admin\AppData\Local\Temp\ochelper.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{51E04949-6895-40C7-BF86-63B994B17111}.job => C:\Windows\system32\msfeedssync.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Users\Admin\Downloads\The Fireman's Ball 1967 Full Comedy Drama Movie.mp4:TOC.WMV
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Admin\Desktop" je 856 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivní kontrola logu - HDD stále pracuje
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
koblizek82
- Návštěvník
- Příspěvky: 24
- Registrován: 13 srp 2013 21:20
Preventivní kontrola logu - HDD stále pracuje
- Přílohy
-
- Addition.zip
- (5.79 KiB) Staženo 77 x
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivní kontrola logu - HDD stále pracuje
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
koblizek82
- Návštěvník
- Příspěvky: 24
- Registrován: 13 srp 2013 21:20
Re: Preventivní kontrola logu - HDD stále pracuje
# AdwCleaner v5.014 - Logfile created 18/10/2015 at 22:45:11
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner_5.014.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
***** [ Web browsers ] *****
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1150 bytes] ##########
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner_5.014.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
***** [ Web browsers ] *****
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1150 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivní kontrola logu - HDD stále pracuje
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
koblizek82
- Návštěvník
- Příspěvky: 24
- Registrován: 13 srp 2013 21:20
Re: Preventivní kontrola logu - HDD stále pracuje
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-10-2015
Ran by Admin (administrator) on ADMIN-PC (19-10-2015 19:04:45)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & UpdatusUser (Available Profiles: Admin & UpdatusUser & Eliška & Anička)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(PS Media s.r.o.) C:\Windows\System32\ssins.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\HP\HP UT\bin\hppusg.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(forum.viry.cz) C:\Users\Admin\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-14] (Realtek Semiconductor)
HKLM\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [103936 2014-03-04] (Leadtek Research Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-11-02] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Run: [StereoLinksInstall] => "C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2916352 2013-01-09] (Leadtek Research Inc.)
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [SystemProc] => C:\Users\Public\Other\run.vbs [74 2014-02-06] ()
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2014-05-28]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2014-11-16]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1003\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1002\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{090E7DE2-A2F0-4E73-82EC-52C2B884DE8C}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xrs4pk9.default-1413125801048
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-15] [not signed]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-10]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-10]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-10]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-10]
CHR Extension: (mfhcchbdblkggcenfmmpgkpgphfhfcbe) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcchbdblkggcenfmmpgkpgphfhfcbe [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-10]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 ssinstall; C:\Windows\System32\ssins.exe [2324216 2014-06-21] (PS Media s.r.o.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
R3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-19 19:04 - 2015-10-19 19:05 - 00013120 _____ C:\Users\Admin\Desktop\FRST.txt
2015-10-19 19:04 - 2015-10-19 19:04 - 00029696 _____ C:\Users\Admin\AppData\Local\MSGBOX.EXE
2015-10-19 19:04 - 2015-10-19 19:04 - 00015327 _____ C:\Users\Admin\Desktop\LM.bat
2015-10-19 19:04 - 2015-10-19 19:04 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2015-10-18 22:42 - 2015-10-18 22:42 - 01691648 _____ C:\Users\Admin\Desktop\adwcleaner_5.014.exe
2015-10-17 12:55 - 2015-10-17 12:55 - 00000261 _____ C:\Users\Admin\Desktop\kr_pruvodce2008.pdf.URL
2015-10-17 12:42 - 2015-10-17 12:42 - 00000000 ____D C:\Users\Admin\.oracle_jre_usage
2015-10-16 17:32 - 2015-10-17 08:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-16 17:24 - 2015-10-16 17:25 - 01700352 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-10-16 17:21 - 2015-10-19 19:04 - 01700864 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-10-12 11:35 - 2015-10-01 11:18 - 05284082 _____ C:\Windows\system32\nvcoproc.bin
2015-10-12 11:32 - 2015-10-03 06:58 - 37882672 _____ C:\Windows\system32\nvcompiler.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 18359928 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 15002304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 13518496 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 12769216 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 12032392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 09368696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-10-12 11:32 - 2015-10-03 06:58 - 03154104 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 02489976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 01053304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3235850.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 00921448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 00916784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3235850.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 00171352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2015-10-12 11:32 - 2015-10-03 06:58 - 00037208 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2015-10-12 11:10 - 2015-10-12 11:10 - 00000000 ____D C:\NVIDIA
2015-09-29 16:55 - 2015-09-29 16:55 - 00165560 _____ C:\Windows\Minidump\Mini092915-01.dmp
2015-09-29 16:55 - 2015-09-29 16:55 - 00000000 ____D C:\Windows\Minidump
2015-09-29 16:54 - 2015-09-29 17:52 - 187237967 _____ C:\Windows\MEMORY.DMP
2015-09-28 17:05 - 2015-09-28 17:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Minecraft
2015-09-24 19:13 - 2015-09-24 19:13 - 00000382 _____ C:\Users\Admin\Desktop\Kat Jaro Slávik poprvé v historii zmáčkl zlatý bzučák. Až uvidíte tohle vystoupení, pochopíte proč! - You.bo.URL
2015-09-21 19:33 - 2015-09-21 19:33 - 00000236 _____ C:\Users\Admin\Desktop\Test z matematiky.URL
2015-09-20 14:21 - 2015-09-20 15:48 - 734404607 _____ C:\Users\Admin\Downloads\Scary-movie-4-CZ.avi
2015-09-20 12:40 - 2015-09-20 13:59 - 734316543 _____ C:\Users\Admin\Downloads\Scary-Movie-3-cz.avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-19 19:04 - 2014-10-10 19:45 - 00000000 ____D C:\FRST
2015-10-19 19:04 - 2014-06-21 20:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2015-10-19 18:29 - 2008-01-21 03:35 - 01874940 _____ C:\Windows\WindowsUpdate.log
2015-10-19 12:11 - 2014-05-15 11:51 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-19 11:50 - 2006-11-02 14:47 - 00004192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-19 11:50 - 2006-11-02 14:47 - 00004192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-19 07:58 - 2008-01-21 08:47 - 01530430 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-19 07:50 - 2014-06-21 19:57 - 00000000 _____ C:\Windows\system32\sinstall.log
2015-10-19 07:50 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-18 22:51 - 2014-06-20 20:14 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-10-18 22:51 - 2006-11-02 15:01 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-18 22:45 - 2014-10-10 21:39 - 00000000 ____D C:\AdwCleaner
2015-10-18 18:57 - 2014-06-22 19:09 - 00000418 ____H C:\Windows\Tasks\User_Feed_Synchronization-{51E04949-6895-40C7-BF86-63B994B17111}.job
2015-10-18 18:14 - 2014-06-07 13:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2015-10-17 21:12 - 2014-05-15 11:51 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-17 21:12 - 2014-05-15 11:51 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-17 12:42 - 2014-05-15 12:38 - 00000000 ____D C:\Users\Admin
2015-10-17 09:24 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-17 08:36 - 2014-06-21 20:00 - 00000000 ____D C:\ProgramData\Skype
2015-10-17 08:33 - 2014-05-15 11:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-17 08:33 - 2008-01-21 04:47 - 00191998 _____ C:\Windows\PFRO.log
2015-10-16 22:56 - 2014-05-15 13:54 - 00000000 ____D C:\Windows\system32\MRT
2015-10-16 22:53 - 2006-11-02 12:24 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-10-16 17:37 - 2014-08-15 20:35 - 00000000 ___RD C:\Filmy
2015-10-16 16:53 - 2006-11-02 14:52 - 00100016 _____ C:\Windows\setupact.log
2015-10-12 11:42 - 2014-05-15 12:08 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-12 11:36 - 2014-05-15 12:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-12 11:11 - 2014-05-15 12:38 - 00001356 _____ C:\Users\Admin\AppData\Local\d3d9caps.dat
2015-10-03 06:58 - 2014-05-15 12:08 - 00105080 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-10-03 06:58 - 2013-02-26 00:22 - 00028754 _____ C:\Windows\system32\nvinfo.pb
2015-10-03 04:22 - 2014-05-15 12:08 - 03937072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 02580088 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 00671536 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-10-03 04:22 - 2014-05-15 12:08 - 00374904 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 00061744 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-29 16:48 - 2014-05-15 12:29 - 148229005 _____ C:\Windows\DUMP4327.tmp
2015-09-29 16:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-27 20:05 - 2014-05-29 19:42 - 00000000 ____D C:\Foto
2015-09-27 19:57 - 2014-08-03 20:42 - 00000000 ____D C:\Users\Admin\Desktop\ANI
2015-09-21 19:05 - 2014-12-15 00:11 - 00000000 ____D C:\Hudba
==================== Files in the root of some directories =======
2014-05-15 12:38 - 2015-10-12 11:11 - 0001356 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2014-06-22 19:08 - 2014-06-22 19:08 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-19 19:04 - 2015-10-19 19:04 - 0029696 _____ () C:\Users\Admin\AppData\Local\MSGBOX.EXE
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\nvStInst.exe
C:\Users\Admin\AppData\Local\Temp\ochelper.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-19 08:06
==================== End of FRST.txt ============================
Ran by Admin (administrator) on ADMIN-PC (19-10-2015 19:04:45)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & UpdatusUser (Available Profiles: Admin & UpdatusUser & Eliška & Anička)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(PS Media s.r.o.) C:\Windows\System32\ssins.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\HP\HP UT\bin\hppusg.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(forum.viry.cz) C:\Users\Admin\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-14] (Realtek Semiconductor)
HKLM\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [103936 2014-03-04] (Leadtek Research Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-11-02] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Run: [StereoLinksInstall] => "C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2916352 2013-01-09] (Leadtek Research Inc.)
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [SystemProc] => C:\Users\Public\Other\run.vbs [74 2014-02-06] ()
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2014-05-28]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2014-11-16]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1003\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1002\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{090E7DE2-A2F0-4E73-82EC-52C2B884DE8C}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xrs4pk9.default-1413125801048
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-15] [not signed]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-10]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-10]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-10]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-10]
CHR Extension: (mfhcchbdblkggcenfmmpgkpgphfhfcbe) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcchbdblkggcenfmmpgkpgphfhfcbe [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-10]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 ssinstall; C:\Windows\System32\ssins.exe [2324216 2014-06-21] (PS Media s.r.o.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
R3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-19 19:04 - 2015-10-19 19:05 - 00013120 _____ C:\Users\Admin\Desktop\FRST.txt
2015-10-19 19:04 - 2015-10-19 19:04 - 00029696 _____ C:\Users\Admin\AppData\Local\MSGBOX.EXE
2015-10-19 19:04 - 2015-10-19 19:04 - 00015327 _____ C:\Users\Admin\Desktop\LM.bat
2015-10-19 19:04 - 2015-10-19 19:04 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2015-10-18 22:42 - 2015-10-18 22:42 - 01691648 _____ C:\Users\Admin\Desktop\adwcleaner_5.014.exe
2015-10-17 12:55 - 2015-10-17 12:55 - 00000261 _____ C:\Users\Admin\Desktop\kr_pruvodce2008.pdf.URL
2015-10-17 12:42 - 2015-10-17 12:42 - 00000000 ____D C:\Users\Admin\.oracle_jre_usage
2015-10-16 17:32 - 2015-10-17 08:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-16 17:24 - 2015-10-16 17:25 - 01700352 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-10-16 17:21 - 2015-10-19 19:04 - 01700864 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-10-12 11:35 - 2015-10-01 11:18 - 05284082 _____ C:\Windows\system32\nvcoproc.bin
2015-10-12 11:32 - 2015-10-03 06:58 - 37882672 _____ C:\Windows\system32\nvcompiler.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 18359928 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 15002304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 13518496 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 12769216 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 12032392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 09368696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-10-12 11:32 - 2015-10-03 06:58 - 03154104 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 02489976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 01053304 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3235850.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 00921448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 00916784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3235850.dll
2015-10-12 11:32 - 2015-10-03 06:58 - 00171352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2015-10-12 11:32 - 2015-10-03 06:58 - 00037208 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2015-10-12 11:10 - 2015-10-12 11:10 - 00000000 ____D C:\NVIDIA
2015-09-29 16:55 - 2015-09-29 16:55 - 00165560 _____ C:\Windows\Minidump\Mini092915-01.dmp
2015-09-29 16:55 - 2015-09-29 16:55 - 00000000 ____D C:\Windows\Minidump
2015-09-29 16:54 - 2015-09-29 17:52 - 187237967 _____ C:\Windows\MEMORY.DMP
2015-09-28 17:05 - 2015-09-28 17:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Minecraft
2015-09-24 19:13 - 2015-09-24 19:13 - 00000382 _____ C:\Users\Admin\Desktop\Kat Jaro Slávik poprvé v historii zmáčkl zlatý bzučák. Až uvidíte tohle vystoupení, pochopíte proč! - You.bo.URL
2015-09-21 19:33 - 2015-09-21 19:33 - 00000236 _____ C:\Users\Admin\Desktop\Test z matematiky.URL
2015-09-20 14:21 - 2015-09-20 15:48 - 734404607 _____ C:\Users\Admin\Downloads\Scary-movie-4-CZ.avi
2015-09-20 12:40 - 2015-09-20 13:59 - 734316543 _____ C:\Users\Admin\Downloads\Scary-Movie-3-cz.avi
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-19 19:04 - 2014-10-10 19:45 - 00000000 ____D C:\FRST
2015-10-19 19:04 - 2014-06-21 20:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2015-10-19 18:29 - 2008-01-21 03:35 - 01874940 _____ C:\Windows\WindowsUpdate.log
2015-10-19 12:11 - 2014-05-15 11:51 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-19 11:50 - 2006-11-02 14:47 - 00004192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-19 11:50 - 2006-11-02 14:47 - 00004192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-19 07:58 - 2008-01-21 08:47 - 01530430 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-19 07:50 - 2014-06-21 19:57 - 00000000 _____ C:\Windows\system32\sinstall.log
2015-10-19 07:50 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-18 22:51 - 2014-06-20 20:14 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-10-18 22:51 - 2006-11-02 15:01 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-18 22:45 - 2014-10-10 21:39 - 00000000 ____D C:\AdwCleaner
2015-10-18 18:57 - 2014-06-22 19:09 - 00000418 ____H C:\Windows\Tasks\User_Feed_Synchronization-{51E04949-6895-40C7-BF86-63B994B17111}.job
2015-10-18 18:14 - 2014-06-07 13:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2015-10-17 21:12 - 2014-05-15 11:51 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-17 21:12 - 2014-05-15 11:51 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-17 12:42 - 2014-05-15 12:38 - 00000000 ____D C:\Users\Admin
2015-10-17 09:24 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-17 08:36 - 2014-06-21 20:00 - 00000000 ____D C:\ProgramData\Skype
2015-10-17 08:33 - 2014-05-15 11:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-17 08:33 - 2008-01-21 04:47 - 00191998 _____ C:\Windows\PFRO.log
2015-10-16 22:56 - 2014-05-15 13:54 - 00000000 ____D C:\Windows\system32\MRT
2015-10-16 22:53 - 2006-11-02 12:24 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-10-16 17:37 - 2014-08-15 20:35 - 00000000 ___RD C:\Filmy
2015-10-16 16:53 - 2006-11-02 14:52 - 00100016 _____ C:\Windows\setupact.log
2015-10-12 11:42 - 2014-05-15 12:08 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-12 11:36 - 2014-05-15 12:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-12 11:11 - 2014-05-15 12:38 - 00001356 _____ C:\Users\Admin\AppData\Local\d3d9caps.dat
2015-10-03 06:58 - 2014-05-15 12:08 - 00105080 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-10-03 06:58 - 2013-02-26 00:22 - 00028754 _____ C:\Windows\system32\nvinfo.pb
2015-10-03 04:22 - 2014-05-15 12:08 - 03937072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 02580088 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 00671536 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-10-03 04:22 - 2014-05-15 12:08 - 00374904 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-10-03 04:22 - 2014-05-15 12:08 - 00061744 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-29 16:48 - 2014-05-15 12:29 - 148229005 _____ C:\Windows\DUMP4327.tmp
2015-09-29 16:43 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-27 20:05 - 2014-05-29 19:42 - 00000000 ____D C:\Foto
2015-09-27 19:57 - 2014-08-03 20:42 - 00000000 ____D C:\Users\Admin\Desktop\ANI
2015-09-21 19:05 - 2014-12-15 00:11 - 00000000 ____D C:\Hudba
==================== Files in the root of some directories =======
2014-05-15 12:38 - 2015-10-12 11:11 - 0001356 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2014-06-22 19:08 - 2014-06-22 19:08 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-19 19:04 - 2015-10-19 19:04 - 0029696 _____ () C:\Users\Admin\AppData\Local\MSGBOX.EXE
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\nvStInst.exe
C:\Users\Admin\AppData\Local\Temp\ochelper.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-19 08:06
==================== End of FRST.txt ============================
- Přílohy
-
- Addition_Po_19_10.rar
- (6.57 KiB) Staženo 49 x
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivní kontrola logu - HDD stále pracuje
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1003\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1002\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Windows\DUMP4327.tmp
C:\Users\Admin\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
koblizek82
- Návštěvník
- Příspěvky: 24
- Registrován: 13 srp 2013 21:20
Re: Preventivní kontrola logu - HDD stále pracuje
Fix result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
Ran by Admin (2015-10-19 22:25:07) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & UpdatusUser (Available Profiles: Admin & UpdatusUser & Eliška & Anička)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1003\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1002\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Windows\DUMP4327.tmp
C:\Users\Admin\AppData\Local\Temp
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1003\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1002\User => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
C:\Windows\DUMP4327.tmp => moved successfully
"C:\Users\Admin\AppData\Local\Temp" folder move:
Could not move "C:\Users\Admin\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-19 22:27:27)
C:\Users\Admin\AppData\Local\Temp => moved successfully
==== End of Fixlog 22:27:27 ====
Ran by Admin (2015-10-19 22:25:07) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & UpdatusUser (Available Profiles: Admin & UpdatusUser & Eliška & Anička)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1003\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1002\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Windows\DUMP4327.tmp
C:\Users\Admin\AppData\Local\Temp
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1003\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1002\User => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
C:\Windows\DUMP4327.tmp => moved successfully
"C:\Users\Admin\AppData\Local\Temp" folder move:
Could not move "C:\Users\Admin\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-19 22:27:27)
C:\Users\Admin\AppData\Local\Temp => moved successfully
==== End of Fixlog 22:27:27 ====
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivní kontrola logu - HDD stále pracuje
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
koblizek82
- Návštěvník
- Příspěvky: 24
- Registrován: 13 srp 2013 21:20
Re: Preventivní kontrola logu - HDD stále pracuje
zdá se že to to klidnější, díky za kontrolu a pomoc
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivní kontrola logu - HDD stále pracuje
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?