Pekny den preji. Dostalo se mi do rukou PC (pres teamviever) znameho, ktery je starsiho data narozeni a i po spusteni malwarebytes.org (533 nalezu) a AdwCleaneru se mi nedari zbavit postranni reklamy "Related Search by Catered to You" ve firefoxu.
Prosim o pomoc, log prikladam.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Sumatra at 2015-11-19 15:32:23
Microsoft Windows 8.1
System drive C: has 769 GB (82%) free of 938 GB
Total RAM: 8131 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:28, on 19. 11. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Sumatra\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Sumatra.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Sumatra\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Sumatra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\windows\SysWOW64\ssins.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12050 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"C:\windows\system32\nvvsvc.exe"
"dwm.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\windows\system32\nvvsvc.exe -session -first
"C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe"
"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\windows\system32\svchost.exe -k apphost
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\windows\System32\svchost.exe -k utcsvc
dashost.exe {c7934ba9-b7e1-4f9f-97f95addce82c5ed}
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
"C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe"
C:\windows\SysWOW64\ssins.exe
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
C:\windows\system32\svchost.exe -k WbioSvcGroup
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
taskhostex.exe
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe" -servicelaunch=true
"C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe"
"C:\windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files\IDT\WDM\Beats64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe" /hideui
"C:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exe"
"C:\Program Files\Hewlett-Packard\SimplePass\opbhobrokerdsktop.exe"
"c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe" --IPCport 5939
"C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe"
szndesktop.exe default start
"C:\Users\Sumatra\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\windows\system32\conhost.exe 0x4
"C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 548 560 568 65536 564
"C:\Users\Sumatra\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\HPCeeScheduleForSumatra.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForSumatra (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default
prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/|about:preferences"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.245 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.245 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll
C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\searchplugins\
seznam-avast.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24 662672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12 2134656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24 565304]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12 1725056]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06 415032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25 194504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"=C:\Program Files\IDT\WDM\beats64.exe [2014-03-28 41664]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-05-18 1794904]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2014-03-28 1703424]
"SimplePass"=C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2014-03-28 3962936]
"OPBHOBroker"=C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2014-03-28 415288]
"OPBHOBrokerDesktop"=C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2014-03-28 415288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"cz.seznam.software.autoupdate"=C:\Users\Sumatra\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Sumatra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [2010-12-22 3683456]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-10-14 48138880]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-06-26 5515496]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Device Detector"=DevDetect.exe -autorun []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-11-19 15:32:23 ----D---- C:\rsit
2015-11-19 15:32:23 ----D---- C:\Program Files\trend micro
2015-11-19 15:01:16 ----D---- C:\AdwCleaner
2015-11-19 14:14:25 ----A---- C:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-19 14:14:09 ----D---- C:\ProgramData\Malwarebytes
2015-11-19 14:14:09 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-19 14:14:09 ----A---- C:\windows\system32\drivers\mwac.sys
2015-11-19 14:14:09 ----A---- C:\windows\system32\drivers\mbamchameleon.sys
2015-11-19 14:14:09 ----A---- C:\windows\system32\drivers\mbam.sys
2015-11-19 13:45:33 ----A---- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-19 13:43:37 ----D---- C:\Users\Sumatra\AppData\Roaming\MAGIX
2015-11-19 13:43:37 ----D---- C:\ProgramData\MAGIX
2015-11-17 18:21:54 ----A---- C:\windows\SYSWOW64\DLLDEV32i.dll
2015-11-16 17:44:13 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-11-11 15:50:32 ----A---- C:\windows\system32\drivers\tdx.sys
2015-11-11 15:50:32 ----A---- C:\windows\system32\drivers\afd.sys
2015-11-11 15:50:30 ----A---- C:\windows\SYSWOW64\kerberos.dll
2015-11-11 15:50:30 ----A---- C:\windows\system32\kerberos.dll
2015-11-11 15:50:25 ----A---- C:\windows\SYSWOW64\schannel.dll
2015-11-11 15:50:25 ----A---- C:\windows\SYSWOW64\ncryptsslp.dll
2015-11-11 15:50:25 ----A---- C:\windows\system32\schannel.dll
2015-11-11 15:50:25 ----A---- C:\windows\system32\ncryptsslp.dll
2015-11-11 15:50:25 ----A---- C:\windows\system32\ncrypt.dll
2015-11-11 15:50:25 ----A---- C:\windows\system32\lsasrv.dll
2015-11-11 15:50:25 ----A---- C:\windows\system32\bcryptprimitives.dll
2015-11-11 15:50:24 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2015-11-11 15:50:24 ----A---- C:\windows\SYSWOW64\certcli.dll
2015-11-11 15:50:24 ----A---- C:\windows\SYSWOW64\bcryptprimitives.dll
2015-11-11 15:50:24 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2015-11-11 15:50:24 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2015-11-11 15:50:24 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2015-11-11 15:50:24 ----A---- C:\windows\system32\drivers\cng.sys
2015-11-11 15:50:24 ----A---- C:\windows\system32\certcli.dll
2015-11-11 15:49:54 ----A---- C:\windows\system32\AuthHost.exe
2015-11-11 15:49:52 ----A---- C:\windows\system32\ntoskrnl.exe
2015-11-11 15:49:51 ----A---- C:\windows\system32\winresume.exe
2015-11-11 15:49:51 ----A---- C:\windows\system32\winload.exe
2015-11-11 15:49:42 ----A---- C:\windows\SYSWOW64\untfs.dll
2015-11-11 15:49:41 ----A---- C:\windows\system32\untfs.dll
2015-11-11 15:49:40 ----A---- C:\windows\system32\drivers\tunnel.sys
2015-11-11 15:49:39 ----A---- C:\windows\system32\localspl.dll
2015-11-11 15:49:38 ----A---- C:\windows\SYSWOW64\puiobj.dll
2015-11-11 15:49:38 ----A---- C:\windows\system32\puiobj.dll
2015-11-11 15:49:35 ----A---- C:\windows\system32\drivers\tpm.sys
2015-11-11 15:49:34 ----A---- C:\windows\SYSWOW64\gdi32.dll
2015-11-11 15:49:34 ----A---- C:\windows\system32\gdi32.dll
2015-11-11 15:49:24 ----A---- C:\windows\SYSWOW64\wuwebv.dll
2015-11-11 15:49:24 ----A---- C:\windows\SYSWOW64\wuapi.dll
2015-11-11 15:49:24 ----A---- C:\windows\system32\wuwebv.dll
2015-11-11 15:49:24 ----A---- C:\windows\system32\WUSettingsProvider.dll
2015-11-11 15:49:24 ----A---- C:\windows\system32\wudriver.dll
2015-11-11 15:49:24 ----A---- C:\windows\system32\wucltux.dll
2015-11-11 15:49:24 ----A---- C:\windows\system32\wuaueng.dll
2015-11-11 15:49:24 ----A---- C:\windows\system32\wuauclt.exe
2015-11-11 15:49:24 ----A---- C:\windows\system32\wuapi.dll
2015-11-11 15:49:23 ----A---- C:\windows\SYSWOW64\wudriver.dll
2015-11-11 15:49:23 ----A---- C:\windows\SYSWOW64\wuapp.exe
2015-11-11 15:49:23 ----A---- C:\windows\system32\wuapp.exe
2015-11-11 15:48:30 ----A---- C:\windows\system32\mshtml.dll
2015-11-11 15:48:29 ----A---- C:\windows\SYSWOW64\mshtml.dll
2015-11-11 15:48:28 ----A---- C:\windows\system32\ieframe.dll
2015-11-11 15:48:26 ----A---- C:\windows\SYSWOW64\ieframe.dll
2015-11-11 15:48:25 ----A---- C:\windows\SYSWOW64\wininet.dll
2015-11-11 15:48:25 ----A---- C:\windows\SYSWOW64\urlmon.dll
2015-11-11 15:48:25 ----A---- C:\windows\SYSWOW64\jscript9.dll
2015-11-11 15:48:25 ----A---- C:\windows\SYSWOW64\jscript.dll
2015-11-11 15:48:25 ----A---- C:\windows\SYSWOW64\iertutil.dll
2015-11-11 15:48:25 ----A---- C:\windows\system32\wininet.dll
2015-11-11 15:48:25 ----A---- C:\windows\system32\urlmon.dll
2015-11-11 15:48:25 ----A---- C:\windows\system32\jscript9.dll
2015-11-11 15:48:25 ----A---- C:\windows\system32\jscript.dll
2015-11-11 15:48:25 ----A---- C:\windows\system32\iertutil.dll
2015-11-11 15:48:25 ----A---- C:\windows\system32\ie4uinit.exe
2015-11-11 15:48:24 ----A---- C:\windows\SYSWOW64\vbscript.dll
2015-11-11 15:48:24 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2015-11-11 15:48:24 ----A---- C:\windows\SYSWOW64\inetcomm.dll
2015-11-11 15:48:24 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2015-11-11 15:48:24 ----A---- C:\windows\system32\vbscript.dll
2015-11-11 15:48:24 ----A---- C:\windows\system32\msfeeds.dll
2015-11-11 15:48:24 ----A---- C:\windows\system32\inetcomm.dll
2015-11-11 15:48:24 ----A---- C:\windows\system32\ieapfltr.dll
2015-11-11 15:48:07 ----A---- C:\windows\system32\win32k.sys
2015-11-11 15:47:56 ----A---- C:\windows\SYSWOW64\nshwfp.dll
2015-11-11 15:47:56 ----A---- C:\windows\SYSWOW64\FWPUCLNT.DLL
2015-11-11 15:47:56 ----A---- C:\windows\system32\nshwfp.dll
2015-11-11 15:47:56 ----A---- C:\windows\system32\IKEEXT.DLL
2015-11-11 15:47:56 ----A---- C:\windows\system32\FWPUCLNT.DLL
2015-11-11 15:47:56 ----A---- C:\windows\system32\drivers\wfplwfs.sys
2015-11-11 15:47:56 ----A---- C:\windows\system32\BFE.DLL
2015-11-04 11:04:38 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2015-11-19 15:32:23 ----RD---- C:\Program Files
2015-11-19 15:25:03 ----D---- C:\windows\Prefetch
2015-11-19 15:23:06 ----D---- C:\windows\Temp
2015-11-19 15:15:13 ----D---- C:\Users\Sumatra\AppData\Roaming\Seznam.cz
2015-11-19 15:05:49 ----D---- C:\windows\system32\drivers
2015-11-19 15:04:56 ----D---- C:\windows\Tasks
2015-11-19 15:04:56 ----D---- C:\windows\system32\Tasks
2015-11-19 15:04:55 ----D---- C:\Windows
2015-11-19 15:04:54 ----HD---- C:\ProgramData
2015-11-19 15:04:53 ----RD---- C:\Program Files (x86)
2015-11-19 15:00:00 ----D---- C:\windows\system32\sru
2015-11-19 14:28:04 ----D---- C:\windows\CbsTemp
2015-11-19 14:27:37 ----D---- C:\ProgramData\ICQ
2015-11-19 14:03:19 ----RSD---- C:\windows\Fonts
2015-11-19 14:01:14 ----D---- C:\windows\Microsoft.NET
2015-11-19 13:45:28 ----SHD---- C:\System Volume Information
2015-11-19 13:00:07 ----D---- C:\windows\Inf
2015-11-18 16:10:32 ----RD---- C:\windows\System32
2015-11-18 15:28:23 ----D---- C:\windows\system32\config
2015-11-18 15:25:27 ----D---- C:\Users\Sumatra\AppData\Roaming\Skype
2015-11-17 18:22:17 ----D---- C:\KMPlayer
2015-11-17 18:21:54 ----D---- C:\windows\SysWOW64
2015-11-17 18:21:51 ----D---- C:\ProgramData\Package Cache
2015-11-17 18:18:31 ----D---- C:\Program Files (x86)\Common Files
2015-11-17 13:28:29 ----D---- C:\windows\system32\DriverStore
2015-11-17 13:28:22 ----D---- C:\windows\WinSxS
2015-11-17 13:27:53 ----RSD---- C:\windows\assembly
2015-11-16 17:42:57 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-15 23:07:39 ----RD---- C:\windows\ToastData
2015-11-15 23:07:37 ----D---- C:\windows\apppatch
2015-11-15 23:06:44 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-11-15 22:07:25 ----D---- C:\windows\system32\MRT
2015-11-15 22:04:16 ----A---- C:\windows\system32\MRT.exe
2015-11-12 15:25:58 ----HD---- C:\Program Files\WindowsApps
2015-11-12 15:25:58 ----D---- C:\windows\AppReadiness
2015-11-11 15:45:46 ----D---- C:\windows\system32\catroot2
2015-11-01 21:50:40 ----D---- C:\ProgramData\Hewlett-Packard
2015-10-31 22:09:52 ----SHD---- C:\windows\Installer
2015-10-31 15:30:40 ----D---- C:\ProgramData\Skype
2015-10-23 20:21:38 ----RD---- C:\Program Files (x86)\Skype
2015-10-22 21:41:37 ----D---- C:\windows\system32\catroot
2015-10-22 21:41:31 ----SD---- C:\windows\system32\CompatTel
2015-10-22 21:41:31 ----D---- C:\windows\system32\appraiser
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2015-06-24 65736]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2015-06-24 272248]
R0 iaStorA;iaStorA; C:\windows\System32\drivers\iaStorA.sys [2014-04-01 644968]
R0 RapportHades64;RapportHades64; C:\windows\System32\Drivers\RapportHades64.sys [2015-08-04 139896]
R0 RapportKE64;RapportKE64; C:\windows\System32\Drivers\RapportKE64.sys [2015-08-04 394584]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2015-06-24 93528]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2015-06-24 1047320]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2015-06-26 442264]
R1 CLVirtualDrive;CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [2013-11-12 91912]
R1 RapportCerberus_1507065;RapportCerberus_1507065; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys [2015-09-09 958744]
R1 RapportEI64;RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-08-04 500184]
R1 RapportPG64;RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-08-04 489240]
R1 SpyEmrg;Spy Emergency Driver; C:\windows\System32\Drivers\spyemrg.sys [2009-09-17 15416]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2015-06-24 29168]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2015-06-24 89944]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2015-06-24 137288]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2015-10-05 25816]
R3 MEIx64;@oem15.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\windows\System32\drivers\TeeDriverx64.sys [2014-03-31 99288]
R3 NVHDA;@oem17.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvlddmkm;nvlddmkm; C:\windows\system32\DRIVERS\nvlddmkm.sys [2014-05-18 12352288]
R3 RSUSBSTOR;@oem54.inf,%RSUSBSTOR.SvcDesc%;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2015-02-10 272088]
R3 RTL8168;@oem50.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2014-05-24 870104]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\windows\System32\Drivers\spyemrg_guard.sys [2009-09-17 16952]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\windows\system32\DRIVERS\stwrt64.sys [2014-03-28 551936]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
S3 AmUStor;@oem51.inf,%AmUStor.SvcDesc%;AM USB Stroage Driver; C:\windows\system32\drivers\AmUStor.SYS []
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [2015-10-05 64216]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\windows\System32\Drivers\spyemrg_access.sys [2009-09-17 22584]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2013-08-22 44544]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\windows\system32\svchost.exe [2014-10-29 38792]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-06-24 343336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2014-10-29 38792]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-09-28 25800]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-05-11 733696]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-03-31 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-03-31 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-03-31 390616]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2014-10-29 38792]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2014-05-18 924960]
R2 omniserv; HP SimplePass Service; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [2014-03-28 88064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2014-10-29 38792]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-08-04 2255128]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-04-14 389896]
R2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2010-09-30 3628672]
R2 ssinstall;SInstalátor; C:\windows\SysWOW64\ssins.exe [2015-01-25 2324216]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2014-03-28 340480]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2015-06-24 5097232]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2015-04-28 1102472]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10 269000]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\windows\System32\svchost.exe [2014-10-29 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2015-05-20 194032]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-05-11 822232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-11-04 147624]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\windows\system32\svchost.exe [2014-10-29 38792]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Side reklama ve FF nedari se odstranit
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Side reklama ve FF nedari se odstranit
Krasny den Vam preju 
Odinstalujte V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Odinstalujte - Skype Click to Call - adware z instalace Skypu http://forum.viry.cz/viewtopic.php?p=1374439#p1374439
- Seznam Software - pokud nepouzivate, protoze velice casto byva instalovan jako adware
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Side reklama ve FF nedari se odstranit
Odinstalovany obe aplikace.
Pote spusten FRST. Zvlastni, ze mi to psalo, ze to neni pro mou verzi systemu, pritom je to 64 bit na win 8 a spustim to jeko spravce.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by Sumatra (administrator) on ZAPRTEK (19-11-2015 16:21:48)
Running from C:\Users\Sumatra\Downloads
Loaded Profiles: Sumatra (Available Profiles: Sumatra)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
(PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ACD Systems, Ltd.) C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Farbar) C:\Users\Sumatra\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-03-28] (Hewlett-Packard )
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794904 2014-05-18] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-26] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\Run: [SpyEmergency] => C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [3683456 2010-12-22] (NETGATE Technologies s.r.o.)
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\RunOnce: [SeznamInstall-uninstall:55eaa7102b9163674249007fd4d9d91d] => C:\Users\Sumatra\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2015-11-19] () <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{34800827-E286-4B6D-A1B2-1992268112A3}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.seznam.cz/?clid=22668
URLSearchHook: [S-1-5-21-3991480556-1381850406-516042308-1001] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {30DE98EA-9936-49D0-8F33-734A7C3A2959} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {30DE98EA-9936-49D0-8F33-734A7C3A2959} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> DefaultScope {416B884D-D176-4B3F-8F74-1B37A5AD0496} URL =
SearchScopes: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default
FF DefaultSearchEngine: Seznam
FF DefaultSearchUrl: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Homepage: hxxps://www.seznam.cz/
about:preferences
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\searchplugins\seznam-avast.xml [2015-03-20]
FF Extension: musixlib - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\jid1-lpoiffmusixlib@jetpack.xpi [2015-09-30]
FF Extension: Catered to You - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\{8e8022ff-0a36-4efc-916e-e21e5c7aea6e}.xpi [2015-11-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-24] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Dokumenty Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-26]
CHR Extension: (Disk Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-26]
CHR Extension: (Rapport) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-26]
CHR Extension: (YouTube) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-26]
CHR Extension: (Avast SafePrice) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-26]
CHR Extension: (Tabulky Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Avast Online Security) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-24]
CHR Extension: (Peněženka Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKU\S-1-5-21-3991480556-1381850406-516042308-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-03-31] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-08-04] (IBM Corp.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3628672 2010-09-30] (NETGATE Technologies s.r.o.)
R2 ssinstall; C:\windows\SysWOW64\ssins.exe [2324216 2015-01-25] (PS Media s.r.o.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 w3logsvc; C:\windows\SysWOW64\inetsrv\w3logsvc.dll [66560 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2014-03-31] (Intel Corporation)
R1 RapportCerberus_1507065; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys [958744 2015-09-09] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-08-04] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-08-04] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-08-04] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-08-04] (IBM Corp.)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [15416 2009-09-17] (NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [22584 2009-09-17] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [16952 2009-09-17] (NETGATE Technologies s.r.o.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-19 16:21 - 2015-11-19 16:21 - 00021806 _____ C:\Users\Sumatra\Downloads\FRST.txt
2015-11-19 16:20 - 2015-11-19 16:20 - 02008576 _____ (Farbar) C:\Users\Sumatra\Downloads\FRST64(1).exe
2015-11-19 16:00 - 2015-11-19 16:21 - 00000000 ____D C:\FRST
2015-11-19 15:57 - 2015-11-19 15:57 - 02008576 _____ (Farbar) C:\Users\Sumatra\Downloads\FRST64.exe
2015-11-19 15:32 - 2015-11-19 15:32 - 01222144 _____ C:\Users\Sumatra\Downloads\RSITx64.exe
2015-11-19 15:32 - 2015-11-19 15:32 - 00000000 ____D C:\rsit
2015-11-19 15:32 - 2015-11-19 15:32 - 00000000 ____D C:\Program Files\trend micro
2015-11-19 15:01 - 2015-11-19 15:04 - 00000000 ____D C:\AdwCleaner
2015-11-19 15:00 - 2015-11-19 15:00 - 01732096 _____ C:\Users\Sumatra\Downloads\adwcleaner_5.021(1).exe
2015-11-19 14:59 - 2015-11-19 14:59 - 01732096 _____ C:\Users\Sumatra\Downloads\adwcleaner_5.021.exe
2015-11-19 14:28 - 2015-11-19 14:28 - 00001166 _____ C:\Users\Sumatra\Documents\Odstraneno_hrozeb_malwarebytes.txt
2015-11-19 14:14 - 2015-11-19 14:14 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-19 14:14 - 2015-11-19 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-19 14:14 - 2015-11-19 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-19 14:14 - 2015-11-19 14:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-19 14:14 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-11-19 14:14 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-11-19 14:14 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-11-19 14:13 - 2015-11-19 14:13 - 22908888 _____ (Malwarebytes ) C:\Users\Sumatra\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-19 14:03 - 2015-11-19 14:28 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2015-11-19 14:03 - 2015-11-19 14:28 - 00001107 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2015-11-19 13:45 - 2015-11-19 13:45 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-19 13:44 - 2015-11-19 13:44 - 00000000 ____D C:\Users\Sumatra\AppData\Local\Sparta
2015-11-19 13:43 - 2015-11-19 13:43 - 00000000 ____D C:\Users\Sumatra\AppData\Roaming\MAGIX
2015-11-19 13:43 - 2015-11-19 13:43 - 00000000 ____D C:\ProgramData\MAGIX
2015-11-18 16:05 - 2015-11-18 16:05 - 00772016 _____ (Reimage®) C:\Users\Sumatra\Downloads\ReimageRepair.exe
2015-11-17 18:21 - 2015-05-06 16:54 - 00120200 _____ () C:\windows\SysWOW64\DLLDEV32i.dll
2015-11-17 13:35 - 2015-11-17 17:57 - 948742874 _____ C:\Users\Sumatra\Downloads\Podezreni-(1990)-krimi,H.Ford,B.Dennehy,R.Julia,CZ-dab,DTVMir,120'.avi
2015-11-16 17:44 - 2015-11-03 01:23 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-16 17:44 - 2015-11-03 01:23 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-15 22:56 - 2015-11-17 13:25 - 1218999814 _____ C:\Users\Sumatra\Downloads\Maléna-cz-(2000).avi
2015-11-15 22:05 - 2015-11-15 22:49 - 800585728 _____ C:\Users\Sumatra\Downloads\Dveře-v-podlaze=2004-Drama-Kim-Besinger-DVDrip-CZ.avi
2015-11-11 15:50 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 15:50 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 15:50 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 15:50 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 15:50 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 15:50 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 15:50 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 15:50 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 15:50 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 15:50 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 15:50 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 15:50 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 15:50 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 15:50 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 15:50 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 15:50 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 15:50 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 15:50 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 15:50 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 15:50 - 2015-09-12 14:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 15:49 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 15:49 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 15:49 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 15:49 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 15:49 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 15:49 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 15:49 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 15:49 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 15:49 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 15:49 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 15:49 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 15:49 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 15:49 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 15:49 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 15:49 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 15:49 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 15:49 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 15:49 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 15:49 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 15:49 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 15:49 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 15:49 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 15:49 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 15:49 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 15:49 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 15:49 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-11-11 15:49 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-11-11 15:48 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 15:48 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 15:48 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 15:48 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 15:48 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 15:48 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 15:48 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 15:48 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 15:48 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 15:48 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 15:48 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 15:48 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 15:48 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 15:48 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 15:48 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 15:48 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 15:48 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 15:48 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 15:48 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 15:48 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 15:48 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 15:48 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 15:48 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 15:48 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 15:47 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 15:47 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 15:47 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 15:47 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 15:47 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 15:47 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-11-11 15:47 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-11-04 11:04 - 2015-11-16 17:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-19 16:20 - 2015-01-24 03:33 - 01555094 _____ C:\windows\WindowsUpdate.log
2015-11-19 16:18 - 2015-01-25 20:28 - 00000000 ____D C:\Users\Sumatra\AppData\Roaming\Seznam.cz
2015-11-19 16:17 - 2015-04-21 15:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-19 16:17 - 2015-01-25 20:28 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-11-19 16:10 - 2015-01-24 03:39 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3991480556-1381850406-516042308-1001
2015-11-19 16:00 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sru
2015-11-19 15:43 - 2015-01-25 20:44 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-19 15:38 - 2015-05-20 19:46 - 00000976 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-19 15:09 - 2015-05-20 19:46 - 00000972 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 15:06 - 2015-01-25 20:28 - 00000000 _____ C:\windows\SysWOW64\sinstall.log
2015-11-19 15:06 - 2013-08-22 15:46 - 00031108 _____ C:\windows\setupact.log
2015-11-19 15:06 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-19 15:06 - 2013-08-22 15:44 - 00524624 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-19 15:05 - 2014-03-18 09:19 - 00256116 _____ C:\windows\PFRO.log
2015-11-19 15:05 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-19 15:05 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-11-19 14:28 - 2015-08-14 15:21 - 00002240 _____ C:\Users\Sumatra\Desktop\HP Support Assistant.lnk
2015-11-19 14:28 - 2015-05-30 17:20 - 00000972 _____ C:\Users\Public\Desktop\Spy Emergency.lnk
2015-11-19 14:28 - 2015-05-10 16:30 - 00001344 _____ C:\Users\Sumatra\Desktop\PDFMate PDF Converter Professional.lnk
2015-11-19 14:28 - 2015-05-10 16:21 - 00001258 _____ C:\Users\Sumatra\Desktop\PDFMate PDF Converter.lnk
2015-11-19 14:28 - 2015-04-21 15:39 - 00002741 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-19 14:28 - 2015-04-12 16:45 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-19 14:28 - 2015-04-12 16:45 - 00001160 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-19 14:28 - 2015-03-20 10:27 - 00002180 _____ C:\Users\Sumatra\Desktop\Deep Fritz 12 DL.lnk
2015-11-19 14:28 - 2015-03-18 10:28 - 00001320 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2015-11-19 14:28 - 2015-02-11 11:01 - 00000998 _____ C:\Users\Public\Desktop\Arena.lnk
2015-11-19 14:28 - 2015-02-04 14:33 - 00002863 _____ C:\Users\Public\Desktop\ACDSee 7.0.lnk
2015-11-19 14:28 - 2015-01-25 20:34 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-19 14:28 - 2015-01-25 20:34 - 00002040 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-11-19 14:28 - 2015-01-25 20:34 - 00001011 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-11-19 14:28 - 2015-01-24 16:40 - 00002105 _____ C:\Users\Public\Desktop\Video Search.lnk
2015-11-19 14:28 - 2015-01-24 16:40 - 00001203 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2015-11-19 14:28 - 2015-01-24 15:38 - 00001837 _____ C:\Users\Public\Desktop\ICQ6.5.lnk
2015-11-19 14:28 - 2015-01-24 15:24 - 00002025 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-19 14:28 - 2015-01-24 15:08 - 00002737 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2015-11-19 14:28 - 2015-01-24 15:04 - 00000647 _____ C:\Users\Sumatra\Desktop\Total Commander.lnk
2015-11-19 14:28 - 2015-01-24 15:02 - 00001697 _____ C:\Users\Sumatra\Desktop\WINWORD.lnk
2015-11-19 14:28 - 2015-01-24 15:01 - 00001677 _____ C:\Users\Sumatra\Desktop\EXCEL.lnk
2015-11-19 14:28 - 2015-01-24 03:36 - 00000436 _____ C:\Users\Sumatra\Desktop\Tento počítač.lnk
2015-11-19 14:28 - 2015-01-24 03:34 - 00001429 _____ C:\Users\Sumatra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-19 14:28 - 2015-01-24 03:34 - 00001318 _____ C:\Users\Public\Desktop\TripAdvisor.lnk
2015-11-19 14:28 - 2015-01-24 03:34 - 00000469 _____ C:\Users\Sumatra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-11-19 14:28 - 2015-01-24 03:34 - 00000467 _____ C:\Users\Sumatra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-11-19 14:28 - 2014-12-27 01:52 - 00002044 _____ C:\Users\Public\Desktop\Connected Photo.lnk
2015-11-19 14:28 - 2014-12-27 01:52 - 00001977 _____ C:\Users\Public\Desktop\Connected Music.lnk
2015-11-19 14:28 - 2014-12-27 01:39 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-11-19 14:27 - 2015-01-24 15:16 - 00000000 ____D C:\ProgramData\ICQ
2015-11-18 15:37 - 2015-01-25 15:32 - 00003174 _____ C:\windows\System32\Tasks\HPCeeScheduleForSumatra
2015-11-18 15:37 - 2015-01-25 15:32 - 00000356 _____ C:\windows\Tasks\HPCeeScheduleForSumatra.job
2015-11-18 15:37 - 2015-01-24 14:29 - 00000000 ____D C:\Users\Sumatra\AppData\Local\Hewlett-Packard
2015-11-18 15:25 - 2015-04-21 10:53 - 00000000 ____D C:\Users\Sumatra\AppData\Roaming\Skype
2015-11-17 18:21 - 2014-04-02 15:46 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-16 17:42 - 2015-04-12 16:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-15 23:07 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
2015-11-15 23:06 - 2014-12-27 10:15 - 00723190 _____ C:\windows\system32\perfh005.dat
2015-11-15 23:06 - 2014-12-27 10:15 - 00166518 _____ C:\windows\system32\perfc005.dat
2015-11-15 23:06 - 2014-03-18 16:32 - 01745372 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-15 22:27 - 2015-01-25 15:02 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-11-15 22:07 - 2015-01-26 12:33 - 00000000 ____D C:\windows\system32\MRT
2015-11-15 22:04 - 2015-01-26 12:33 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-12 15:48 - 2015-01-26 15:45 - 00000000 ____D C:\Users\Sumatra\Documents\dokumenty-archiv
2015-11-12 15:25 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-10 20:43 - 2015-01-25 20:44 - 00003802 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-01 21:50 - 2014-12-27 01:38 - 00000000 ____D C:\windows\System32\Tasks\Hewlett-Packard
2015-11-01 21:50 - 2014-12-27 01:38 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-10-31 22:09 - 2015-07-30 08:17 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 15:30 - 2015-04-21 10:53 - 00000000 ____D C:\ProgramData\Skype
2015-10-22 21:41 - 2015-04-16 18:44 - 00000000 ___SD C:\windows\system32\CompatTel
2015-10-22 21:41 - 2015-04-16 18:44 - 00000000 ____D C:\windows\system32\appraiser
==================== Files in the root of some directories =======
2015-03-10 15:47 - 2002-05-16 18:05 - 0054784 _____ () C:\Program Files (x86)\Accuclck.exe
2015-03-10 15:47 - 2014-01-01 22:25 - 3751936 _____ () C:\Program Files (x86)\Arena.exe
2015-03-10 15:47 - 2014-01-01 21:10 - 0002269 _____ () C:\Program Files (x86)\bundle.ini
2015-03-10 15:47 - 2012-12-27 00:43 - 0002641 _____ () C:\Program Files (x86)\countries.cfg
2015-03-10 15:47 - 2007-11-09 17:20 - 1219586 _____ () C:\Program Files (x86)\ecocodes7.txt
2015-03-10 15:47 - 2011-01-12 20:24 - 1083796 _____ () C:\Program Files (x86)\ecocodes9.txt
2015-03-10 15:47 - 2013-12-30 20:36 - 0173788 _____ () C:\Program Files (x86)\engines.ini
2015-03-10 15:47 - 1998-06-17 08:22 - 0187392 _____ () C:\Program Files (x86)\LPng.dll
2015-03-10 15:47 - 2003-05-14 16:23 - 0000046 _____ () C:\Program Files (x86)\my.txt
2015-03-10 15:47 - 1998-06-10 01:22 - 0048640 _____ () C:\Program Files (x86)\Timeseal.exe
2015-03-10 15:47 - 2001-12-09 12:27 - 0052736 _____ () C:\Program Files (x86)\Timestamp.exe
2015-03-10 15:47 - 2015-03-10 15:47 - 0028565 _____ () C:\Program Files (x86)\unins000.dat
2015-03-10 15:47 - 2015-03-10 15:40 - 0718497 _____ () C:\Program Files (x86)\unins000.exe
2015-11-19 13:45 - 2015-11-19 13:45 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Files to move or delete:
====================
C:\Users\Sumatra\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Some files in TEMP:
====================
C:\Users\Sumatra\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Sumatra\AppData\Local\Temp\sqlite3.dll
C:\Users\Sumatra\AppData\Local\Temp\sqlite3.exe
C:\Users\Sumatra\AppData\Local\Temp\{43A7537F-E35E-4A27-A26F-EE334BA14079}.dll
C:\Users\Sumatra\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-19 13:59
==================== End of FRST.txt ============================
Pote spusten FRST. Zvlastni, ze mi to psalo, ze to neni pro mou verzi systemu, pritom je to 64 bit na win 8 a spustim to jeko spravce.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by Sumatra (administrator) on ZAPRTEK (19-11-2015 16:21:48)
Running from C:\Users\Sumatra\Downloads
Loaded Profiles: Sumatra (Available Profiles: Sumatra)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
(PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ACD Systems, Ltd.) C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Farbar) C:\Users\Sumatra\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-03-28] (Hewlett-Packard )
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794904 2014-05-18] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-03-28] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-26] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Device Detector] => DevDetect.exe -autorun
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\Run: [SpyEmergency] => C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [3683456 2010-12-22] (NETGATE Technologies s.r.o.)
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\RunOnce: [SeznamInstall-uninstall:55eaa7102b9163674249007fd4d9d91d] => C:\Users\Sumatra\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2015-11-19] () <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{34800827-E286-4B6D-A1B2-1992268112A3}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPDTDFJS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.seznam.cz/?clid=22668
URLSearchHook: [S-1-5-21-3991480556-1381850406-516042308-1001] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {30DE98EA-9936-49D0-8F33-734A7C3A2959} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {30DE98EA-9936-49D0-8F33-734A7C3A2959} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> DefaultScope {416B884D-D176-4B3F-8F74-1B37A5AD0496} URL =
SearchScopes: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default
FF DefaultSearchEngine: Seznam
FF DefaultSearchUrl: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Homepage: hxxps://www.seznam.cz/
about:preferences
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-31] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\searchplugins\seznam-avast.xml [2015-03-20]
FF Extension: musixlib - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\jid1-lpoiffmusixlib@jetpack.xpi [2015-09-30]
FF Extension: Catered to You - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\{8e8022ff-0a36-4efc-916e-e21e5c7aea6e}.xpi [2015-11-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-24] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-24]
CHR Extension: (Dokumenty Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-26]
CHR Extension: (Disk Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-26]
CHR Extension: (Rapport) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-26]
CHR Extension: (YouTube) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-26]
CHR Extension: (Avast SafePrice) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-26]
CHR Extension: (Tabulky Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-24]
CHR Extension: (Avast Online Security) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-24]
CHR Extension: (Peněženka Google) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-24]
CHR Extension: (Gmail) - C:\Users\Sumatra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-24]
CHR HKU\S-1-5-21-3991480556-1381850406-516042308-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-03-31] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-08-04] (IBM Corp.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 SpyEmrgSrv; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [3628672 2010-09-30] (NETGATE Technologies s.r.o.)
R2 ssinstall; C:\windows\SysWOW64\ssins.exe [2324216 2015-01-25] (PS Media s.r.o.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-03-28] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 w3logsvc; C:\windows\SysWOW64\inetsrv\w3logsvc.dll [66560 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2014-03-31] (Intel Corporation)
R1 RapportCerberus_1507065; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507065.sys [958744 2015-09-09] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-08-04] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-08-04] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-08-04] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-08-04] (IBM Corp.)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [15416 2009-09-17] (NETGATE Technologies s.r.o.)
S3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [22584 2009-09-17] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [16952 2009-09-17] (NETGATE Technologies s.r.o.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-19 16:21 - 2015-11-19 16:21 - 00021806 _____ C:\Users\Sumatra\Downloads\FRST.txt
2015-11-19 16:20 - 2015-11-19 16:20 - 02008576 _____ (Farbar) C:\Users\Sumatra\Downloads\FRST64(1).exe
2015-11-19 16:00 - 2015-11-19 16:21 - 00000000 ____D C:\FRST
2015-11-19 15:57 - 2015-11-19 15:57 - 02008576 _____ (Farbar) C:\Users\Sumatra\Downloads\FRST64.exe
2015-11-19 15:32 - 2015-11-19 15:32 - 01222144 _____ C:\Users\Sumatra\Downloads\RSITx64.exe
2015-11-19 15:32 - 2015-11-19 15:32 - 00000000 ____D C:\rsit
2015-11-19 15:32 - 2015-11-19 15:32 - 00000000 ____D C:\Program Files\trend micro
2015-11-19 15:01 - 2015-11-19 15:04 - 00000000 ____D C:\AdwCleaner
2015-11-19 15:00 - 2015-11-19 15:00 - 01732096 _____ C:\Users\Sumatra\Downloads\adwcleaner_5.021(1).exe
2015-11-19 14:59 - 2015-11-19 14:59 - 01732096 _____ C:\Users\Sumatra\Downloads\adwcleaner_5.021.exe
2015-11-19 14:28 - 2015-11-19 14:28 - 00001166 _____ C:\Users\Sumatra\Documents\Odstraneno_hrozeb_malwarebytes.txt
2015-11-19 14:14 - 2015-11-19 14:14 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-19 14:14 - 2015-11-19 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-19 14:14 - 2015-11-19 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-19 14:14 - 2015-11-19 14:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-19 14:14 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-11-19 14:14 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-11-19 14:14 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-11-19 14:13 - 2015-11-19 14:13 - 22908888 _____ (Malwarebytes ) C:\Users\Sumatra\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-19 14:03 - 2015-11-19 14:28 - 00001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2015-11-19 14:03 - 2015-11-19 14:28 - 00001107 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2015-11-19 13:45 - 2015-11-19 13:45 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-19 13:44 - 2015-11-19 13:44 - 00000000 ____D C:\Users\Sumatra\AppData\Local\Sparta
2015-11-19 13:43 - 2015-11-19 13:43 - 00000000 ____D C:\Users\Sumatra\AppData\Roaming\MAGIX
2015-11-19 13:43 - 2015-11-19 13:43 - 00000000 ____D C:\ProgramData\MAGIX
2015-11-18 16:05 - 2015-11-18 16:05 - 00772016 _____ (Reimage®) C:\Users\Sumatra\Downloads\ReimageRepair.exe
2015-11-17 18:21 - 2015-05-06 16:54 - 00120200 _____ () C:\windows\SysWOW64\DLLDEV32i.dll
2015-11-17 13:35 - 2015-11-17 17:57 - 948742874 _____ C:\Users\Sumatra\Downloads\Podezreni-(1990)-krimi,H.Ford,B.Dennehy,R.Julia,CZ-dab,DTVMir,120'.avi
2015-11-16 17:44 - 2015-11-03 01:23 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-16 17:44 - 2015-11-03 01:23 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-15 22:56 - 2015-11-17 13:25 - 1218999814 _____ C:\Users\Sumatra\Downloads\Maléna-cz-(2000).avi
2015-11-15 22:05 - 2015-11-15 22:49 - 800585728 _____ C:\Users\Sumatra\Downloads\Dveře-v-podlaze=2004-Drama-Kim-Besinger-DVDrip-CZ.avi
2015-11-11 15:50 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 15:50 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 15:50 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 15:50 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 15:50 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 15:50 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 15:50 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 15:50 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 15:50 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 15:50 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 15:50 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 15:50 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 15:50 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 15:50 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 15:50 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 15:50 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 15:50 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 15:50 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 15:50 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 15:50 - 2015-09-12 14:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 15:49 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 15:49 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 15:49 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 15:49 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 15:49 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 15:49 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 15:49 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 15:49 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 15:49 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 15:49 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 15:49 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 15:49 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 15:49 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 15:49 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 15:49 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 15:49 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 15:49 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 15:49 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 15:49 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 15:49 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 15:49 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 15:49 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 15:49 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 15:49 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 15:49 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 15:49 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-11-11 15:49 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-11-11 15:48 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 15:48 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 15:48 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 15:48 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 15:48 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 15:48 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 15:48 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 15:48 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 15:48 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 15:48 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 15:48 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 15:48 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 15:48 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 15:48 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 15:48 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 15:48 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 15:48 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 15:48 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 15:48 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 15:48 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 15:48 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 15:48 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 15:48 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 15:48 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 15:47 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 15:47 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 15:47 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 15:47 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 15:47 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 15:47 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-11-11 15:47 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-11-04 11:04 - 2015-11-16 17:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-19 16:20 - 2015-01-24 03:33 - 01555094 _____ C:\windows\WindowsUpdate.log
2015-11-19 16:18 - 2015-01-25 20:28 - 00000000 ____D C:\Users\Sumatra\AppData\Roaming\Seznam.cz
2015-11-19 16:17 - 2015-04-21 15:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-19 16:17 - 2015-01-25 20:28 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-11-19 16:10 - 2015-01-24 03:39 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3991480556-1381850406-516042308-1001
2015-11-19 16:00 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\sru
2015-11-19 15:43 - 2015-01-25 20:44 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-19 15:38 - 2015-05-20 19:46 - 00000976 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-19 15:09 - 2015-05-20 19:46 - 00000972 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 15:06 - 2015-01-25 20:28 - 00000000 _____ C:\windows\SysWOW64\sinstall.log
2015-11-19 15:06 - 2013-08-22 15:46 - 00031108 _____ C:\windows\setupact.log
2015-11-19 15:06 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-19 15:06 - 2013-08-22 15:44 - 00524624 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-19 15:05 - 2014-03-18 09:19 - 00256116 _____ C:\windows\PFRO.log
2015-11-19 15:05 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-19 15:05 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-11-19 14:28 - 2015-08-14 15:21 - 00002240 _____ C:\Users\Sumatra\Desktop\HP Support Assistant.lnk
2015-11-19 14:28 - 2015-05-30 17:20 - 00000972 _____ C:\Users\Public\Desktop\Spy Emergency.lnk
2015-11-19 14:28 - 2015-05-10 16:30 - 00001344 _____ C:\Users\Sumatra\Desktop\PDFMate PDF Converter Professional.lnk
2015-11-19 14:28 - 2015-05-10 16:21 - 00001258 _____ C:\Users\Sumatra\Desktop\PDFMate PDF Converter.lnk
2015-11-19 14:28 - 2015-04-21 15:39 - 00002741 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-19 14:28 - 2015-04-12 16:45 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-19 14:28 - 2015-04-12 16:45 - 00001160 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-19 14:28 - 2015-03-20 10:27 - 00002180 _____ C:\Users\Sumatra\Desktop\Deep Fritz 12 DL.lnk
2015-11-19 14:28 - 2015-03-18 10:28 - 00001320 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2015-11-19 14:28 - 2015-02-11 11:01 - 00000998 _____ C:\Users\Public\Desktop\Arena.lnk
2015-11-19 14:28 - 2015-02-04 14:33 - 00002863 _____ C:\Users\Public\Desktop\ACDSee 7.0.lnk
2015-11-19 14:28 - 2015-01-25 20:34 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-19 14:28 - 2015-01-25 20:34 - 00002040 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-11-19 14:28 - 2015-01-25 20:34 - 00001011 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-11-19 14:28 - 2015-01-24 16:40 - 00002105 _____ C:\Users\Public\Desktop\Video Search.lnk
2015-11-19 14:28 - 2015-01-24 16:40 - 00001203 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2015-11-19 14:28 - 2015-01-24 15:38 - 00001837 _____ C:\Users\Public\Desktop\ICQ6.5.lnk
2015-11-19 14:28 - 2015-01-24 15:24 - 00002025 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-19 14:28 - 2015-01-24 15:08 - 00002737 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2015-11-19 14:28 - 2015-01-24 15:04 - 00000647 _____ C:\Users\Sumatra\Desktop\Total Commander.lnk
2015-11-19 14:28 - 2015-01-24 15:02 - 00001697 _____ C:\Users\Sumatra\Desktop\WINWORD.lnk
2015-11-19 14:28 - 2015-01-24 15:01 - 00001677 _____ C:\Users\Sumatra\Desktop\EXCEL.lnk
2015-11-19 14:28 - 2015-01-24 03:36 - 00000436 _____ C:\Users\Sumatra\Desktop\Tento počítač.lnk
2015-11-19 14:28 - 2015-01-24 03:34 - 00001429 _____ C:\Users\Sumatra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-19 14:28 - 2015-01-24 03:34 - 00001318 _____ C:\Users\Public\Desktop\TripAdvisor.lnk
2015-11-19 14:28 - 2015-01-24 03:34 - 00000469 _____ C:\Users\Sumatra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-11-19 14:28 - 2015-01-24 03:34 - 00000467 _____ C:\Users\Sumatra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-11-19 14:28 - 2014-12-27 01:52 - 00002044 _____ C:\Users\Public\Desktop\Connected Photo.lnk
2015-11-19 14:28 - 2014-12-27 01:52 - 00001977 _____ C:\Users\Public\Desktop\Connected Music.lnk
2015-11-19 14:28 - 2014-12-27 01:39 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-11-19 14:27 - 2015-01-24 15:16 - 00000000 ____D C:\ProgramData\ICQ
2015-11-18 15:37 - 2015-01-25 15:32 - 00003174 _____ C:\windows\System32\Tasks\HPCeeScheduleForSumatra
2015-11-18 15:37 - 2015-01-25 15:32 - 00000356 _____ C:\windows\Tasks\HPCeeScheduleForSumatra.job
2015-11-18 15:37 - 2015-01-24 14:29 - 00000000 ____D C:\Users\Sumatra\AppData\Local\Hewlett-Packard
2015-11-18 15:25 - 2015-04-21 10:53 - 00000000 ____D C:\Users\Sumatra\AppData\Roaming\Skype
2015-11-17 18:21 - 2014-04-02 15:46 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-16 17:42 - 2015-04-12 16:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-15 23:07 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
2015-11-15 23:06 - 2014-12-27 10:15 - 00723190 _____ C:\windows\system32\perfh005.dat
2015-11-15 23:06 - 2014-12-27 10:15 - 00166518 _____ C:\windows\system32\perfc005.dat
2015-11-15 23:06 - 2014-03-18 16:32 - 01745372 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-15 22:27 - 2015-01-25 15:02 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-11-15 22:07 - 2015-01-26 12:33 - 00000000 ____D C:\windows\system32\MRT
2015-11-15 22:04 - 2015-01-26 12:33 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-12 15:48 - 2015-01-26 15:45 - 00000000 ____D C:\Users\Sumatra\Documents\dokumenty-archiv
2015-11-12 15:25 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-10 20:43 - 2015-01-25 20:44 - 00003802 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-01 21:50 - 2014-12-27 01:38 - 00000000 ____D C:\windows\System32\Tasks\Hewlett-Packard
2015-11-01 21:50 - 2014-12-27 01:38 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-10-31 22:09 - 2015-07-30 08:17 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 15:30 - 2015-04-21 10:53 - 00000000 ____D C:\ProgramData\Skype
2015-10-22 21:41 - 2015-04-16 18:44 - 00000000 ___SD C:\windows\system32\CompatTel
2015-10-22 21:41 - 2015-04-16 18:44 - 00000000 ____D C:\windows\system32\appraiser
==================== Files in the root of some directories =======
2015-03-10 15:47 - 2002-05-16 18:05 - 0054784 _____ () C:\Program Files (x86)\Accuclck.exe
2015-03-10 15:47 - 2014-01-01 22:25 - 3751936 _____ () C:\Program Files (x86)\Arena.exe
2015-03-10 15:47 - 2014-01-01 21:10 - 0002269 _____ () C:\Program Files (x86)\bundle.ini
2015-03-10 15:47 - 2012-12-27 00:43 - 0002641 _____ () C:\Program Files (x86)\countries.cfg
2015-03-10 15:47 - 2007-11-09 17:20 - 1219586 _____ () C:\Program Files (x86)\ecocodes7.txt
2015-03-10 15:47 - 2011-01-12 20:24 - 1083796 _____ () C:\Program Files (x86)\ecocodes9.txt
2015-03-10 15:47 - 2013-12-30 20:36 - 0173788 _____ () C:\Program Files (x86)\engines.ini
2015-03-10 15:47 - 1998-06-17 08:22 - 0187392 _____ () C:\Program Files (x86)\LPng.dll
2015-03-10 15:47 - 2003-05-14 16:23 - 0000046 _____ () C:\Program Files (x86)\my.txt
2015-03-10 15:47 - 1998-06-10 01:22 - 0048640 _____ () C:\Program Files (x86)\Timeseal.exe
2015-03-10 15:47 - 2001-12-09 12:27 - 0052736 _____ () C:\Program Files (x86)\Timestamp.exe
2015-03-10 15:47 - 2015-03-10 15:47 - 0028565 _____ () C:\Program Files (x86)\unins000.dat
2015-03-10 15:47 - 2015-03-10 15:40 - 0718497 _____ () C:\Program Files (x86)\unins000.exe
2015-11-19 13:45 - 2015-11-19 13:45 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Files to move or delete:
====================
C:\Users\Sumatra\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Some files in TEMP:
====================
C:\Users\Sumatra\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Sumatra\AppData\Local\Temp\sqlite3.dll
C:\Users\Sumatra\AppData\Local\Temp\sqlite3.exe
C:\Users\Sumatra\AppData\Local\Temp\{43A7537F-E35E-4A27-A26F-EE334BA14079}.dll
C:\Users\Sumatra\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-19 13:59
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.zip
- (9.77 KiB) Staženo 42 x
Re: Side reklama ve FF nedari se odstranit
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi
Kód: Vybrat vše
Start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\RunOnce: [SeznamInstall-uninstall:55eaa7102b9163674249007fd4d9d91d] => C:\Users\Sumatra\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2015-11-19] () <===== ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = URLSearchHook: [S-1-5-21-3991480556-1381850406-516042308-1001] ATTENTION => Default URLSearchHook is missing URLSearchHook: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> DefaultScope {416B884D-D176-4B3F-8F74-1B37A5AD0496} URL = FF Extension: Catered to You - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\{8e8022ff-0a36-4efc-916e-e21e5c7aea6e}.xpi [2015-11-18] [not signed] S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X] U3 McAPExe; no ImagePath U3 McMPFSvc; no ImagePath U3 McNaiAnn; no ImagePath U3 mcpltsvc; no ImagePath U3 McProxy; no ImagePath U3 mfecore; no ImagePath U3 MSK80Service; no ImagePath 2015-11-19 16:21 - 2015-11-19 16:21 - 00021806 _____ C:\Users\Sumatra\Downloads\FRST.txt 2015-11-19 15:32 - 2015-11-19 15:32 - 01222144 _____ C:\Users\Sumatra\Downloads\RSITx64.exe 2015-11-19 15:32 - 2015-11-19 15:32 - 00000000 ____D C:\rsit 2015-11-19 15:32 - 2015-11-19 15:32 - 00000000 ____D C:\Program Files\trend micro 2015-11-19 15:01 - 2015-11-19 15:04 - 00000000 ____D C:\AdwCleaner 2015-11-19 15:00 - 2015-11-19 15:00 - 01732096 _____ C:\Users\Sumatra\Downloads\adwcleaner_5.021(1).exe 2015-11-19 14:59 - 2015-11-19 14:59 - 01732096 _____ C:\Users\Sumatra\Downloads\adwcleaner_5.021.exe 2015-11-19 16:18 - 2015-01-25 20:28 - 00000000 ____D C:\Users\Sumatra\AppData\Roaming\Seznam.cz 2015-11-19 16:17 - 2015-01-25 20:28 - 00000000 ____D C:\Program Files (x86)\Seznam.cz 2015-11-19 13:45 - 2015-11-19 13:45 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Task: {58781922-F89B-40EF-8658-8B1031A37BC0} - System32\Tasks\{942F357A-F17A-4A50-AF37-0F3108E38379} => pcalua.exe -a "C:\Heroes 5 - datadisk CZ záplata (oprava chyb a vylepšení)\heroes_might_magic_5_3.01_cz.exe" -d "C:\Heroes 5 - datadisk CZ záplata (oprava chyb a vylepšení)" Task: {6B8FBC57-BEEA-46E6-9947-328250C08504} - System32\Tasks\{32B3F536-BE22-4B16-A5BE-6F830CB87594} => pcalua.exe -a C:\Users\Sumatra\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cvs Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe FirewallRules: [TCP Query User{1011E189-818B-4385-B706-AFCF82A0E5A6}C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe FirewallRules: [UDP Query User{5D3EDF66-7336-4D87-B7B9-0095B0259ECC}C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe FirewallRules: [TCP Query User{A7A087F1-015B-4C3E-9476-12A737807CF2}C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe FirewallRules: [UDP Query User{C9AF4D4A-6D43-4B8B-BF52-8249F6EA5A6B}C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe FirewallRules: [TCP Query User{8A4DA2FA-5134-4DFB-BEDD-30E2E68426B1}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{82547BFE-26BA-487B-9C2F-37DFB02DF936}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Side reklama ve FF nedari se odstranit
Dobre rano. Pokracoval jsem dle navodu a zde je log.
Mne ani nenapadlo se kouknout do hosts, ze by byl zmeneny
R.
Fix result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by Sumatra (2015-11-20 08:39:55) Run:1
Running from C:\Users\Sumatra\Downloads
Loaded Profiles: Sumatra (Available Profiles: Sumatra)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\RunOnce: [SeznamInstall-uninstall:55eaa7102b9163674249007fd4d9d91d] => C:\Users\Sumatra\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2015-11-19] () <===== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: [S-1-5-21-3991480556-1381850406-516042308-1001] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> DefaultScope {416B884D-D176-4B3F-8F74-1B37A5AD0496} URL =
FF Extension: Catered to You - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\{8e8022ff-0a36-4efc-916e-e21e5c7aea6e}.xpi [2015-11-18] [not signed]
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
2015-11-19 16:21 - 2015-11-19 16:21 - 00021806 _____ C:\Users\Sumatra\Downloads\FRST.txt
2015-11-19 15:32 - 2015-11-19 15:32 - 01222144 _____ C:\Users\Sumatra\Downloads\RSITx64.exe
2015-11-19 15:32 - 2015-11-19 15:32 - 00000000 ____D C:\rsit
2015-11-19 15:32 - 2015-11-19 15:32 - 00000000 ____D C:\Program Files\trend micro
2015-11-19 15:01 - 2015-11-19 15:04 - 00000000 ____D C:\AdwCleaner
2015-11-19 15:00 - 2015-11-19 15:00 - 01732096 _____ C:\Users\Sumatra\Downloads\adwcleaner_5.021(1).exe
2015-11-19 14:59 - 2015-11-19 14:59 - 01732096 _____ C:\Users\Sumatra\Downloads\adwcleaner_5.021.exe
2015-11-19 16:18 - 2015-01-25 20:28 - 00000000 ____D C:\Users\Sumatra\AppData\Roaming\Seznam.cz
2015-11-19 16:17 - 2015-01-25 20:28 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-11-19 13:45 - 2015-11-19 13:45 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {58781922-F89B-40EF-8658-8B1031A37BC0} - System32\Tasks\{942F357A-F17A-4A50-AF37-0F3108E38379} => pcalua.exe -a "C:\Heroes 5 - datadisk CZ záplata (oprava chyb a vylepšení)\heroes_might_magic_5_3.01_cz.exe" -d "C:\Heroes 5 - datadisk CZ záplata (oprava chyb a vylepšení)"
Task: {6B8FBC57-BEEA-46E6-9947-328250C08504} - System32\Tasks\{32B3F536-BE22-4B16-A5BE-6F830CB87594} => pcalua.exe -a C:\Users\Sumatra\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cvs
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
FirewallRules: [TCP Query User{1011E189-818B-4385-B706-AFCF82A0E5A6}C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe
FirewallRules: [UDP Query User{5D3EDF66-7336-4D87-B7B9-0095B0259ECC}C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe
FirewallRules: [TCP Query User{A7A087F1-015B-4C3E-9476-12A737807CF2}C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe
FirewallRules: [UDP Query User{C9AF4D4A-6D43-4B8B-BF52-8249F6EA5A6B}C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe
FirewallRules: [TCP Query User{8A4DA2FA-5134-4DFB-BEDD-30E2E68426B1}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{82547BFE-26BA-487B-9C2F-37DFB02DF936}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SeznamInstall-uninstall:55eaa7102b9163674249007fd4d9d91d => value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
Could not restore Default URLSearchHook.
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value removed successfully
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\{8e8022ff-0a36-4efc-916e-e21e5c7aea6e}.xpi => moved successfully
AmUStor => service removed successfully
McAPExe => service removed successfully
McMPFSvc => service removed successfully
McNaiAnn => service removed successfully
mcpltsvc => service removed successfully
McProxy => service removed successfully
mfecore => service removed successfully
MSK80Service => service removed successfully
C:\Users\Sumatra\Downloads\FRST.txt => moved successfully
C:\Users\Sumatra\Downloads\RSITx64.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Sumatra\Downloads\adwcleaner_5.021(1).exe => moved successfully
C:\Users\Sumatra\Downloads\adwcleaner_5.021.exe => moved successfully
C:\Users\Sumatra\AppData\Roaming\Seznam.cz => moved successfully
C:\Program Files (x86)\Seznam.cz => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58781922-F89B-40EF-8658-8B1031A37BC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58781922-F89B-40EF-8658-8B1031A37BC0}" => key removed successfully
C:\windows\System32\Tasks\{942F357A-F17A-4A50-AF37-0F3108E38379} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{942F357A-F17A-4A50-AF37-0F3108E38379}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B8FBC57-BEEA-46E6-9947-328250C08504}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B8FBC57-BEEA-46E6-9947-328250C08504}" => key removed successfully
C:\windows\System32\Tasks\{32B3F536-BE22-4B16-A5BE-6F830CB87594} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{32B3F536-BE22-4B16-A5BE-6F830CB87594}" => key removed successfully
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1011E189-818B-4385-B706-AFCF82A0E5A6}C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5D3EDF66-7336-4D87-B7B9-0095B0259ECC}C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A7A087F1-015B-4C3E-9476-12A737807CF2}C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9AF4D4A-6D43-4B8B-BF52-8249F6EA5A6B}C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8A4DA2FA-5134-4DFB-BEDD-30E2E68426B1}C:\program files (x86)\mozilla firefox\plugin-container.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{82547BFE-26BA-487B-9C2F-37DFB02DF936}C:\program files (x86)\mozilla firefox\plugin-container.exe => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 4 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 08:42:09 ====
Mne ani nenapadlo se kouknout do hosts, ze by byl zmeneny
R.
Fix result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by Sumatra (2015-11-20 08:39:55) Run:1
Running from C:\Users\Sumatra\Downloads
Loaded Profiles: Sumatra (Available Profiles: Sumatra)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\...\RunOnce: [SeznamInstall-uninstall:55eaa7102b9163674249007fd4d9d91d] => C:\Users\Sumatra\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2015-11-19] () <===== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
URLSearchHook: [S-1-5-21-3991480556-1381850406-516042308-1001] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKU\S-1-5-21-3991480556-1381850406-516042308-1001 -> DefaultScope {416B884D-D176-4B3F-8F74-1B37A5AD0496} URL =
FF Extension: Catered to You - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\{8e8022ff-0a36-4efc-916e-e21e5c7aea6e}.xpi [2015-11-18] [not signed]
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
2015-11-19 16:21 - 2015-11-19 16:21 - 00021806 _____ C:\Users\Sumatra\Downloads\FRST.txt
2015-11-19 15:32 - 2015-11-19 15:32 - 01222144 _____ C:\Users\Sumatra\Downloads\RSITx64.exe
2015-11-19 15:32 - 2015-11-19 15:32 - 00000000 ____D C:\rsit
2015-11-19 15:32 - 2015-11-19 15:32 - 00000000 ____D C:\Program Files\trend micro
2015-11-19 15:01 - 2015-11-19 15:04 - 00000000 ____D C:\AdwCleaner
2015-11-19 15:00 - 2015-11-19 15:00 - 01732096 _____ C:\Users\Sumatra\Downloads\adwcleaner_5.021(1).exe
2015-11-19 14:59 - 2015-11-19 14:59 - 01732096 _____ C:\Users\Sumatra\Downloads\adwcleaner_5.021.exe
2015-11-19 16:18 - 2015-01-25 20:28 - 00000000 ____D C:\Users\Sumatra\AppData\Roaming\Seznam.cz
2015-11-19 16:17 - 2015-01-25 20:28 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-11-19 13:45 - 2015-11-19 13:45 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {58781922-F89B-40EF-8658-8B1031A37BC0} - System32\Tasks\{942F357A-F17A-4A50-AF37-0F3108E38379} => pcalua.exe -a "C:\Heroes 5 - datadisk CZ záplata (oprava chyb a vylepšení)\heroes_might_magic_5_3.01_cz.exe" -d "C:\Heroes 5 - datadisk CZ záplata (oprava chyb a vylepšení)"
Task: {6B8FBC57-BEEA-46E6-9947-328250C08504} - System32\Tasks\{32B3F536-BE22-4B16-A5BE-6F830CB87594} => pcalua.exe -a C:\Users\Sumatra\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cvs
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
FirewallRules: [TCP Query User{1011E189-818B-4385-B706-AFCF82A0E5A6}C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe
FirewallRules: [UDP Query User{5D3EDF66-7336-4D87-B7B9-0095B0259ECC}C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe
FirewallRules: [TCP Query User{A7A087F1-015B-4C3E-9476-12A737807CF2}C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe
FirewallRules: [UDP Query User{C9AF4D4A-6D43-4B8B-BF52-8249F6EA5A6B}C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe] => (Allow) C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe
FirewallRules: [TCP Query User{8A4DA2FA-5134-4DFB-BEDD-30E2E68426B1}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{82547BFE-26BA-487B-9C2F-37DFB02DF936}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
Hosts:
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SeznamInstall-uninstall:55eaa7102b9163674249007fd4d9d91d => value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
Could not restore Default URLSearchHook.
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value removed successfully
HKU\S-1-5-21-3991480556-1381850406-516042308-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\{8e8022ff-0a36-4efc-916e-e21e5c7aea6e}.xpi => moved successfully
AmUStor => service removed successfully
McAPExe => service removed successfully
McMPFSvc => service removed successfully
McNaiAnn => service removed successfully
mcpltsvc => service removed successfully
McProxy => service removed successfully
mfecore => service removed successfully
MSK80Service => service removed successfully
C:\Users\Sumatra\Downloads\FRST.txt => moved successfully
C:\Users\Sumatra\Downloads\RSITx64.exe => moved successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Sumatra\Downloads\adwcleaner_5.021(1).exe => moved successfully
C:\Users\Sumatra\Downloads\adwcleaner_5.021.exe => moved successfully
C:\Users\Sumatra\AppData\Roaming\Seznam.cz => moved successfully
C:\Program Files (x86)\Seznam.cz => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58781922-F89B-40EF-8658-8B1031A37BC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58781922-F89B-40EF-8658-8B1031A37BC0}" => key removed successfully
C:\windows\System32\Tasks\{942F357A-F17A-4A50-AF37-0F3108E38379} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{942F357A-F17A-4A50-AF37-0F3108E38379}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B8FBC57-BEEA-46E6-9947-328250C08504}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B8FBC57-BEEA-46E6-9947-328250C08504}" => key removed successfully
C:\windows\System32\Tasks\{32B3F536-BE22-4B16-A5BE-6F830CB87594} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{32B3F536-BE22-4B16-A5BE-6F830CB87594}" => key removed successfully
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1011E189-818B-4385-B706-AFCF82A0E5A6}C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5D3EDF66-7336-4D87-B7B9-0095B0259ECC}C:\users\sumatra\appdata\local\temp\nsw33c.tmp\setupmarias_talon_cz.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A7A087F1-015B-4C3E-9476-12A737807CF2}C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9AF4D4A-6D43-4B8B-BF52-8249F6EA5A6B}C:\users\sumatra\appdata\local\temp\nsla7cd.tmp\setupmarias_talon_cz.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8A4DA2FA-5134-4DFB-BEDD-30E2E68426B1}C:\program files (x86)\mozilla firefox\plugin-container.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{82547BFE-26BA-487B-9C2F-37DFB02DF936}C:\program files (x86)\mozilla firefox\plugin-container.exe => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 4 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 08:42:09 ====
Re: Side reklama ve FF nedari se odstranit
PS: ta reklama zmizela....
Re: Side reklama ve FF nedari se odstranit
Dobre rano, hosts pravdepodobne zmeneny/infikovany nebyl, ale videl jsem i pripad, kdy 2 ruzne antimalwarove nastroje ukazaly ruzny obsah hosts souboru, proto jej preventivne nechavam obnovovat do defaultu, cimz se nic nezkazi (vyjimkou jsou uzivatele, kteri maji hosts upraveny schvalne)gaud píše:Dobre rano. Pokracoval jsem dle navodu a zde je log.
Mne ani nenapadlo se kouknout do hosts, ze by byl zmeneny
Za reklamy mohl doplnek FireFoxu
Kód: Vybrat vše
FF Extension: Catered to You - C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\{8e8022ff-0a36-4efc-916e-e21e5c7aea6e}.xpi [2015-11-18] [not signed]Kód: Vybrat vše
C:\Users\Sumatra\AppData\Roaming\Mozilla\Firefox\Profiles\qvu6tn1n.default\Extensions\{8e8022ff-0a36-4efc-916e-e21e5c7aea6e}.xpi- Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
- Oznacte jen moznost "Remove disinfection tools"
- kliknete na Run
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Side reklama ve FF nedari se odstranit
Tak bych chtěl moc poděkovat. Pan je spokojeny a dekoval mi a sliboval flasku vina. Kam vam muzu odlit?
Jinak mozno uzavrit.
Jinak mozno uzavrit.
Re: Side reklama ve FF nedari se odstranit
Jsem rad, ze pan je rad a i Vy jste rad. Do Brna cestovat nemusite, staci kdyz si na nase zdravi doma pripijete 
Nemate zac, rad jsem pomohl
Mejte se krasne a treba zase nekdy
Nemate zac, rad jsem pomohl
Mejte se krasne a treba zase nekdy
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?