Zdravím,
kamarád už se několik týdnů potýká s problémem (viz stejný problém ZDE), tzv. Redirecting ve webových prohlížečích, kdy z ničeho nic se zobrazí stránka (reklama) na nějakou hovadinu. Zkoušel měnit prohlížeče, dělá to ve všech.
Prosím o radu, jak se toho zbavit. Děkuji.
EDIT - Dodán log z FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Administrator (administrator) on KEJS-PC (14-03-2016 20:28:53)
Running from C:\Users\Administrator.kEjs-PC\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Programy\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
() C:\Program Files (x86)\Prezi\Prezi.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Spotify Ltd) C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify\Spotify.exe
(forum.viry.cz) C:\Users\Administrator.kEjs-PC\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-11] (Razer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Administrator.kEjs-PC\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [Dropbox Update] => C:\Users\Administrator.kEjs-PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-04] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-703323477-901136438-3501750363-500] => hxxp://unstopp.me/wpad.dat?35014cb3a76805a8b820b1e89bb8ad104889644
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{E297F95F-3439-49CB-B578-AABF4E0BDBB8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F568481F-CC60-4129-B87F-0C9276BCEBA6}: [DhcpNameServer] 192.168.10.1
ManualProxies: 0hxxp://unstopp.me/wpad.dat?35014cb3a76805a8b820b1e89bb8ad104889644
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-703323477-901136438-3501750363-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-01] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-01] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.cz/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-02]
CHR Extension: (Vyhledávání Google) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04]
CHR Extension: (Gmail) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Administrator.kEjs-PC\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-02] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2009-03-09] () [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 RTCore64; C:\Programy\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-01-31] () [File not signed]
U3 aktpzqbi; C:\Windows\System32\Drivers\aktpzqbi.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
R3 ALSysIO; \??\C:\Users\ADMINI~1.KEJ\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-14 20:28 - 2016-03-14 20:29 - 00023306 _____ C:\Users\Administrator.kEjs-PC\Desktop\FRST.txt
2016-03-14 20:28 - 2016-03-14 20:28 - 00000000 ____D C:\FRST
2016-03-14 20:27 - 2016-03-14 20:27 - 00112640 _____ (forum.viry.cz) C:\Users\Administrator.kEjs-PC\Desktop\FRSTLauncher.exe
2016-03-14 20:26 - 2016-03-14 20:26 - 02374144 _____ (Farbar) C:\Users\Administrator.kEjs-PC\Desktop\FRST64.exe
2016-03-14 20:01 - 2016-03-14 20:01 - 130545816 _____ C:\Users\Administrator.kEjs-PC\Desktop\org.zip
2016-03-14 20:00 - 2016-03-14 20:00 - 05846702 _____ C:\Users\Administrator.kEjs-PC\Downloads\organizace.pez
2016-03-14 19:59 - 2016-03-14 19:59 - 05846702 _____ C:\Users\Administrator.kEjs-PC\Desktop\organizace_.pez
2016-03-14 19:58 - 2016-03-14 19:58 - 05846702 _____ C:\Users\Administrator.kEjs-PC\Desktop\organizace.pez
2016-03-14 19:57 - 2016-03-14 19:57 - 00111968 _____ C:\Users\Administrator.kEjs-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-14 18:22 - 2016-03-14 18:22 - 01222144 _____ C:\Users\Administrator.kEjs-PC\Downloads\RSITx64.exe
2016-03-14 18:22 - 2016-03-14 18:22 - 00000000 ____D C:\rsit
2016-03-14 18:22 - 2016-03-14 18:22 - 00000000 ____D C:\Program Files\trend micro
2016-03-14 17:44 - 2016-03-14 17:44 - 01578415 _____ C:\Users\Administrator.kEjs-PC\Downloads\Procesy pro podporu rozhodování.rar
2016-03-14 16:40 - 2016-03-14 16:40 - 06590852 _____ C:\Users\Administrator.kEjs-PC\Desktop\jop.pez
2016-03-13 16:17 - 2016-03-13 16:17 - 01039273 _____ C:\Users\Administrator.kEjs-PC\Downloads\02_Planovani.zip
2016-03-11 18:27 - 2016-03-11 18:27 - 00009355 _____ C:\Users\Administrator.kEjs-PC\Downloads\[kat.cr]vikings.s04e04.720p.hdtv.x264.killers.ettv.torrent
2016-03-11 15:05 - 2016-03-13 15:07 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-11 15:05 - 2016-03-11 15:05 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 15:05 - 2016-03-11 15:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 15:05 - 2016-03-11 15:05 - 00003966 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-03-11 15:05 - 2016-03-11 15:05 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 13:37 - 2016-03-11 13:37 - 00003072 _____ C:\Users\Administrator.kEjs-PC\Downloads\_Thumbs (2).db
2016-03-11 13:37 - 2016-03-11 13:37 - 00003072 _____ C:\Users\Administrator.kEjs-PC\Downloads\_Thumbs (1).db
2016-03-11 13:31 - 2016-03-11 19:58 - 00846930 ____H C:\Users\Administrator.kEjs-PC\Desktop\~WRL1036.tmp
2016-03-11 13:20 - 2016-03-11 13:20 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Prezi
2016-03-11 13:20 - 2016-03-11 13:20 - 00000000 ____D C:\Users\Administrator.kEjs-PC\AppData\Roaming\com.prezi.PreziDesktop
2016-03-11 13:18 - 2016-03-11 13:18 - 00001865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi.lnk
2016-03-11 13:18 - 2016-03-11 13:18 - 00001853 _____ C:\Users\Public\Desktop\Prezi.lnk
2016-03-11 13:17 - 2016-03-11 13:18 - 00000000 ____D C:\Program Files (x86)\Prezi
2016-03-11 12:54 - 2016-03-11 13:03 - 570318288 _____ (Prezi.com) C:\Users\Administrator.kEjs-PC\Downloads\Install_Prezi_5.2.8.exe
2016-03-09 19:02 - 2016-03-09 19:02 - 00136129 _____ C:\Users\Administrator.kEjs-PC\Downloads\Podklady_prednaska_5.pptx
2016-03-07 17:06 - 2016-03-07 17:06 - 00005161 _____ C:\Users\Administrator.kEjs-PC\Downloads\[kat.cr]the.walking.dead.s06e12.hdtv.x264.killers.ettv.torrent
2016-03-05 22:23 - 2016-03-05 22:24 - 00080936 _____ C:\Users\Administrator.kEjs-PC\Downloads\EBFDD59485DBBC32DDB90551EAAC4487FEEBAA26.torrent
2016-03-05 22:23 - 2016-03-05 22:23 - 00080936 _____ C:\Users\Administrator.kEjs-PC\Downloads\EBFDD59485DBBC32DDB90551EAAC4487FEEBAA26 (1).torrent
2016-03-04 12:19 - 2016-03-04 13:36 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Desktop\bases
2016-03-02 20:06 - 2016-03-02 20:06 - 00147499 _____ C:\Users\Administrator.kEjs-PC\Downloads\Podklady_prednaska_4.pptx
2016-03-01 22:23 - 2016-03-01 22:23 - 00752287 _____ C:\Users\Administrator.kEjs-PC\Downloads\revision_6.pdf
2016-03-01 22:23 - 2016-03-01 22:23 - 00752287 _____ C:\Users\Administrator.kEjs-PC\Downloads\revision_6 (1).pdf
2016-02-29 14:12 - 2016-02-29 14:12 - 00091004 _____ C:\Users\Administrator.kEjs-PC\Downloads\45CC866E5C94A73195F8C74576FE067502A75272.torrent
2016-02-29 14:11 - 2016-02-29 14:11 - 00091851 _____ C:\Users\Administrator.kEjs-PC\Downloads\42E59E8E1FF5FCE344BEECE00B284C82F4CB1B25.torrent
2016-02-29 14:10 - 2016-02-29 14:10 - 00034288 _____ C:\Users\Administrator.kEjs-PC\Downloads\[kat.cr]the.walking.dead.s06e11.hdtv.x264.fleet.rartv.torrent
2016-02-24 20:17 - 2016-02-24 20:17 - 00239462 _____ C:\Users\Administrator.kEjs-PC\Downloads\revision1.pdf
2016-02-22 20:18 - 2016-02-22 20:25 - 88084462 _____ C:\Users\Administrator.kEjs-PC\Downloads\Clash Royale_1.1.0.apk
2016-02-22 20:16 - 2016-03-11 12:22 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-22 20:16 - 2016-03-11 12:22 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-22 20:14 - 2016-03-14 20:19 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-22 20:14 - 2016-03-14 20:19 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-22 20:14 - 2016-02-22 20:14 - 00987728 _____ (Google Inc.) C:\Users\Administrator.kEjs-PC\Downloads\ChromeSetup.exe
2016-02-22 20:14 - 2016-02-22 20:14 - 00003962 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-22 20:14 - 2016-02-22 20:14 - 00003710 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-22 18:38 - 2016-02-22 18:38 - 00045518 _____ C:\Users\Administrator.kEjs-PC\Downloads\KmanP_VmanP_2015-2016_Bodove_hodnoceni.xlsx
2016-02-22 17:59 - 2016-02-22 17:59 - 00000880 _____ C:\Users\Administrator.kEjs-PC\Downloads\Fear.The.Walking.Dead.Flight.462.Part.6-GHoSTCR3W.srt
2016-02-22 17:51 - 2016-02-22 17:51 - 00002021 _____ C:\Users\Administrator.kEjs-PC\Downloads\Fear.The.Walking.Dead.Flight.462.Part.1-GHoSTCR3W.srt
2016-02-19 19:30 - 2016-02-19 19:30 - 00000000 ____D C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-19 16:26 - 2016-03-04 13:37 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Desktop\Nová složka
2016-02-15 14:53 - 2016-02-15 14:53 - 00021691 _____ C:\Users\Administrator.kEjs-PC\Downloads\priklady.pdf
2016-02-15 14:52 - 2016-02-15 14:52 - 00795273 _____ C:\Users\Administrator.kEjs-PC\Downloads\1. Základy statistiky - datové soubory.pdf
2016-02-15 14:51 - 2016-02-15 14:51 - 00454283 _____ C:\Users\Administrator.kEjs-PC\Downloads\1. Základy statistiky - datové soubory - opraveno
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-14 20:25 - 2015-05-05 15:16 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Local\Spotify
2016-03-14 20:25 - 2015-05-05 15:14 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify
2016-03-14 19:35 - 2015-06-21 14:22 - 00000966 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500UA.job
2016-03-14 14:35 - 2015-06-21 14:22 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500Core.job
2016-03-14 14:24 - 2009-07-14 05:45 - 00023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-14 14:24 - 2009-07-14 05:45 - 00023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-14 12:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-14 12:36 - 2016-01-26 17:02 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-03-14 12:36 - 2015-02-20 19:05 - 00000000 ___RD C:\Users\Administrator.kEjs-PC\Dropbox
2016-03-14 12:36 - 2015-02-20 19:03 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox
2016-03-14 12:36 - 2014-01-05 20:43 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Local\Adobe
2016-03-14 12:29 - 2009-07-14 16:18 - 00672158 _____ C:\Windows\system32\perfh005.dat
2016-03-14 12:29 - 2009-07-14 16:18 - 00142754 _____ C:\Windows\system32\perfc005.dat
2016-03-14 12:29 - 2009-07-14 06:13 - 01593238 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 12:25 - 2014-01-01 18:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-14 12:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-11 19:58 - 2014-01-12 02:50 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\uTorrent
2016-03-11 18:29 - 2014-01-10 16:47 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2016-03-11 14:33 - 2014-01-02 21:44 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-11 13:20 - 2014-01-01 17:50 - 00000000 ____D C:\Users\Administrator.kEjs-PC
2016-03-11 13:16 - 2009-07-14 06:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-11 13:12 - 2014-07-30 16:04 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-11 13:11 - 2015-09-28 15:56 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-11 13:11 - 2014-02-09 18:49 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\TS3Client
2016-03-04 11:42 - 2016-02-08 18:09 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454951369
2016-03-04 11:42 - 2016-02-08 18:08 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-28 19:48 - 2014-11-13 17:58 - 00000000 ____D C:\Program Files\CCleaner
2016-02-22 20:16 - 2014-01-02 21:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-19 00:55 - 2014-04-22 17:25 - 04509363 ____H C:\Users\Administrator.kEjs-PC\AppData\Local\IconCache.db.backup
2016-02-13 16:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
==================== Files in the root of some directories =======
2014-04-15 15:14 - 2010-04-07 14:08 - 0076351 _____ () C:\Program Files (x86)\Photoshop CS5 Read Me.pdf
2014-05-07 20:42 - 2015-10-10 21:52 - 0006144 ____H () C:\Users\Administrator.kEjs-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-07 18:45 - 2014-01-07 18:45 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500Core.job => C:\Users\Administrator.kEjs-PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500UA.job => C:\Users\Administrator.kEjs-PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Administrator.kEjs-PC\Desktop" je 162 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Redirecting v prohlížečích
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Redirecting v prohlížečích
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Redirecting v prohlížečích
# AdwCleaner v5.102 - Logfile created 14/03/2016 at 21:11:44
# Updated 13/03/2016 by Xplode
# Database : 2016-03-14.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Administrator - KEJS-PC
# Running from : C:\Users\Administrator.kEjs-PC\Desktop\adwcleaner_5.102.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Mobogenie
[-] Folder Deleted : C:\ProgramData\Trymedia
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\AppData\Roaming\newnext.me
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\AppData\Roaming\SimpleFiles
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\AppData\Roaming\Solvusoft
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\Documents\Mobogenie
***** [ Files ] *****
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\SimpleFiles
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
[#] Value Deleted : HKU\S-1-5-21-703323477-901136438-3501750363-500\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2472 bytes] - [14/03/2016 21:11:44]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2869 bytes] - [14/03/2016 21:10:40]
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2658 bytes] ##########
# Updated 13/03/2016 by Xplode
# Database : 2016-03-14.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Administrator - KEJS-PC
# Running from : C:\Users\Administrator.kEjs-PC\Desktop\adwcleaner_5.102.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Mobogenie
[-] Folder Deleted : C:\ProgramData\Trymedia
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\AppData\Roaming\newnext.me
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\AppData\Roaming\SimpleFiles
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\AppData\Roaming\Solvusoft
[-] Folder Deleted : C:\Users\Administrator.kEjs-PC\Documents\Mobogenie
***** [ Files ] *****
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\SimpleFiles
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
[#] Value Deleted : HKU\S-1-5-21-703323477-901136438-3501750363-500\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2472 bytes] - [14/03/2016 21:11:44]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2869 bytes] - [14/03/2016 21:10:40]
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2658 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Redirecting v prohlížečích
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Redirecting v prohlížečích
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Administrator (administrator) on KEJS-PC (14-03-2016 21:23:06)
Running from C:\Users\Administrator.kEjs-PC\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Programy\Core Temp\Core Temp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Dropbox, Inc.) C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(forum.viry.cz) C:\Users\Administrator.kEjs-PC\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-11] (Razer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [Dropbox Update] => C:\Users\Administrator.kEjs-PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-04] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-703323477-901136438-3501750363-500] => hxxp://unstopp.me/wpad.dat?35014cb3a76805a8b820b1e89bb8ad104889644
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{E297F95F-3439-49CB-B578-AABF4E0BDBB8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F568481F-CC60-4129-B87F-0C9276BCEBA6}: [DhcpNameServer] 192.168.10.1
ManualProxies: 0hxxp://unstopp.me/wpad.dat?35014cb3a76805a8b820b1e89bb8ad104889644
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-703323477-901136438-3501750363-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-01] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-01] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.cz/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-02]
CHR Extension: (Vyhledávání Google) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04]
CHR Extension: (Gmail) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Administrator.kEjs-PC\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-02] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2009-03-09] () [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 RTCore64; C:\Programy\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-01-31] () [File not signed]
U3 alb2yz7k; C:\Windows\System32\Drivers\alb2yz7k.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
R3 ALSysIO; \??\C:\Users\ADMINI~1.KEJ\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-14 21:23 - 2016-03-14 21:23 - 00022383 _____ C:\Users\Administrator.kEjs-PC\Desktop\FRST.txt
2016-03-14 21:22 - 2016-03-14 21:22 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Desktop\Nová složka (2)
2016-03-14 21:13 - 2016-03-14 21:13 - 05052904 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-14 21:10 - 2016-03-14 21:11 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-14 21:09 - 2016-03-14 21:09 - 01527296 _____ C:\Users\Administrator.kEjs-PC\Desktop\adwcleaner_5.102.exe
2016-03-14 20:28 - 2016-03-14 21:23 - 00000000 ____D C:\FRST
2016-03-14 20:27 - 2016-03-14 20:27 - 00112640 _____ (forum.viry.cz) C:\Users\Administrator.kEjs-PC\Desktop\FRSTLauncher.exe
2016-03-14 20:26 - 2016-03-14 20:26 - 02374144 _____ (Farbar) C:\Users\Administrator.kEjs-PC\Desktop\FRST64.exe
2016-03-14 20:01 - 2016-03-14 20:01 - 130545816 _____ C:\Users\Administrator.kEjs-PC\Desktop\org.zip
2016-03-14 20:00 - 2016-03-14 20:00 - 05846702 _____ C:\Users\Administrator.kEjs-PC\Downloads\organizace.pez
2016-03-14 19:59 - 2016-03-14 19:59 - 05846702 _____ C:\Users\Administrator.kEjs-PC\Desktop\organizace_.pez
2016-03-14 19:58 - 2016-03-14 19:58 - 05846702 _____ C:\Users\Administrator.kEjs-PC\Desktop\organizace.pez
2016-03-14 19:57 - 2016-03-14 19:57 - 00111968 _____ C:\Users\Administrator.kEjs-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-14 18:22 - 2016-03-14 18:22 - 01222144 _____ C:\Users\Administrator.kEjs-PC\Downloads\RSITx64.exe
2016-03-14 18:22 - 2016-03-14 18:22 - 00000000 ____D C:\rsit
2016-03-14 18:22 - 2016-03-14 18:22 - 00000000 ____D C:\Program Files\trend micro
2016-03-14 17:44 - 2016-03-14 17:44 - 01578415 _____ C:\Users\Administrator.kEjs-PC\Downloads\Procesy pro podporu rozhodování.rar
2016-03-14 16:40 - 2016-03-14 16:40 - 06590852 _____ C:\Users\Administrator.kEjs-PC\Desktop\jop.pez
2016-03-13 16:17 - 2016-03-13 16:17 - 01039273 _____ C:\Users\Administrator.kEjs-PC\Downloads\02_Planovani.zip
2016-03-11 18:27 - 2016-03-11 18:27 - 00009355 _____ C:\Users\Administrator.kEjs-PC\Downloads\[kat.cr]vikings.s04e04.720p.hdtv.x264.killers.ettv.torrent
2016-03-11 15:05 - 2016-03-13 15:07 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-11 15:05 - 2016-03-11 15:05 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 15:05 - 2016-03-11 15:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 15:05 - 2016-03-11 15:05 - 00003966 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-03-11 15:05 - 2016-03-11 15:05 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 13:37 - 2016-03-11 13:37 - 00003072 _____ C:\Users\Administrator.kEjs-PC\Downloads\_Thumbs (2).db
2016-03-11 13:37 - 2016-03-11 13:37 - 00003072 _____ C:\Users\Administrator.kEjs-PC\Downloads\_Thumbs (1).db
2016-03-11 13:20 - 2016-03-11 13:20 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Prezi
2016-03-11 13:20 - 2016-03-11 13:20 - 00000000 ____D C:\Users\Administrator.kEjs-PC\AppData\Roaming\com.prezi.PreziDesktop
2016-03-11 13:18 - 2016-03-11 13:18 - 00001865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi.lnk
2016-03-11 13:18 - 2016-03-11 13:18 - 00001853 _____ C:\Users\Public\Desktop\Prezi.lnk
2016-03-11 13:17 - 2016-03-11 13:18 - 00000000 ____D C:\Program Files (x86)\Prezi
2016-03-11 12:54 - 2016-03-11 13:03 - 570318288 _____ (Prezi.com) C:\Users\Administrator.kEjs-PC\Downloads\Install_Prezi_5.2.8.exe
2016-03-09 19:02 - 2016-03-09 19:02 - 00136129 _____ C:\Users\Administrator.kEjs-PC\Downloads\Podklady_prednaska_5.pptx
2016-03-07 17:06 - 2016-03-07 17:06 - 00005161 _____ C:\Users\Administrator.kEjs-PC\Downloads\[kat.cr]the.walking.dead.s06e12.hdtv.x264.killers.ettv.torrent
2016-03-05 22:23 - 2016-03-05 22:24 - 00080936 _____ C:\Users\Administrator.kEjs-PC\Downloads\EBFDD59485DBBC32DDB90551EAAC4487FEEBAA26.torrent
2016-03-05 22:23 - 2016-03-05 22:23 - 00080936 _____ C:\Users\Administrator.kEjs-PC\Downloads\EBFDD59485DBBC32DDB90551EAAC4487FEEBAA26 (1).torrent
2016-03-04 12:19 - 2016-03-04 13:36 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Desktop\bases
2016-03-02 20:06 - 2016-03-02 20:06 - 00147499 _____ C:\Users\Administrator.kEjs-PC\Downloads\Podklady_prednaska_4.pptx
2016-03-01 22:23 - 2016-03-01 22:23 - 00752287 _____ C:\Users\Administrator.kEjs-PC\Downloads\revision_6.pdf
2016-03-01 22:23 - 2016-03-01 22:23 - 00752287 _____ C:\Users\Administrator.kEjs-PC\Downloads\revision_6 (1).pdf
2016-02-29 14:12 - 2016-02-29 14:12 - 00091004 _____ C:\Users\Administrator.kEjs-PC\Downloads\45CC866E5C94A73195F8C74576FE067502A75272.torrent
2016-02-29 14:11 - 2016-02-29 14:11 - 00091851 _____ C:\Users\Administrator.kEjs-PC\Downloads\42E59E8E1FF5FCE344BEECE00B284C82F4CB1B25.torrent
2016-02-29 14:10 - 2016-02-29 14:10 - 00034288 _____ C:\Users\Administrator.kEjs-PC\Downloads\[kat.cr]the.walking.dead.s06e11.hdtv.x264.fleet.rartv.torrent
2016-02-24 20:17 - 2016-02-24 20:17 - 00239462 _____ C:\Users\Administrator.kEjs-PC\Downloads\revision1.pdf
2016-02-22 20:18 - 2016-02-22 20:25 - 88084462 _____ C:\Users\Administrator.kEjs-PC\Downloads\Clash Royale_1.1.0.apk
2016-02-22 20:16 - 2016-03-11 12:22 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-22 20:16 - 2016-03-11 12:22 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-22 20:14 - 2016-03-14 21:19 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-22 20:14 - 2016-03-14 21:13 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-22 20:14 - 2016-02-22 20:14 - 00987728 _____ (Google Inc.) C:\Users\Administrator.kEjs-PC\Downloads\ChromeSetup.exe
2016-02-22 20:14 - 2016-02-22 20:14 - 00003962 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-22 20:14 - 2016-02-22 20:14 - 00003710 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-22 18:38 - 2016-02-22 18:38 - 00045518 _____ C:\Users\Administrator.kEjs-PC\Downloads\KmanP_VmanP_2015-2016_Bodove_hodnoceni.xlsx
2016-02-22 17:59 - 2016-02-22 17:59 - 00000880 _____ C:\Users\Administrator.kEjs-PC\Downloads\Fear.The.Walking.Dead.Flight.462.Part.6-GHoSTCR3W.srt
2016-02-22 17:51 - 2016-02-22 17:51 - 00002021 _____ C:\Users\Administrator.kEjs-PC\Downloads\Fear.The.Walking.Dead.Flight.462.Part.1-GHoSTCR3W.srt
2016-02-19 19:30 - 2016-02-19 19:30 - 00000000 ____D C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-19 16:26 - 2016-03-04 13:37 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Desktop\Nová složka
2016-02-15 14:53 - 2016-02-15 14:53 - 00021691 _____ C:\Users\Administrator.kEjs-PC\Downloads\priklady.pdf
2016-02-15 14:52 - 2016-02-15 14:52 - 00795273 _____ C:\Users\Administrator.kEjs-PC\Downloads\1. Základy statistiky - datové soubory.pdf
2016-02-15 14:51 - 2016-02-15 14:51 - 00454283 _____ C:\Users\Administrator.kEjs-PC\Downloads\1. Základy statistiky - datové soubory - opraveno
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-14 21:23 - 2014-01-05 20:43 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Local\Adobe
2016-03-14 21:21 - 2009-07-14 05:45 - 00023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-14 21:21 - 2009-07-14 05:45 - 00023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-14 21:17 - 2009-07-14 16:18 - 00672158 _____ C:\Windows\system32\perfh005.dat
2016-03-14 21:17 - 2009-07-14 16:18 - 00142754 _____ C:\Windows\system32\perfc005.dat
2016-03-14 21:17 - 2009-07-14 06:13 - 01593238 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 21:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-14 21:13 - 2016-01-26 17:02 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-03-14 21:13 - 2015-02-20 19:05 - 00000000 ___RD C:\Users\Administrator.kEjs-PC\Dropbox
2016-03-14 21:13 - 2015-02-20 19:03 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox
2016-03-14 21:13 - 2014-01-01 18:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-14 21:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-14 21:09 - 2015-05-05 15:16 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Local\Spotify
2016-03-14 20:35 - 2015-06-21 14:22 - 00000966 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500UA.job
2016-03-14 20:25 - 2015-05-05 15:14 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify
2016-03-14 14:35 - 2015-06-21 14:22 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500Core.job
2016-03-11 19:58 - 2014-01-12 02:50 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\uTorrent
2016-03-11 18:29 - 2014-01-10 16:47 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2016-03-11 14:33 - 2014-01-02 21:44 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-11 13:20 - 2014-01-01 17:50 - 00000000 ____D C:\Users\Administrator.kEjs-PC
2016-03-11 13:16 - 2009-07-14 06:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-11 13:12 - 2014-07-30 16:04 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-11 13:11 - 2015-09-28 15:56 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-11 13:11 - 2014-02-09 18:49 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\TS3Client
2016-03-04 11:42 - 2016-02-08 18:09 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454951369
2016-03-04 11:42 - 2016-02-08 18:08 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-28 19:48 - 2014-11-13 17:58 - 00000000 ____D C:\Program Files\CCleaner
2016-02-22 20:16 - 2014-01-02 21:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-19 00:55 - 2014-04-22 17:25 - 04509363 ____H C:\Users\Administrator.kEjs-PC\AppData\Local\IconCache.db.backup
2016-02-13 16:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
==================== Files in the root of some directories =======
2014-04-15 15:14 - 2010-04-07 14:08 - 0076351 _____ () C:\Program Files (x86)\Photoshop CS5 Read Me.pdf
2014-05-07 20:42 - 2015-10-10 21:52 - 0006144 ____H () C:\Users\Administrator.kEjs-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-07 18:45 - 2014-01-07 18:45 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Administrator.kEjs-PC\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500Core.job => C:\Users\Administrator.kEjs-PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500UA.job => C:\Users\Administrator.kEjs-PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Administrator.kEjs-PC\Desktop" je 163 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Administrator (administrator) on KEJS-PC (14-03-2016 21:23:06)
Running from C:\Users\Administrator.kEjs-PC\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Programy\Core Temp\Core Temp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Dropbox, Inc.) C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(forum.viry.cz) C:\Users\Administrator.kEjs-PC\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-11] (Razer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [Dropbox Update] => C:\Users\Administrator.kEjs-PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [Spotify Web Helper] => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-04] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-703323477-901136438-3501750363-500] => hxxp://unstopp.me/wpad.dat?35014cb3a76805a8b820b1e89bb8ad104889644
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{E297F95F-3439-49CB-B578-AABF4E0BDBB8}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F568481F-CC60-4129-B87F-0C9276BCEBA6}: [DhcpNameServer] 192.168.10.1
ManualProxies: 0hxxp://unstopp.me/wpad.dat?35014cb3a76805a8b820b1e89bb8ad104889644
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-703323477-901136438-3501750363-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-01] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-01] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.cz/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-02]
CHR Extension: (Vyhledávání Google) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-04]
CHR Extension: (Gmail) - C:\Users\Administrator.kEjs-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Administrator.kEjs-PC\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-06-02] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2009-03-09] () [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 RTCore64; C:\Programy\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [50904 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-01-31] () [File not signed]
U3 alb2yz7k; C:\Windows\System32\Drivers\alb2yz7k.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
R3 ALSysIO; \??\C:\Users\ADMINI~1.KEJ\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-14 21:23 - 2016-03-14 21:23 - 00022383 _____ C:\Users\Administrator.kEjs-PC\Desktop\FRST.txt
2016-03-14 21:22 - 2016-03-14 21:22 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Desktop\Nová složka (2)
2016-03-14 21:13 - 2016-03-14 21:13 - 05052904 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-14 21:10 - 2016-03-14 21:11 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-14 21:09 - 2016-03-14 21:09 - 01527296 _____ C:\Users\Administrator.kEjs-PC\Desktop\adwcleaner_5.102.exe
2016-03-14 20:28 - 2016-03-14 21:23 - 00000000 ____D C:\FRST
2016-03-14 20:27 - 2016-03-14 20:27 - 00112640 _____ (forum.viry.cz) C:\Users\Administrator.kEjs-PC\Desktop\FRSTLauncher.exe
2016-03-14 20:26 - 2016-03-14 20:26 - 02374144 _____ (Farbar) C:\Users\Administrator.kEjs-PC\Desktop\FRST64.exe
2016-03-14 20:01 - 2016-03-14 20:01 - 130545816 _____ C:\Users\Administrator.kEjs-PC\Desktop\org.zip
2016-03-14 20:00 - 2016-03-14 20:00 - 05846702 _____ C:\Users\Administrator.kEjs-PC\Downloads\organizace.pez
2016-03-14 19:59 - 2016-03-14 19:59 - 05846702 _____ C:\Users\Administrator.kEjs-PC\Desktop\organizace_.pez
2016-03-14 19:58 - 2016-03-14 19:58 - 05846702 _____ C:\Users\Administrator.kEjs-PC\Desktop\organizace.pez
2016-03-14 19:57 - 2016-03-14 19:57 - 00111968 _____ C:\Users\Administrator.kEjs-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-14 18:22 - 2016-03-14 18:22 - 01222144 _____ C:\Users\Administrator.kEjs-PC\Downloads\RSITx64.exe
2016-03-14 18:22 - 2016-03-14 18:22 - 00000000 ____D C:\rsit
2016-03-14 18:22 - 2016-03-14 18:22 - 00000000 ____D C:\Program Files\trend micro
2016-03-14 17:44 - 2016-03-14 17:44 - 01578415 _____ C:\Users\Administrator.kEjs-PC\Downloads\Procesy pro podporu rozhodování.rar
2016-03-14 16:40 - 2016-03-14 16:40 - 06590852 _____ C:\Users\Administrator.kEjs-PC\Desktop\jop.pez
2016-03-13 16:17 - 2016-03-13 16:17 - 01039273 _____ C:\Users\Administrator.kEjs-PC\Downloads\02_Planovani.zip
2016-03-11 18:27 - 2016-03-11 18:27 - 00009355 _____ C:\Users\Administrator.kEjs-PC\Downloads\[kat.cr]vikings.s04e04.720p.hdtv.x264.killers.ettv.torrent
2016-03-11 15:05 - 2016-03-13 15:07 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-11 15:05 - 2016-03-11 15:05 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 15:05 - 2016-03-11 15:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 15:05 - 2016-03-11 15:05 - 00003966 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-03-11 15:05 - 2016-03-11 15:05 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-11 13:37 - 2016-03-11 13:37 - 00003072 _____ C:\Users\Administrator.kEjs-PC\Downloads\_Thumbs (2).db
2016-03-11 13:37 - 2016-03-11 13:37 - 00003072 _____ C:\Users\Administrator.kEjs-PC\Downloads\_Thumbs (1).db
2016-03-11 13:20 - 2016-03-11 13:20 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Prezi
2016-03-11 13:20 - 2016-03-11 13:20 - 00000000 ____D C:\Users\Administrator.kEjs-PC\AppData\Roaming\com.prezi.PreziDesktop
2016-03-11 13:18 - 2016-03-11 13:18 - 00001865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi.lnk
2016-03-11 13:18 - 2016-03-11 13:18 - 00001853 _____ C:\Users\Public\Desktop\Prezi.lnk
2016-03-11 13:17 - 2016-03-11 13:18 - 00000000 ____D C:\Program Files (x86)\Prezi
2016-03-11 12:54 - 2016-03-11 13:03 - 570318288 _____ (Prezi.com) C:\Users\Administrator.kEjs-PC\Downloads\Install_Prezi_5.2.8.exe
2016-03-09 19:02 - 2016-03-09 19:02 - 00136129 _____ C:\Users\Administrator.kEjs-PC\Downloads\Podklady_prednaska_5.pptx
2016-03-07 17:06 - 2016-03-07 17:06 - 00005161 _____ C:\Users\Administrator.kEjs-PC\Downloads\[kat.cr]the.walking.dead.s06e12.hdtv.x264.killers.ettv.torrent
2016-03-05 22:23 - 2016-03-05 22:24 - 00080936 _____ C:\Users\Administrator.kEjs-PC\Downloads\EBFDD59485DBBC32DDB90551EAAC4487FEEBAA26.torrent
2016-03-05 22:23 - 2016-03-05 22:23 - 00080936 _____ C:\Users\Administrator.kEjs-PC\Downloads\EBFDD59485DBBC32DDB90551EAAC4487FEEBAA26 (1).torrent
2016-03-04 12:19 - 2016-03-04 13:36 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Desktop\bases
2016-03-02 20:06 - 2016-03-02 20:06 - 00147499 _____ C:\Users\Administrator.kEjs-PC\Downloads\Podklady_prednaska_4.pptx
2016-03-01 22:23 - 2016-03-01 22:23 - 00752287 _____ C:\Users\Administrator.kEjs-PC\Downloads\revision_6.pdf
2016-03-01 22:23 - 2016-03-01 22:23 - 00752287 _____ C:\Users\Administrator.kEjs-PC\Downloads\revision_6 (1).pdf
2016-02-29 14:12 - 2016-02-29 14:12 - 00091004 _____ C:\Users\Administrator.kEjs-PC\Downloads\45CC866E5C94A73195F8C74576FE067502A75272.torrent
2016-02-29 14:11 - 2016-02-29 14:11 - 00091851 _____ C:\Users\Administrator.kEjs-PC\Downloads\42E59E8E1FF5FCE344BEECE00B284C82F4CB1B25.torrent
2016-02-29 14:10 - 2016-02-29 14:10 - 00034288 _____ C:\Users\Administrator.kEjs-PC\Downloads\[kat.cr]the.walking.dead.s06e11.hdtv.x264.fleet.rartv.torrent
2016-02-24 20:17 - 2016-02-24 20:17 - 00239462 _____ C:\Users\Administrator.kEjs-PC\Downloads\revision1.pdf
2016-02-22 20:18 - 2016-02-22 20:25 - 88084462 _____ C:\Users\Administrator.kEjs-PC\Downloads\Clash Royale_1.1.0.apk
2016-02-22 20:16 - 2016-03-11 12:22 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-22 20:16 - 2016-03-11 12:22 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-22 20:14 - 2016-03-14 21:19 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-22 20:14 - 2016-03-14 21:13 - 00000962 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-22 20:14 - 2016-02-22 20:14 - 00987728 _____ (Google Inc.) C:\Users\Administrator.kEjs-PC\Downloads\ChromeSetup.exe
2016-02-22 20:14 - 2016-02-22 20:14 - 00003962 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-22 20:14 - 2016-02-22 20:14 - 00003710 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-22 18:38 - 2016-02-22 18:38 - 00045518 _____ C:\Users\Administrator.kEjs-PC\Downloads\KmanP_VmanP_2015-2016_Bodove_hodnoceni.xlsx
2016-02-22 17:59 - 2016-02-22 17:59 - 00000880 _____ C:\Users\Administrator.kEjs-PC\Downloads\Fear.The.Walking.Dead.Flight.462.Part.6-GHoSTCR3W.srt
2016-02-22 17:51 - 2016-02-22 17:51 - 00002021 _____ C:\Users\Administrator.kEjs-PC\Downloads\Fear.The.Walking.Dead.Flight.462.Part.1-GHoSTCR3W.srt
2016-02-19 19:30 - 2016-02-19 19:30 - 00000000 ____D C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-19 16:26 - 2016-03-04 13:37 - 00000000 ____D C:\Users\Administrator.kEjs-PC\Desktop\Nová složka
2016-02-15 14:53 - 2016-02-15 14:53 - 00021691 _____ C:\Users\Administrator.kEjs-PC\Downloads\priklady.pdf
2016-02-15 14:52 - 2016-02-15 14:52 - 00795273 _____ C:\Users\Administrator.kEjs-PC\Downloads\1. Základy statistiky - datové soubory.pdf
2016-02-15 14:51 - 2016-02-15 14:51 - 00454283 _____ C:\Users\Administrator.kEjs-PC\Downloads\1. Základy statistiky - datové soubory - opraveno
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-14 21:23 - 2014-01-05 20:43 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Local\Adobe
2016-03-14 21:21 - 2009-07-14 05:45 - 00023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-14 21:21 - 2009-07-14 05:45 - 00023056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-14 21:17 - 2009-07-14 16:18 - 00672158 _____ C:\Windows\system32\perfh005.dat
2016-03-14 21:17 - 2009-07-14 16:18 - 00142754 _____ C:\Windows\system32\perfc005.dat
2016-03-14 21:17 - 2009-07-14 06:13 - 01593238 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 21:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-14 21:13 - 2016-01-26 17:02 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-03-14 21:13 - 2015-02-20 19:05 - 00000000 ___RD C:\Users\Administrator.kEjs-PC\Dropbox
2016-03-14 21:13 - 2015-02-20 19:03 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\Dropbox
2016-03-14 21:13 - 2014-01-01 18:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-14 21:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-14 21:09 - 2015-05-05 15:16 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Local\Spotify
2016-03-14 20:35 - 2015-06-21 14:22 - 00000966 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500UA.job
2016-03-14 20:25 - 2015-05-05 15:14 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\Spotify
2016-03-14 14:35 - 2015-06-21 14:22 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500Core.job
2016-03-11 19:58 - 2014-01-12 02:50 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\uTorrent
2016-03-11 18:29 - 2014-01-10 16:47 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2016-03-11 14:33 - 2014-01-02 21:44 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-11 13:20 - 2014-01-01 17:50 - 00000000 ____D C:\Users\Administrator.kEjs-PC
2016-03-11 13:16 - 2009-07-14 06:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-11 13:12 - 2014-07-30 16:04 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-11 13:11 - 2015-09-28 15:56 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-11 13:11 - 2014-02-09 18:49 - 00000000 ___HD C:\Users\Administrator.kEjs-PC\AppData\Roaming\TS3Client
2016-03-04 11:42 - 2016-02-08 18:09 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454951369
2016-03-04 11:42 - 2016-02-08 18:08 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-28 19:48 - 2014-11-13 17:58 - 00000000 ____D C:\Program Files\CCleaner
2016-02-22 20:16 - 2014-01-02 21:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-19 00:55 - 2014-04-22 17:25 - 04509363 ____H C:\Users\Administrator.kEjs-PC\AppData\Local\IconCache.db.backup
2016-02-13 16:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
==================== Files in the root of some directories =======
2014-04-15 15:14 - 2010-04-07 14:08 - 0076351 _____ () C:\Program Files (x86)\Photoshop CS5 Read Me.pdf
2014-05-07 20:42 - 2015-10-10 21:52 - 0006144 ____H () C:\Users\Administrator.kEjs-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-07 18:45 - 2014-01-07 18:45 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Administrator.kEjs-PC\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_182_pepper.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500Core.job => C:\Users\Administrator.kEjs-PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-703323477-901136438-3501750363-500UA.job => C:\Users\Administrator.kEjs-PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Administrator.kEjs-PC\Desktop" je 163 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Redirecting v prohlížečích
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [AdobeBridge] => [X]
AutoConfigURL: [S-1-5-21-703323477-901136438-3501750363-500] => hxxp://unstopp.me/wpad.dat?35014cb3a768 ... d104889644
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 alb2yz7k; C:\Windows\System32\Drivers\alb2yz7k.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks\AutoKMS
C:\Users\Administrator.kEjs-PC\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Redirecting v prohlížečích
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Administrator (2016-03-14 21:35:21) Run:1
Running from C:\Users\Administrator.kEjs-PC\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [AdobeBridge] => [X]
AutoConfigURL: [S-1-5-21-703323477-901136438-3501750363-500] => hxxp://unstopp.me/wpad.dat?35014cb3a768 ... d104889644
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 alb2yz7k; C:\Windows\System32\Drivers\alb2yz7k.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks\AutoKMS
C:\Users\Administrator.kEjs-PC\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-703323477-901136438-3501750363-500\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-703323477-901136438-3501750363-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
alb2yz7k => service removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"C:\Users\Administrator.kEjs-PC\AppData\Local\Temp" folder move:
Could not move "C:\Users\Administrator.kEjs-PC\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-14 21:37:19)
C:\Users\Administrator.kEjs-PC\AppData\Local\Temp => moved successfully
==== End of Fixlog 21:37:19 ====
Ran by Administrator (2016-03-14 21:35:21) Run:1
Running from C:\Users\Administrator.kEjs-PC\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-703323477-901136438-3501750363-500\...\Run: [AdobeBridge] => [X]
AutoConfigURL: [S-1-5-21-703323477-901136438-3501750363-500] => hxxp://unstopp.me/wpad.dat?35014cb3a768 ... d104889644
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 alb2yz7k; C:\Windows\System32\Drivers\alb2yz7k.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks\AutoKMS
C:\Users\Administrator.kEjs-PC\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-703323477-901136438-3501750363-500\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-703323477-901136438-3501750363-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
alb2yz7k => service removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"C:\Users\Administrator.kEjs-PC\AppData\Local\Temp" folder move:
Could not move "C:\Users\Administrator.kEjs-PC\AppData\Local\Temp" => Scheduled to move on reboot.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-14 21:37:19)
C:\Users\Administrator.kEjs-PC\AppData\Local\Temp => moved successfully
==== End of Fixlog 21:37:19 ====
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Redirecting v prohlížečích
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Redirecting v prohlížečích
Super, vyřešeno. Děkuji mnohokrát 
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Redirecting v prohlížečích
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?