Zdravicko ve spolek!
Prosim o radu. Pritelkyni jsem daval do poradku jeji PC. Mela tam hrozne zaneradene Visty a ja ji tam chtel nahodit Win7. Bohuzel jsem nedal odstraneni logicke jednotky a znovu vytvoreni, ale jen naformatovani pred samotnou instalaci. Tim ta svine RSA 4096 Ransomware Description zustala v zavadecim oddilu. Vim, ze tady v jejim pripade uz zasifrovane data bez zaplaceni nezachranim. (pokud se platu, prosim, opravte mne!)
Mam tu proto jen dotaz, jestli byste se mi, prosim, nemrkli na tento log. Jestli nahodou tu svini nemam na svem PC taky:
Diky!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:07:09, on 14.4.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal
Running processes:
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Petr\Downloads\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mylumia.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{E3A5A~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{E3A5A~1\reboot.ini
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [Bose Updater] "C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: forteManager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 0516352997
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A9041C8-6B35-4684-8844-DB2EECC54D6F}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: bw+0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw+0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw-0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw-0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw00 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw00s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw10 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw10s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw20 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw20s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw30 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw30s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw40 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw40s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw50 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw50s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw60 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw60s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw70 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw70s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw80 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw80s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw90 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bw90s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwa0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwa0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwb0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwb0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwc0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwc0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwd0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwd0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwe0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwe0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwf0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwf0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwg0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwg0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwh0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwh0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwi0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwi0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwj0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwj0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwk0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwk0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwl0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwl0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwm0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwm0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwn0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwn0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwo0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwo0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwp0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwp0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwq0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwq0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwr0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwr0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bws0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bws0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwt0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwt0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwu0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwu0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwv0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwv0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bww0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bww0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwx0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwx0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwy0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwy0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwz0 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: bwz0s - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O18 - Protocol: offline-8876480 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - (no file)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron X64 Service (nlscc) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing)
O23 - Service: NPVR Recording Service - Unknown owner - C:\Program Files (x86)\NPVR\NRecord.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 17106 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
RSA 4096 Ransomware Description
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
kolemjdouci
- Návštěvník
- Příspěvky: 9
- Registrován: 14 dub 2016 15:13
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: RSA 4096 Ransomware Description
Zdravím!
Vyčistit vám PC mohu, ale dešifrování dat ne, je k tomu třeba přímý přístup do PC, což nemáme právně ošetřeno. S tím se pak obraťte sem: https://neslape.cz/?utm_campaign=neslap ... ium=banner
Spusťte tuto utilitu:
Vyčistit vám PC mohu, ale dešifrování dat ne, je k tomu třeba přímý přístup do PC, což nemáme právně ošetřeno. S tím se pak obraťte sem: https://neslape.cz/?utm_campaign=neslap ... ium=banner
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kolemjdouci
- Návštěvník
- Příspěvky: 9
- Registrován: 14 dub 2016 15:13
Re: RSA 4096 Ransomware Description
Moc dekuji za reakci. S Vasim kolegou jsme uz komplet resili problem se zasifrovanim. Bohuzel se jednalo o tu nejpokrocilejsi 6 generaci a tim padem je obnova bez sance.
Dale tady je tedy ten vypis, moc dekuji, ze mi ted pomahate:
# AdwCleaner v5.111 - Log soubor vytvořen 14/04/2016 o 22:00:41
# Aktualizováno 14/04/2016 by Xplode
# Databáze : 2016-04-11.4 [Server]
# Operační systém : Windows 7 Ultimate Service Pack 1 (X64)
# Jméno uživatele : Petr - PETR-PC
# Spuštěno z : C:\Users\Petr\Desktop\adwcleaner_5.111.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazáno : C:\Program Files (x86)\GreenTree Applications
[-] Složka smazáno : C:\Program Files (x86)\myfree codec
[-] Složka smazáno : C:\ProgramData\IBUpdaterService
[-] Složka smazáno : C:\ProgramData\Systweak
[-] Složka smazáno : C:\ProgramData\Tarma Installer
[-] Složka smazáno : C:\ProgramData\ytd video downloader
[#] Složka smazáno : C:\ProgramData\Application Data\IBUpdaterService
[#] Složka smazáno : C:\ProgramData\Application Data\Systweak
[#] Složka smazáno : C:\ProgramData\Application Data\Tarma Installer
[#] Složka smazáno : C:\ProgramData\Application Data\ytd video downloader
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Složka smazáno : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
[-] Složka smazáno : C:\Users\Petr\AppData\Roaming\PerformerSoft
[-] Složka smazáno : C:\Users\Petr\AppData\Roaming\SpeedanAlysis
[-] Složka smazáno : C:\Users\Petr\AppData\Roaming\Systweak
***** [ Soubory ] *****
[-] Soubor smazáno : C:\Users\Petr\AppData\Roaming\speedanalysis.ico
[-] Soubor smazáno : C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\YTD Video Downloader.lnk
[-] Soubor smazáno : C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YTD Video Downloader.lnk
[-] Soubor smazáno : C:\Users\Public\Desktop\YTD Video Downloader.lnk
[-] Soubor smazáno : C:\Windows\SysNative\roboot64.exe
***** [ DLLs ] *****
***** [ Zástupci ] *****
***** [ Naplánované úkoly ] *****
***** [ Registr ] *****
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
[-] Hodnota smazáno : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
[-] Hodnota smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
[-] Klávesa smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\TypeLib\{05E242CB-338E-4A4F-A726-80BAB386D079}
[-] Klávesa smazáno : HKCU\Software\APN PIP
[-] Klávesa smazáno : HKCU\Software\filescout
[-] Klávesa smazáno : HKCU\Software\Myfree Codec
[-] Klávesa smazáno : HKCU\Software\performersoft llc
[-] Klávesa smazáno : HKLM\SOFTWARE\Myfree Codec
[-] Klávesa smazáno : HKLM\SOFTWARE\PIP
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Speedchecker Limited
[-] Klávesa smazáno : HKU\.DEFAULT\Software\IBUpdaterService
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1412637128-1742022395-2623691983-1000\Software\Headlight
***** [ Webové prohlížeče ] *****
*************************
:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno
:: Chrome preferences reset : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4473 bytes] - [14/04/2016 22:00:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [4820 bytes] - [14/04/2016 21:54:20]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4619 bytes] ##########
Dale tady je tedy ten vypis, moc dekuji, ze mi ted pomahate:
# AdwCleaner v5.111 - Log soubor vytvořen 14/04/2016 o 22:00:41
# Aktualizováno 14/04/2016 by Xplode
# Databáze : 2016-04-11.4 [Server]
# Operační systém : Windows 7 Ultimate Service Pack 1 (X64)
# Jméno uživatele : Petr - PETR-PC
# Spuštěno z : C:\Users\Petr\Desktop\adwcleaner_5.111.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazáno : C:\Program Files (x86)\GreenTree Applications
[-] Složka smazáno : C:\Program Files (x86)\myfree codec
[-] Složka smazáno : C:\ProgramData\IBUpdaterService
[-] Složka smazáno : C:\ProgramData\Systweak
[-] Složka smazáno : C:\ProgramData\Tarma Installer
[-] Složka smazáno : C:\ProgramData\ytd video downloader
[#] Složka smazáno : C:\ProgramData\Application Data\IBUpdaterService
[#] Složka smazáno : C:\ProgramData\Application Data\Systweak
[#] Složka smazáno : C:\ProgramData\Application Data\Tarma Installer
[#] Složka smazáno : C:\ProgramData\Application Data\ytd video downloader
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Složka smazáno : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
[-] Složka smazáno : C:\Users\Petr\AppData\Roaming\PerformerSoft
[-] Složka smazáno : C:\Users\Petr\AppData\Roaming\SpeedanAlysis
[-] Složka smazáno : C:\Users\Petr\AppData\Roaming\Systweak
***** [ Soubory ] *****
[-] Soubor smazáno : C:\Users\Petr\AppData\Roaming\speedanalysis.ico
[-] Soubor smazáno : C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\YTD Video Downloader.lnk
[-] Soubor smazáno : C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YTD Video Downloader.lnk
[-] Soubor smazáno : C:\Users\Public\Desktop\YTD Video Downloader.lnk
[-] Soubor smazáno : C:\Windows\SysNative\roboot64.exe
***** [ DLLs ] *****
***** [ Zástupci ] *****
***** [ Naplánované úkoly ] *****
***** [ Registr ] *****
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
[-] Hodnota smazáno : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
[-] Hodnota smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
[-] Klávesa smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\TypeLib\{05E242CB-338E-4A4F-A726-80BAB386D079}
[-] Klávesa smazáno : HKCU\Software\APN PIP
[-] Klávesa smazáno : HKCU\Software\filescout
[-] Klávesa smazáno : HKCU\Software\Myfree Codec
[-] Klávesa smazáno : HKCU\Software\performersoft llc
[-] Klávesa smazáno : HKLM\SOFTWARE\Myfree Codec
[-] Klávesa smazáno : HKLM\SOFTWARE\PIP
[-] Klávesa smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Klávesa smazáno : [x64] HKLM\SOFTWARE\Speedchecker Limited
[-] Klávesa smazáno : HKU\.DEFAULT\Software\IBUpdaterService
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1412637128-1742022395-2623691983-1000\Software\Headlight
***** [ Webové prohlížeče ] *****
*************************
:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno
:: Chrome preferences reset : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4473 bytes] - [14/04/2016 22:00:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [4820 bytes] - [14/04/2016 21:54:20]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4619 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: RSA 4096 Ransomware Description
OK. Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kolemjdouci
- Návštěvník
- Příspěvky: 9
- Registrován: 14 dub 2016 15:13
Re: RSA 4096 Ransomware Description
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Petr (administrator) on PETR-PC (14-04-2016 22:23:21)
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlsInterface.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Bose Corporation) C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\ehome\ehshell.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\...\Run: [Bose Updater] => C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE [1194752 2016-03-15] (Bose Corporation)
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk [2012-05-19]
ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe ()
BootExecute: autocheck autochk * sasnative64sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2010-11-20] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424 2015-04-05] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0865B76A-4330-47E3-977F-58FDE8819619}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9A9041C8-6B35-4684-8844-DB2EECC54D6F}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylumia.cz/
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-14] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1430516352997
Handler: bw+0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw+0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw-0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw-0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw00 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw00s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw10 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw10s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw20 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw20s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw30 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw30s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw40 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw40s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw50 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw50s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw60 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw60s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw70 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw70s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw80 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw80s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw90 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw90s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwa0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwa0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwb0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwb0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwc0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwc0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwd0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwd0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwe0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwe0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwf0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwf0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwg0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwg0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwh0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwh0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwi0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwi0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwj0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwj0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwk0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwk0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwl0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwl0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwm0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwm0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwn0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwn0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwo0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwo0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwp0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwp0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwq0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwq0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwr0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwr0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bws0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bws0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwt0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwt0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwu0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwu0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwv0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwv0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bww0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bww0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwx0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwx0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwy0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwy0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwz0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwz0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: offline-8876480 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - No File
FireFox:
========
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0bvmylte.default-1388624913426
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-10] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2012-06-06] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-1412637128-1742022395-2623691983-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Petr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1412637128-1742022395-2623691983-1000: @talk.google.com/O1DPlugin -> C:\Users\Petr\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1412637128-1742022395-2623691983-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Petr\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1412637128-1742022395-2623691983-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Petr\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2004-12-14] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Petr\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Petr\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-05-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-12] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]
CHR Extension: (Google Drive) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-10-02] (Adobe Systems) [File not signed]
R2 astcc; C:\Windows\SysWOW64\ASTSRV.exe [57344 2008-01-07] (Nalpeiron Ltd.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2521440 2016-02-22] (ESET)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 nlscc; C:\Windows\system32\nlsInterface.exe [72192 2009-04-03] (Nalpeiron Ltd.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-04-14] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 NPVR Recording Service; "C:\Program Files (x86)\NPVR\NRecord.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AVerAF35; C:\Windows\System32\Drivers\HPAF35.sys [805632 2012-02-09] (Hewlett-Packard)
S3 DrvSnSht; C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys [132432 2010-06-01] (R-TT Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-02-09] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-02-09] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2016-02-09] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [198096 2016-02-09] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53384 2016-02-09] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-02-09] (ESET)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-04-14] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-14] ()
R3 HPIR; C:\Windows\System32\DRIVERS\HPIR.sys [93184 2009-11-16] (Hewlett-Packard)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] () [File not signed]
S3 MAYA44; C:\Windows\System32\Drivers\Maya44.sys [445136 2013-01-10] (Audiotrack)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2006-01-19] (Padus, Inc.) [File not signed]
S3 pgusbmme; C:\Windows\System32\drivers\pgusbmm3.sys [54992 2013-01-10] (usb-audio.de)
S3 R-ImageDisk; C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys [186832 2010-06-12] (R-TT Inc.)
S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [73552 2012-11-29] (Dataram, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-05-20] (Duplex Secure Ltd.)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-14 22:23 - 2016-04-14 22:23 - 00024576 _____ C:\Users\Petr\Desktop\FRST.txt
2016-04-14 22:22 - 2016-04-14 22:23 - 00000000 ____D C:\FRST
2016-04-14 22:18 - 2016-04-14 22:17 - 02375168 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2016-04-14 21:51 - 2016-04-14 22:00 - 00000000 ____D C:\AdwCleaner
2016-04-14 21:51 - 2016-04-14 21:50 - 03670016 _____ C:\Users\Petr\Desktop\adwcleaner_5.111.exe
2016-04-14 17:41 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-04-14 17:41 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-04-14 17:41 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-04-14 17:41 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-04-14 17:41 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-04-14 17:41 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-04-14 17:41 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-04-14 17:41 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-04-14 17:06 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-04-14 17:06 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-04-14 16:58 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-04-14 16:58 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-04-14 16:06 - 2016-04-14 16:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Petr\Downloads\hijackthis.exe
2016-04-14 14:23 - 2016-04-14 14:23 - 00001987 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2016-04-14 14:23 - 2016-04-14 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-04-14 14:23 - 2016-04-14 14:23 - 00000000 ____D C:\ProgramData\ESET
2016-04-14 14:23 - 2016-04-14 14:23 - 00000000 ____D C:\Program Files\ESET
2016-04-14 13:14 - 2016-04-14 13:14 - 00020592 _____ C:\ComboFix.txt
2016-04-14 13:00 - 2016-04-14 13:01 - 00133494 _____ C:\Users\Petr\Documents\cc_20160414_130056.reg
2016-04-14 12:57 - 2014-04-30 18:57 - 00000167 _____ C:\Windows\system32\Drivers\etc\hosts.20160414-125721.backup
2016-04-14 12:07 - 2016-04-14 12:07 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-14 11:24 - 2016-04-14 11:24 - 00000000 _____ C:\autoexec.bat
2016-04-14 11:23 - 2016-04-14 11:23 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-04-14 11:23 - 2016-04-14 11:23 - 00001047 _____ C:\Users\Petr\Desktop\SpyHunter.lnk
2016-04-14 11:23 - 2016-04-14 11:23 - 00000000 ____D C:\Users\Petr\AppData\Roaming\www.shadowexplorer.com
2016-04-14 11:23 - 2016-04-14 11:23 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Enigma Software Group
2016-04-14 11:23 - 2016-04-14 11:23 - 00000000 ____D C:\sh4ldr
2016-04-14 11:22 - 2016-04-14 11:22 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-14 11:22 - 2016-04-14 11:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-04-13 00:22 - 2016-04-13 00:24 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Sony
2016-04-13 00:22 - 2016-04-13 00:22 - 00000000 ____D C:\ProgramData\Sony
2016-04-13 00:21 - 2016-04-13 00:39 - 00000342 _____ C:\Users\Petr\Desktop\lamedropXPd.ini
2016-04-13 00:21 - 2016-04-13 00:21 - 01167872 _____ C:\Users\Petr\Desktop\lamedropXPd3.exe
2016-03-25 17:18 - 2016-03-25 17:18 - 00000132 _____ C:\Users\Petr\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
2016-03-20 19:24 - 2016-03-20 19:32 - 00000000 ____D C:\Users\Petr\Desktop\Nová složka
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-15 14:05 - 2016-03-15 14:05 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
2016-03-15 12:08 - 2016-03-15 12:08 - 00000000 ____D C:\Program Files (x86)\Bose Updater
2016-03-15 11:49 - 2008-12-22 17:05 - 00070696 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwsecfl.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-14 22:21 - 2009-07-14 06:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-14 22:21 - 2009-07-14 06:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-14 22:12 - 2015-12-26 20:01 - 00000958 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412637128-1742022395-2623691983-1000UA.job
2016-04-14 22:08 - 2009-07-14 17:18 - 00669116 _____ C:\Windows\system32\perfh005.dat
2016-04-14 22:08 - 2009-07-14 17:18 - 00141744 _____ C:\Windows\system32\perfc005.dat
2016-04-14 22:08 - 2009-07-14 07:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-14 22:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-14 22:04 - 2012-05-19 13:26 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-14 22:02 - 2013-01-25 01:00 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 22:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-14 22:00 - 2013-01-25 01:00 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 21:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-14 21:17 - 2015-04-05 14:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-04-14 21:17 - 2015-04-05 14:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-04-14 21:17 - 2012-05-19 12:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-14 19:02 - 2014-05-17 15:24 - 01560204 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-14 18:53 - 2015-04-05 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-14 18:43 - 2015-04-05 14:32 - 00000000 ____D C:\Windows\system32\MRT
2016-04-14 18:39 - 2012-05-30 00:01 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-14 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-14 16:03 - 2012-05-20 17:14 - 00000000 ____D C:\Users\Petr\AppData\Local\ElevatedDiagnostics
2016-04-14 16:00 - 2013-09-16 22:44 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Naked Note Software
2016-04-14 16:00 - 2013-09-16 22:43 - 00000000 ____D C:\Wav-2-Midi
2016-04-14 16:00 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-14 15:56 - 2013-04-08 18:54 - 00000000 ____D C:\Program Files (x86)\MP3 Skype Recorder
2016-04-14 15:56 - 2013-01-07 23:32 - 00000000 ____D C:\Users\Public\NPVR
2016-04-14 15:50 - 2013-01-23 14:16 - 00000000 ____D C:\Program Files (x86)\AntiTwin
2016-04-14 15:49 - 2012-05-19 16:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-14 14:43 - 2012-05-23 22:19 - 00000000 ____D C:\temp
2016-04-14 14:24 - 2013-05-03 20:07 - 00000000 ____D C:\Users\Petr\AppData\Local\ESET
2016-04-14 14:21 - 2013-03-03 23:28 - 00001912 _____ C:\Windows\epplauncher.mif
2016-04-14 13:18 - 2012-05-19 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-14 13:14 - 2013-12-26 00:16 - 00000000 ____D C:\Qoobox
2016-04-14 13:12 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-04-14 13:07 - 2013-05-12 20:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-14 12:57 - 2014-03-30 23:12 - 00000000 ____D C:\Users\Petr\AppData\Roaming\MPC-HC
2016-04-14 12:57 - 2012-06-07 21:04 - 00000000 ____D C:\Users\Petr\AppData\Roaming\TeamViewer
2016-04-14 12:57 - 2012-05-26 00:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-14 12:56 - 2015-09-22 23:29 - 00000000 ____D C:\Users\Petr\AppData\Local\CrashDumps
2016-04-14 12:56 - 2012-05-19 12:40 - 00000000 ____D C:\Windows\Panther
2016-04-14 12:50 - 2014-10-18 10:52 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-14 12:07 - 2015-12-28 11:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-14 11:57 - 2015-04-09 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-14 11:23 - 2012-05-19 11:45 - 00000000 ____D C:\Users\Petr
2016-04-14 10:59 - 2009-07-14 07:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-14 10:58 - 2014-07-13 12:06 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1405245997
2016-04-14 10:58 - 2014-07-13 12:06 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-13 00:22 - 2015-12-24 18:49 - 00000000 ____D C:\Users\Petr\AppData\Local\Sony
2016-04-12 21:12 - 2015-12-26 20:01 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412637128-1742022395-2623691983-1000Core.job
2016-04-11 23:10 - 2012-05-19 13:35 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForPetr
2016-04-11 23:10 - 2012-05-19 13:35 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForPetr.job
2016-04-10 22:04 - 2012-05-19 13:26 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-10 22:04 - 2012-05-19 13:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-10 22:04 - 2012-05-19 13:26 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-10 22:02 - 2013-05-29 02:04 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-10 22:02 - 2013-05-29 02:04 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-10 21:53 - 2015-04-05 08:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-04-08 10:20 - 2015-04-05 19:04 - 00000000 ____D C:\Users\Petr\AppData\Roaming\vlc
2016-04-07 10:15 - 2012-05-20 17:22 - 00000952 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2016-03-25 22:08 - 2014-12-29 00:34 - 00002020 _____ C:\Users\Petr\Desktop\WYSIWYG Web Builder 9.lnk
2016-03-25 22:08 - 2014-12-29 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WYSIWYG Web Builder 9
2016-03-25 22:08 - 2014-12-29 00:34 - 00000000 ____D C:\Program Files (x86)\WYSIWYG Web Builder 9
2016-03-15 20:38 - 2012-05-23 20:18 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Skype
2016-03-15 19:26 - 2014-11-18 22:04 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-15 19:26 - 2014-11-18 22:04 - 00000000 ____D C:\Users\Petr\AppData\Local\Skype
2016-03-15 19:26 - 2012-05-23 20:18 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2016-03-25 17:18 - 2016-03-25 17:18 - 0000132 _____ () C:\Users\Petr\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
2012-07-29 22:43 - 2013-06-27 22:57 - 0000132 _____ () C:\Users\Petr\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2012-05-26 10:28 - 2015-12-24 01:58 - 0000132 _____ () C:\Users\Petr\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2012-07-06 17:01 - 2015-06-17 22:52 - 0001480 _____ () C:\Users\Petr\AppData\Local\Adobe Uložit pro web 12.0 Prefs
2014-03-31 00:28 - 2014-04-05 15:10 - 0005632 _____ () C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-27 21:31 - 2013-08-27 21:31 - 0004096 ____H () C:\Users\Petr\AppData\Local\keyfile3.drm
2015-01-14 00:14 - 2015-01-14 00:14 - 0000017 _____ () C:\Users\Petr\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\Petr\AppData\Local\Temp\libeay32.dll
C:\Users\Petr\AppData\Local\Temp\msvcr120.dll
C:\Users\Petr\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-07 12:33
==================== End of FRST.txt ============================
Ran by Petr (administrator) on PETR-PC (14-04-2016 22:23:21)
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlsInterface.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Bose Corporation) C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\ehome\ehshell.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\...\Run: [Bose Updater] => C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE [1194752 2016-03-15] (Bose Corporation)
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-12-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk [2012-05-19]
ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe ()
BootExecute: autocheck autochk * sasnative64sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2010-11-20] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424 2015-04-05] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-14] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0865B76A-4330-47E3-977F-58FDE8819619}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9A9041C8-6B35-4684-8844-DB2EECC54D6F}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylumia.cz/
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-14] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-14] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1430516352997
Handler: bw+0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw+0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw-0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw-0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw00 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw00s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw10 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw10s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw20 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw20s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw30 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw30s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw40 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw40s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw50 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw50s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw60 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw60s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw70 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw70s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw80 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw80s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw90 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw90s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwa0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwa0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwb0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwb0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwc0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwc0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwd0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwd0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwe0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwe0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwf0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwf0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwg0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwg0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwh0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwh0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwi0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwi0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwj0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwj0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwk0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwk0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwl0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwl0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwm0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwm0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwn0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwn0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwo0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwo0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwp0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwp0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwq0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwq0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwr0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwr0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bws0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bws0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwt0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwt0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwu0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwu0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwv0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwv0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bww0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bww0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwx0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwx0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwy0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwy0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwz0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwz0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: offline-8876480 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - No File
FireFox:
========
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0bvmylte.default-1388624913426
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-10] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2012-06-06] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-1412637128-1742022395-2623691983-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Petr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1412637128-1742022395-2623691983-1000: @talk.google.com/O1DPlugin -> C:\Users\Petr\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1412637128-1742022395-2623691983-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Petr\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1412637128-1742022395-2623691983-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Petr\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2004-12-14] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Petr\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Petr\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-05-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-12] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]
CHR Extension: (Google Drive) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-10-02] (Adobe Systems) [File not signed]
R2 astcc; C:\Windows\SysWOW64\ASTSRV.exe [57344 2008-01-07] (Nalpeiron Ltd.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2521440 2016-02-22] (ESET)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 nlscc; C:\Windows\system32\nlsInterface.exe [72192 2009-04-03] (Nalpeiron Ltd.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-04-14] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 NPVR Recording Service; "C:\Program Files (x86)\NPVR\NRecord.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AVerAF35; C:\Windows\System32\Drivers\HPAF35.sys [805632 2012-02-09] (Hewlett-Packard)
S3 DrvSnSht; C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys [132432 2010-06-01] (R-TT Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-02-09] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-02-09] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2016-02-09] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [198096 2016-02-09] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53384 2016-02-09] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-02-09] (ESET)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-04-14] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-14] ()
R3 HPIR; C:\Windows\System32\DRIVERS\HPIR.sys [93184 2009-11-16] (Hewlett-Packard)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] () [File not signed]
S3 MAYA44; C:\Windows\System32\Drivers\Maya44.sys [445136 2013-01-10] (Audiotrack)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2006-01-19] (Padus, Inc.) [File not signed]
S3 pgusbmme; C:\Windows\System32\drivers\pgusbmm3.sys [54992 2013-01-10] (usb-audio.de)
S3 R-ImageDisk; C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys [186832 2010-06-12] (R-TT Inc.)
S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [73552 2012-11-29] (Dataram, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-05-20] (Duplex Secure Ltd.)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-14 22:23 - 2016-04-14 22:23 - 00024576 _____ C:\Users\Petr\Desktop\FRST.txt
2016-04-14 22:22 - 2016-04-14 22:23 - 00000000 ____D C:\FRST
2016-04-14 22:18 - 2016-04-14 22:17 - 02375168 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2016-04-14 21:51 - 2016-04-14 22:00 - 00000000 ____D C:\AdwCleaner
2016-04-14 21:51 - 2016-04-14 21:50 - 03670016 _____ C:\Users\Petr\Desktop\adwcleaner_5.111.exe
2016-04-14 17:41 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-04-14 17:41 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-04-14 17:41 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-04-14 17:41 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-04-14 17:41 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-04-14 17:41 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-04-14 17:41 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-04-14 17:41 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-04-14 17:06 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-04-14 17:06 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-04-14 16:58 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-04-14 16:58 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-04-14 16:06 - 2016-04-14 16:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Petr\Downloads\hijackthis.exe
2016-04-14 14:23 - 2016-04-14 14:23 - 00001987 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2016-04-14 14:23 - 2016-04-14 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-04-14 14:23 - 2016-04-14 14:23 - 00000000 ____D C:\ProgramData\ESET
2016-04-14 14:23 - 2016-04-14 14:23 - 00000000 ____D C:\Program Files\ESET
2016-04-14 13:14 - 2016-04-14 13:14 - 00020592 _____ C:\ComboFix.txt
2016-04-14 13:00 - 2016-04-14 13:01 - 00133494 _____ C:\Users\Petr\Documents\cc_20160414_130056.reg
2016-04-14 12:57 - 2014-04-30 18:57 - 00000167 _____ C:\Windows\system32\Drivers\etc\hosts.20160414-125721.backup
2016-04-14 12:07 - 2016-04-14 12:07 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-14 11:24 - 2016-04-14 11:24 - 00000000 _____ C:\autoexec.bat
2016-04-14 11:23 - 2016-04-14 11:23 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-04-14 11:23 - 2016-04-14 11:23 - 00001047 _____ C:\Users\Petr\Desktop\SpyHunter.lnk
2016-04-14 11:23 - 2016-04-14 11:23 - 00000000 ____D C:\Users\Petr\AppData\Roaming\www.shadowexplorer.com
2016-04-14 11:23 - 2016-04-14 11:23 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Enigma Software Group
2016-04-14 11:23 - 2016-04-14 11:23 - 00000000 ____D C:\sh4ldr
2016-04-14 11:22 - 2016-04-14 11:22 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-14 11:22 - 2016-04-14 11:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-04-13 00:22 - 2016-04-13 00:24 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Sony
2016-04-13 00:22 - 2016-04-13 00:22 - 00000000 ____D C:\ProgramData\Sony
2016-04-13 00:21 - 2016-04-13 00:39 - 00000342 _____ C:\Users\Petr\Desktop\lamedropXPd.ini
2016-04-13 00:21 - 2016-04-13 00:21 - 01167872 _____ C:\Users\Petr\Desktop\lamedropXPd3.exe
2016-03-25 17:18 - 2016-03-25 17:18 - 00000132 _____ C:\Users\Petr\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
2016-03-20 19:24 - 2016-03-20 19:32 - 00000000 ____D C:\Users\Petr\Desktop\Nová složka
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-15 19:26 - 2016-03-15 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-15 14:05 - 2016-03-15 14:05 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
2016-03-15 12:08 - 2016-03-15 12:08 - 00000000 ____D C:\Program Files (x86)\Bose Updater
2016-03-15 11:49 - 2008-12-22 17:05 - 00070696 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwsecfl.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-14 22:21 - 2009-07-14 06:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-14 22:21 - 2009-07-14 06:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-14 22:12 - 2015-12-26 20:01 - 00000958 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412637128-1742022395-2623691983-1000UA.job
2016-04-14 22:08 - 2009-07-14 17:18 - 00669116 _____ C:\Windows\system32\perfh005.dat
2016-04-14 22:08 - 2009-07-14 17:18 - 00141744 _____ C:\Windows\system32\perfc005.dat
2016-04-14 22:08 - 2009-07-14 07:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-14 22:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-14 22:04 - 2012-05-19 13:26 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-14 22:02 - 2013-01-25 01:00 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 22:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-14 22:00 - 2013-01-25 01:00 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 21:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-14 21:17 - 2015-04-05 14:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-04-14 21:17 - 2015-04-05 14:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-04-14 21:17 - 2012-05-19 12:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-14 19:02 - 2014-05-17 15:24 - 01560204 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-14 18:53 - 2015-04-05 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-14 18:43 - 2015-04-05 14:32 - 00000000 ____D C:\Windows\system32\MRT
2016-04-14 18:39 - 2012-05-30 00:01 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-14 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-14 16:03 - 2012-05-20 17:14 - 00000000 ____D C:\Users\Petr\AppData\Local\ElevatedDiagnostics
2016-04-14 16:00 - 2013-09-16 22:44 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Naked Note Software
2016-04-14 16:00 - 2013-09-16 22:43 - 00000000 ____D C:\Wav-2-Midi
2016-04-14 16:00 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-04-14 15:56 - 2013-04-08 18:54 - 00000000 ____D C:\Program Files (x86)\MP3 Skype Recorder
2016-04-14 15:56 - 2013-01-07 23:32 - 00000000 ____D C:\Users\Public\NPVR
2016-04-14 15:50 - 2013-01-23 14:16 - 00000000 ____D C:\Program Files (x86)\AntiTwin
2016-04-14 15:49 - 2012-05-19 16:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-14 14:43 - 2012-05-23 22:19 - 00000000 ____D C:\temp
2016-04-14 14:24 - 2013-05-03 20:07 - 00000000 ____D C:\Users\Petr\AppData\Local\ESET
2016-04-14 14:21 - 2013-03-03 23:28 - 00001912 _____ C:\Windows\epplauncher.mif
2016-04-14 13:18 - 2012-05-19 15:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-14 13:14 - 2013-12-26 00:16 - 00000000 ____D C:\Qoobox
2016-04-14 13:12 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-04-14 13:07 - 2013-05-12 20:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-14 12:57 - 2014-03-30 23:12 - 00000000 ____D C:\Users\Petr\AppData\Roaming\MPC-HC
2016-04-14 12:57 - 2012-06-07 21:04 - 00000000 ____D C:\Users\Petr\AppData\Roaming\TeamViewer
2016-04-14 12:57 - 2012-05-26 00:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-14 12:56 - 2015-09-22 23:29 - 00000000 ____D C:\Users\Petr\AppData\Local\CrashDumps
2016-04-14 12:56 - 2012-05-19 12:40 - 00000000 ____D C:\Windows\Panther
2016-04-14 12:50 - 2014-10-18 10:52 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-14 12:07 - 2015-12-28 11:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-14 11:57 - 2015-04-09 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-14 11:23 - 2012-05-19 11:45 - 00000000 ____D C:\Users\Petr
2016-04-14 10:59 - 2009-07-14 07:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-14 10:58 - 2014-07-13 12:06 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1405245997
2016-04-14 10:58 - 2014-07-13 12:06 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-13 00:22 - 2015-12-24 18:49 - 00000000 ____D C:\Users\Petr\AppData\Local\Sony
2016-04-12 21:12 - 2015-12-26 20:01 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412637128-1742022395-2623691983-1000Core.job
2016-04-11 23:10 - 2012-05-19 13:35 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForPetr
2016-04-11 23:10 - 2012-05-19 13:35 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForPetr.job
2016-04-10 22:04 - 2012-05-19 13:26 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-10 22:04 - 2012-05-19 13:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-10 22:04 - 2012-05-19 13:26 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-10 22:02 - 2013-05-29 02:04 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-10 22:02 - 2013-05-29 02:04 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-10 21:53 - 2015-04-05 08:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-04-08 10:20 - 2015-04-05 19:04 - 00000000 ____D C:\Users\Petr\AppData\Roaming\vlc
2016-04-07 10:15 - 2012-05-20 17:22 - 00000952 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2016-03-25 22:08 - 2014-12-29 00:34 - 00002020 _____ C:\Users\Petr\Desktop\WYSIWYG Web Builder 9.lnk
2016-03-25 22:08 - 2014-12-29 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WYSIWYG Web Builder 9
2016-03-25 22:08 - 2014-12-29 00:34 - 00000000 ____D C:\Program Files (x86)\WYSIWYG Web Builder 9
2016-03-15 20:38 - 2012-05-23 20:18 - 00000000 ____D C:\Users\Petr\AppData\Roaming\Skype
2016-03-15 19:26 - 2014-11-18 22:04 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-15 19:26 - 2014-11-18 22:04 - 00000000 ____D C:\Users\Petr\AppData\Local\Skype
2016-03-15 19:26 - 2012-05-23 20:18 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2016-03-25 17:18 - 2016-03-25 17:18 - 0000132 _____ () C:\Users\Petr\AppData\Roaming\Adobe Formát BMP CS5 – předvolby
2012-07-29 22:43 - 2013-06-27 22:57 - 0000132 _____ () C:\Users\Petr\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2012-05-26 10:28 - 2015-12-24 01:58 - 0000132 _____ () C:\Users\Petr\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2012-07-06 17:01 - 2015-06-17 22:52 - 0001480 _____ () C:\Users\Petr\AppData\Local\Adobe Uložit pro web 12.0 Prefs
2014-03-31 00:28 - 2014-04-05 15:10 - 0005632 _____ () C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-27 21:31 - 2013-08-27 21:31 - 0004096 ____H () C:\Users\Petr\AppData\Local\keyfile3.drm
2015-01-14 00:14 - 2015-01-14 00:14 - 0000017 _____ () C:\Users\Petr\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\Petr\AppData\Local\Temp\libeay32.dll
C:\Users\Petr\AppData\Local\Temp\msvcr120.dll
C:\Users\Petr\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-07 12:33
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.zip
- (14.41 KiB) Staženo 40 x
-
kolemjdouci
- Návštěvník
- Příspěvky: 9
- Registrován: 14 dub 2016 15:13
Re: RSA 4096 Ransomware Description
proc mi porad Firefox pise: affiliate.heureka.cz - Neduveryhodny certifikat? Hlasi mi to NOD. Diky! Radeji to pisu, vzdy ho dam blokovat.
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: RSA 4096 Ransomware Description
Otevřte poznámkový blok a zkopírujte do něj:
Nedůvěryhodný certifikát bude zřejmě proto, že nebyl ověřen. Co se týče nebezpečnosti bych se nebál, heureka.cz sama o sobě je důvěryhodná stránky. Kdybyste měl jiný antivir, nic by určitě nehlásil.
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: bw+0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw+0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw-0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw-0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw00 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw00s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw10 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw10s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw20 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw20s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw30 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw30s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw40 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw40s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw50 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw50s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw60 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw60s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw70 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw70s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw80 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw80s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw90 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw90s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwa0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwa0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwb0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwb0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwc0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwc0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwd0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwd0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwe0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwe0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwf0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwf0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwg0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwg0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwh0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwh0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwi0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwi0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwj0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwj0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwk0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwk0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwl0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwl0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwm0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwm0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwn0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwn0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwo0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwo0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwp0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwp0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwq0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwq0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwr0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwr0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bws0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bws0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwt0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwt0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwu0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwu0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwv0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwv0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bww0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bww0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwx0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwx0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwy0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwy0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwz0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwz0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: offline-8876480 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412637128-1742022395-2623691983-1000Core.job
C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Petr\AppData\Local\Temp
AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:638E6F6B [130]
AlternateDataStreams: C:\ProgramData\TEMP:888AFB86 [110]
AlternateDataStreams: C:\ProgramData\TEMP:8E7C96FD [181]
End
Nedůvěryhodný certifikát bude zřejmě proto, že nebyl ověřen. Co se týče nebezpečnosti bych se nebál, heureka.cz sama o sobě je důvěryhodná stránky. Kdybyste měl jiný antivir, nic by určitě nehlásil.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kolemjdouci
- Návštěvník
- Příspěvky: 9
- Registrován: 14 dub 2016 15:13
Re: RSA 4096 Ransomware Description
Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Petr (2016-04-15 18:56:30) Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: bw+0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw+0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw-0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw-0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw00 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw00s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw10 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw10s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw20 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw20s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw30 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw30s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw40 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw40s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw50 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw50s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw60 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw60s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw70 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw70s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw80 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw80s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw90 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw90s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwa0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwa0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwb0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwb0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwc0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwc0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwd0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwd0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwe0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwe0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwf0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwf0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwg0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwg0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwh0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwh0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwi0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwi0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwj0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwj0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwk0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwk0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwl0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwl0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwm0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwm0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwn0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwn0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwo0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwo0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwp0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwp0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwq0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwq0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwr0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwr0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bws0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bws0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwt0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwt0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwu0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwu0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwv0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwv0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bww0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bww0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwx0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwx0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwy0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwy0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwz0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwz0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: offline-8876480 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412637128-1742022395-2623691983-1000Core.job
C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Petr\AppData\Local\Temp
AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:638E6F6B [130]
AlternateDataStreams: C:\ProgramData\TEMP:888AFB86 [110]
AlternateDataStreams: C:\ProgramData\TEMP:8E7C96FD [181]
End
*****************
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKCR\PROTOCOLS\Handler\bw+0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw+0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw-0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw-0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw00" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw00s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw10" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw10s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw20" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw20s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw30" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw30s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw40" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw40s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw50" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw50s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw60" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw60s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw70" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw70s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw80" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw80s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw90" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw90s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwa0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwa0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwb0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwb0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwc0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwc0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwd0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwd0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwe0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwe0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwf0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwf0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwg0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwg0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwh0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwh0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwi0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwi0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwj0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwj0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwk0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwk0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwl0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwl0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwm0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwm0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwn0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwn0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwo0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwo0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwp0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwp0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwq0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwq0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwr0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwr0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bws0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bws0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwt0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwt0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwu0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwu0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwv0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwv0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bww0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bww0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwx0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwx0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwy0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwy0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwz0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwz0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\offline-8876480" => key removed successfully
HKCR\CLSID\{E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412637128-1742022395-2623691983-1000Core.job => moved successfully
C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\Petr\AppData\Local\Temp" folder move:
Could not move "C:\Users\Petr\AppData\Local\Temp" => Scheduled to move on reboot.
"C:\Windows" => ":AstInfo" ADS not found.
"C:\Windows" => ":nlsPreferences" ADS not found.
C:\ProgramData\TEMP => ":638E6F6B" ADS removed successfully.
C:\ProgramData\TEMP => ":888AFB86" ADS removed successfully.
C:\ProgramData\TEMP => ":8E7C96FD" ADS removed successfully.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-15 18:58:13)
C:\Users\Petr\AppData\Local\Temp => moved successfully
==== End of Fixlog 18:58:13 ====
Ran by Petr (2016-04-15 18:56:30) Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: bw+0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw+0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw-0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw-0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw00 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw00s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw10 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw10s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw20 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw20s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw30 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw30s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw40 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw40s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw50 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw50s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw60 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw60s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw70 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw70s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw80 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw80s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw90 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bw90s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwa0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwa0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwb0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwb0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwc0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwc0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwd0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwd0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwe0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwe0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwf0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwf0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwg0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwg0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwh0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwh0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwi0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwi0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwj0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwj0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwk0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwk0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwl0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwl0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwm0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwm0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwn0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwn0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwo0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwo0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwp0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwp0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwq0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwq0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwr0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwr0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bws0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bws0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwt0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwt0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwu0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwu0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwv0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwv0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bww0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bww0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwx0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwx0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwy0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwy0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwz0 - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: bwz0s - {e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} - No File
Handler: offline-8876480 - {E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412637128-1742022395-2623691983-1000Core.job
C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Petr\AppData\Local\Temp
AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:638E6F6B [130]
AlternateDataStreams: C:\ProgramData\TEMP:888AFB86 [110]
AlternateDataStreams: C:\ProgramData\TEMP:8E7C96FD [181]
End
*****************
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1412637128-1742022395-2623691983-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKCR\PROTOCOLS\Handler\bw+0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw+0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw-0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw-0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw00" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw00s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw10" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw10s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw20" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw20s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw30" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw30s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw40" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw40s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw50" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw50s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw60" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw60s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw70" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw70s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw80" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw80s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw90" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bw90s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwa0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwa0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwb0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwb0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwc0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwc0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwd0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwd0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwe0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwe0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwf0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwf0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwg0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwg0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwh0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwh0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwi0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwi0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwj0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwj0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwk0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwk0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwl0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwl0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwm0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwm0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwn0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwn0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwo0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwo0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwp0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwp0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwq0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwq0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwr0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwr0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bws0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bws0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwt0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwt0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwu0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwu0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwv0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwv0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bww0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bww0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwx0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwx0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwy0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwy0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwz0" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\bwz0s" => key removed successfully
HKCR\CLSID\{e9ec13b0-dd6b-4004-aeb5-c70c2d2a1174} => key not found.
"HKCR\PROTOCOLS\Handler\offline-8876480" => key removed successfully
HKCR\CLSID\{E9EC13B0-DD6B-4004-AEB5-C70C2D2A1174} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412637128-1742022395-2623691983-1000Core.job => moved successfully
C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\Petr\AppData\Local\Temp" folder move:
Could not move "C:\Users\Petr\AppData\Local\Temp" => Scheduled to move on reboot.
"C:\Windows" => ":AstInfo" ADS not found.
"C:\Windows" => ":nlsPreferences" ADS not found.
C:\ProgramData\TEMP => ":638E6F6B" ADS removed successfully.
C:\ProgramData\TEMP => ":888AFB86" ADS removed successfully.
C:\ProgramData\TEMP => ":8E7C96FD" ADS removed successfully.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-15 18:58:13)
C:\Users\Petr\AppData\Local\Temp => moved successfully
==== End of Fixlog 18:58:13 ====
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: RSA 4096 Ransomware Description
Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kolemjdouci
- Návštěvník
- Příspěvky: 9
- Registrován: 14 dub 2016 15:13
Re: RSA 4096 Ransomware Description
Dobry vecer! Kvuli strachu z Ransomware jsem si nainstaloval SpyHunter a on mi porad zobrazuje toto viz. priloha.
To me v tuto chvili neohrozuje? Neni jen SpyHunter zbytecne precitlively?
Moc Vam dekuji za pomoc!
To me v tuto chvili neohrozuje? Neni jen SpyHunter zbytecne precitlively?
Moc Vam dekuji za pomoc!
- Přílohy
-
- spyhunter.png (31.86 KiB) Zobrazeno 1998 x
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: RSA 4096 Ransomware Description
Vesměs jsou to AdWary, můžete smazat. Ransomware mezi nimi není. Pro jistotu udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kolemjdouci
- Návštěvník
- Příspěvky: 9
- Registrován: 14 dub 2016 15:13
Re: RSA 4096 Ransomware Description
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 16.4.2016
Čas skenování: 3:32
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.04.15.06
Databáze rootkitů: v2016.04.09.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Petr
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 411138
Uplynulý čas: 5 min, 30 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 5
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\mz, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\skin, , [3ce686294257231301d932f0a55ed12f],
Soubory: 22
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome.manifest, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\install.rdf, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\background.html, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\bg.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\button.xml, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\config.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\content.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\framework.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\framework.xul, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon128.png, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon16.png, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon24.ico, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon24.png, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon32.ico, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon32.png, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon48.png, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\jquery-1.6.2.min.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\options.xul, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\settings.json, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\mz\background.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\mz\content.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\skin\framework.css, , [3ce686294257231301d932f0a55ed12f],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
www.malwarebytes.org
Datum skenování: 16.4.2016
Čas skenování: 3:32
Protokol:
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.04.15.06
Databáze rootkitů: v2016.04.09.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Petr
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 411138
Uplynulý čas: 5 min, 30 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 5
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\mz, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\skin, , [3ce686294257231301d932f0a55ed12f],
Soubory: 22
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome.manifest, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\install.rdf, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\background.html, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\bg.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\button.xml, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\config.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\content.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\framework.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\framework.xul, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon128.png, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon16.png, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon24.ico, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon24.png, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon32.ico, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon32.png, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\icon48.png, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\jquery-1.6.2.min.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\options.xul, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\settings.json, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\mz\background.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\content\mz\content.js, , [3ce686294257231301d932f0a55ed12f],
PUP.Optional.SpeedAnalysis, C:\Users\Petr\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com\chrome\skin\framework.css, , [3ce686294257231301d932f0a55ed12f],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: RSA 4096 Ransomware Description
Všechny nálezy smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
kolemjdouci
- Návštěvník
- Příspěvky: 9
- Registrován: 14 dub 2016 15:13
Re: RSA 4096 Ransomware Description
Dekuji! SpyHunter zustava na chlup stejny, asi je opravdu precitlively a nebudu to uz resit. Vidite to stejne, ze?
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: RSA 4096 Ransomware Description
Asi tak. Z tohoto důvodu SpyHunter uživatelům moc nedoporučujeme.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?