Dobrý den, prosím o kontrolu logu
cca týden mi svchost.exe zatěžuje cpu na 25%. Již delší dobu jsem neaktualizoval Win7 pravidelnými aktualizacemi
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by OK (administrator) on OK-PC (16-12-2016 22:27:34)
Running from C:\Users\OK\Desktop
Loaded Profiles: OK (Available Profiles: OK)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Users\OK\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmW.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
() C:\Program Files (x86)\ESRI\License\arcgis9x\ARCGIS.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\OK\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879264 2015-06-12] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LauncherM200DN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2587056 2012-09-13] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [M200DN RUN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [362928 2012-09-13] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAutoRunM200DN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe [4277680 2012-09-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\OK\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\OK\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d19f54-142c-11e6-a716-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d1a02d-142c-11e6-a716-d4bed97a6f29} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {39c28af6-5bbf-11e5-9efb-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {9a5f6242-c861-11e3-90da-d4bed97a6f29} - F:\AutoRun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} - F:\Startme.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {bd26fea1-5bce-11e5-a013-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {edb1d45c-9758-11e4-8e50-d4bed97a6f29} - F:\autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [HubicBackupRootOverlayHandler] -> {2DF0C6DB-1E85-4894-9D4F-63CB0EAB17EA} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\OK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0CD86CF3-0731-4622-94A0-61643C7E7232}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{6F27A656-B3C0-4291-9D6B-45BF6A3A8319}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B40E6728-1BED-4D74-98BE-0E0FC1363BDF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C757C2EE-8B36-481F-9C05-5A5B9EC29591}: [NameServer] 93.153.117.33 93.153.117.1
Internet Explorer:
==================
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580811761-2930735587-3654941813-1000 -> {D928159A-287C-492F-AA0C-4E13E2ECDE4B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default [2016-12-16]
FF Homepage: Mozilla\Firefox\Profiles\46vdldxe.default -> http://www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ftp", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.socks", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ssl", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ftp", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> http", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> socks", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ssl", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> type", 0
FF Extension: (Adblock Plus) - C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Seznam lištička) - C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-12-06]
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1580811761-2930735587-3654941813-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., Ltd.)
R2 ArcGIS License Manager; C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe [1431440 2013-01-30] (Acresso Software Inc.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-12-01] (Broadcom Corporation) [File not signed]
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1246112 2015-06-03] (Intel® Corporation)
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-12-10] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-06-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 SENADB; C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [137648 2012-09-13] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-11-25] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-09] () [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2014-01-19] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-09-15] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-12-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-12-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-12-10] (ESET)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [32768 2010-10-08] (Huawei Tech. Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-09-30] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-08-04] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2015-09-15] (Duplex Secure Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
U3 al2uaci6; C:\Windows\System32\Drivers\al2uaci6.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-16 22:27 - 2016-12-16 22:28 - 00028091 _____ C:\Users\OK\Desktop\FRST.txt
2016-12-16 22:27 - 2016-12-16 22:27 - 00000000 ____D C:\FRST
2016-12-16 22:25 - 2016-12-16 22:26 - 00112640 _____ (forum.viry.cz) C:\Users\OK\Desktop\FRSTLauncher.exe
2016-12-16 22:25 - 2016-12-16 22:25 - 02420224 _____ (Farbar) C:\Users\OK\Desktop\FRST64.exe
2016-12-16 08:09 - 2016-12-16 08:09 - 00000000 ___HT C:\Windows\wusa.lock
2016-12-16 08:09 - 2016-12-16 08:09 - 00000000 ____D C:\10db5ab6dfac70bf62
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\Users\OK\AppData\Roaming\Jpeg Resampler
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jpeg Resampler 2010
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\Program Files (x86)\JpegResampler2010
2016-12-08 20:25 - 2016-12-08 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-12-06 08:08 - 2016-12-16 07:43 - 00000000 ____D C:\Users\OK\AppData\Roaming\Seznam.cz
2016-12-06 08:08 - 2016-12-06 08:08 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-12-06 08:07 - 2016-12-06 08:07 - 00001094 _____ C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
2016-12-06 08:07 - 2016-12-06 08:07 - 00001064 _____ C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\Users\OK\Documents\My PDFill
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\ProgramData\PlotSoft
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-11-27 20:12 - 2016-12-13 05:45 - 00000000 ____D C:\Users\OK\AppData\Roaming\hubiC
2016-11-27 20:11 - 2016-11-27 20:11 - 00000973 _____ C:\Users\Public\Desktop\hubiC.lnk
2016-11-27 20:11 - 2016-11-27 20:11 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hubiC.lnk
2016-11-27 20:11 - 2016-11-27 20:11 - 00000000 ____D C:\Program Files\OVH
2016-11-24 06:00 - 2016-12-03 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-11-22 15:07 - 2016-11-22 15:07 - 11556027 _____ C:\Users\OK\Desktop\TL-WR740N_V6_EasySetupAssistant.zip
2016-11-22 15:07 - 2016-11-22 15:07 - 00000000 ____D C:\Users\OK\Desktop\TL-WR740N_V6_EasySetupAssistant
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-16 22:19 - 2016-11-15 20:42 - 00000000 ____D C:\Users\OK\AppData\LocalLow\Mozilla
2016-12-16 22:14 - 2012-11-03 07:51 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-16 08:01 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-16 08:01 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-16 07:47 - 2016-10-06 18:53 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-16 07:39 - 2015-01-20 19:16 - 00000000 __SHD C:\Users\OK\IntelGraphicsProfiles
2016-12-16 07:39 - 2014-09-23 05:04 - 00002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2016-12-16 07:39 - 2014-06-17 20:10 - 00078848 _____ C:\Windows\KMSEmulator.exe
2016-12-16 07:39 - 2014-06-17 20:10 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2016-12-16 07:39 - 2014-06-17 20:10 - 00000194 _____ C:\Windows\Tasks\AutoKMS.job
2016-12-16 07:37 - 2016-11-15 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 07:37 - 2013-01-13 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-16 07:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-14 07:14 - 2012-11-03 07:51 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 07:14 - 2012-11-03 07:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 07:14 - 2012-11-03 07:51 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 07:14 - 2012-11-03 07:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 07:14 - 2012-11-03 07:51 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 07:09 - 2014-09-21 09:01 - 00000000 ____D C:\Users\OK\AppData\Local\ElevatedDiagnostics
2016-12-11 13:20 - 2012-11-03 08:17 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-12-10 08:32 - 2010-11-21 10:27 - 00670170 _____ C:\Windows\system32\perfh005.dat
2016-12-10 08:32 - 2010-11-21 10:27 - 00142296 _____ C:\Windows\system32\perfc005.dat
2016-12-10 08:32 - 2009-07-14 06:13 - 01588048 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-10 08:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-10 08:27 - 2015-07-14 14:29 - 00262792 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-12-10 08:27 - 2015-07-14 14:29 - 00197248 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-12-10 08:27 - 2015-07-14 14:29 - 00181384 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2016-12-08 20:22 - 2013-11-06 18:12 - 00003806 _____ C:\Windows\SysWOW64\CommonSetting.ini
2016-12-08 20:22 - 2013-11-06 18:12 - 00003806 _____ C:\Windows\CommonSetting.ini
2016-12-08 05:46 - 2009-07-14 05:45 - 00476912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-07 05:56 - 2012-11-13 17:27 - 00150336 _____ C:\Users\OK\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-04 18:38 - 2012-12-01 19:50 - 00000000 ____D C:\Users\SHARE
2016-11-30 06:39 - 2013-01-20 10:57 - 00000000 ____D C:\Users\OK\KBCertifikat
2016-11-27 20:11 - 2014-03-19 06:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-22 19:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-22 18:43 - 2016-11-11 07:08 - 00000442 _____ C:\Users\OK\Desktop\Router Settings.txt
2016-11-20 13:43 - 2012-11-13 17:27 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-11-17 11:25 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
==================== Files in the root of some directories =======
2015-01-13 16:42 - 2015-01-13 16:38 - 0524288 _____ (Simon Tatham) C:\Program Files (x86)\putty.exe
2012-12-14 19:58 - 2014-05-08 22:48 - 0006144 _____ () C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-14 18:06 - 2016-09-14 18:06 - 0004096 ____H () C:\Users\OK\AppData\Local\keyfile3.drm
2015-01-13 16:48 - 2015-01-13 16:48 - 0000600 _____ () C:\Users\OK\AppData\Local\PUTTY.RND
2013-01-22 20:02 - 2013-01-22 20:02 - 10485760 _____ () C:\ProgramData\WV5DataStore
Some files in TEMP:
====================
C:\Users\OK\AppData\Local\Temp\AcDeltree.exe
C:\Users\OK\AppData\Local\Temp\akt_prog_stavitel_2014.exe
C:\Users\OK\AppData\Local\Temp\cygiconv-2.dll
C:\Users\OK\AppData\Local\Temp\cygintl-8.dll
C:\Users\OK\AppData\Local\Temp\cygwin1.dll
C:\Users\OK\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\OK\AppData\Local\Temp\Deldevice.dll
C:\Users\OK\AppData\Local\Temp\esri32.exe
C:\Users\OK\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\OK\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\OK\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\OK\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\OK\AppData\Local\Temp\md5sum.exe
C:\Users\OK\AppData\Local\Temp\ResetDevice.exe
C:\Users\OK\AppData\Local\Temp\sfamcc00001.dll
C:\Users\OK\AppData\Local\Temp\sfextra.dll
C:\Users\OK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\OK\AppData\Local\Temp\un29425.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\OK\Desktop" je 55 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive
"C:\Users\OK\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusAutoRunM200DN
"C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON WorkForce AL-M200DN,hide,\S [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TdmNotify
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (OS) (Fixed) (Total:76.13 GB) (Free:3.17 GB) NTFS
Drive d: (Data) (Fixed) (Total:196.77 GB) (Free:154.63 GB) NTFS
Available physical RAM: 1275.28 MB
Total physical RAM: 4000.88 MB
Percentage of memory in use: 68%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 298.1 GB) (Disk ID: FC6B4BA0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=76.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=221.2 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\OK\Desktop" je 55 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive
"C:\Users\OK\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusAutoRunM200DN
"C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON WorkForce AL-M200DN,hide,\S [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TdmNotify
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola FRST logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Kontrola FRST logu
- Přílohy
-
- Addition.rar
- (498 bajtů) Staženo 69 x
Re: Kontrola FRST logu
Log z AdwCleaner
# AdwCleaner v6.041 - Log vytvořen 16/12/2016 v 22:46:16
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-15.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : OK - OK-PC
# Spuštěno z : C:\Users\OK\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1442 Bajty] - [16/12/2016 22:46:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [1909 Bajty] - [16/12/2016 22:45:44]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1588 Bajty] ##########
# AdwCleaner v6.041 - Log vytvořen 16/12/2016 v 22:46:16
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2016-12-15.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : OK - OK-PC
# Spuštěno z : C:\Users\OK\Desktop\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\slunecnice.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.slunecnice.cz
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1442 Bajty] - [16/12/2016 22:46:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [1909 Bajty] - [16/12/2016 22:45:44]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1588 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola FRST logu
Zdravím!
Log FRST je již po skenu ADW, nebo před ním? Pokud je před, musíte dát nový log FRST:
Log FRST je již po skenu ADW, nebo před ním? Pokud je před, musíte dát nový log FRST:
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola FRST logu
Ano bylo to -> nový FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by OK (administrator) on OK-PC (17-12-2016 15:28:54)
Running from C:\Users\OK\Desktop
Loaded Profiles: OK (Available Profiles: OK)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Users\OK\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files (x86)\ESRI\License\arcgis9x\ARCGIS.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(forum.viry.cz) C:\Users\OK\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879264 2015-06-12] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LauncherM200DN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2587056 2012-09-13] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [M200DN RUN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [362928 2012-09-13] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAutoRunM200DN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe [4277680 2012-09-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\OK\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\OK\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d19f54-142c-11e6-a716-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d1a02d-142c-11e6-a716-d4bed97a6f29} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {39c28af6-5bbf-11e5-9efb-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {9a5f6242-c861-11e3-90da-d4bed97a6f29} - F:\AutoRun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} - F:\Startme.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {bd26fea1-5bce-11e5-a013-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {edb1d45c-9758-11e4-8e50-d4bed97a6f29} - F:\autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [HubicBackupRootOverlayHandler] -> {2DF0C6DB-1E85-4894-9D4F-63CB0EAB17EA} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\OK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0CD86CF3-0731-4622-94A0-61643C7E7232}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{6F27A656-B3C0-4291-9D6B-45BF6A3A8319}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B40E6728-1BED-4D74-98BE-0E0FC1363BDF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C757C2EE-8B36-481F-9C05-5A5B9EC29591}: [NameServer] 93.153.117.33 93.153.117.1
Internet Explorer:
==================
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580811761-2930735587-3654941813-1000 -> {D928159A-287C-492F-AA0C-4E13E2ECDE4B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default [2016-12-17]
FF Homepage: Mozilla\Firefox\Profiles\46vdldxe.default -> www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ftp", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.socks", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ssl", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ftp", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> http", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> socks", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ssl", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> type", 0
FF Extension: (Adblock Plus) - C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Seznam lištička) - C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-12-06]
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1580811761-2930735587-3654941813-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., Ltd.)
R2 ArcGIS License Manager; C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe [1431440 2013-01-30] (Acresso Software Inc.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-12-01] (Broadcom Corporation) [File not signed]
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1246112 2015-06-03] (Intel® Corporation)
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-12-10] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-06-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 SENADB; C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [137648 2012-09-13] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-11-25] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-09] () [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2014-01-19] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-09-15] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-12-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-12-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-12-10] (ESET)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [32768 2010-10-08] (Huawei Tech. Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-09-30] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-08-04] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2015-09-15] (Duplex Secure Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
U3 aaevbjd3; C:\Windows\System32\Drivers\aaevbjd3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-17 15:28 - 2016-12-17 15:28 - 00000000 ____D C:\Users\OK\Desktop\FRST-OlderVersion
2016-12-16 22:44 - 2016-12-16 22:46 - 00000000 ____D C:\AdwCleaner
2016-12-16 22:43 - 2016-12-16 22:43 - 03977168 _____ C:\Users\OK\Desktop\adwcleaner_6.041.exe
2016-12-16 22:37 - 2016-12-16 22:37 - 00000498 _____ C:\Users\OK\Desktop\Addition.rar
2016-12-16 22:29 - 2016-12-17 15:29 - 00027977 _____ C:\Users\OK\Desktop\FRST.txt
2016-12-16 22:27 - 2016-12-17 15:28 - 00000000 ____D C:\FRST
2016-12-16 22:25 - 2016-12-17 15:28 - 02420224 _____ (Farbar) C:\Users\OK\Desktop\FRST64.exe
2016-12-16 08:09 - 2016-12-16 08:09 - 00000000 ____D C:\10db5ab6dfac70bf62
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\Users\OK\AppData\Roaming\Jpeg Resampler
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jpeg Resampler 2010
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\Program Files (x86)\JpegResampler2010
2016-12-08 20:25 - 2016-12-08 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-12-06 08:08 - 2016-12-17 14:58 - 00000000 ____D C:\Users\OK\AppData\Roaming\Seznam.cz
2016-12-06 08:08 - 2016-12-06 08:08 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-12-06 08:07 - 2016-12-06 08:07 - 00001094 _____ C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
2016-12-06 08:07 - 2016-12-06 08:07 - 00001064 _____ C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\Users\OK\Documents\My PDFill
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\ProgramData\PlotSoft
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-11-27 20:12 - 2016-12-13 05:45 - 00000000 ____D C:\Users\OK\AppData\Roaming\hubiC
2016-11-27 20:11 - 2016-11-27 20:11 - 00000973 _____ C:\Users\Public\Desktop\hubiC.lnk
2016-11-27 20:11 - 2016-11-27 20:11 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hubiC.lnk
2016-11-27 20:11 - 2016-11-27 20:11 - 00000000 ____D C:\Program Files\OVH
2016-11-24 06:00 - 2016-12-03 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-11-22 15:07 - 2016-11-22 15:07 - 11556027 _____ C:\Users\OK\Desktop\TL-WR740N_V6_EasySetupAssistant.zip
2016-11-22 15:07 - 2016-11-22 15:07 - 00000000 ____D C:\Users\OK\Desktop\TL-WR740N_V6_EasySetupAssistant
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-17 15:14 - 2012-11-03 07:51 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-17 15:11 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-17 15:11 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-17 14:59 - 2016-10-06 18:53 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-17 14:55 - 2016-11-15 20:42 - 00000000 ____D C:\Users\OK\AppData\LocalLow\Mozilla
2016-12-17 14:54 - 2015-01-20 19:16 - 00000000 __SHD C:\Users\OK\IntelGraphicsProfiles
2016-12-17 14:54 - 2014-09-23 05:04 - 00002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2016-12-17 14:54 - 2014-06-17 20:10 - 00078848 _____ C:\Windows\KMSEmulator.exe
2016-12-17 14:54 - 2014-06-17 20:10 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2016-12-17 14:54 - 2014-06-17 20:10 - 00000194 _____ C:\Windows\Tasks\AutoKMS.job
2016-12-17 14:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-17 00:13 - 2009-07-14 06:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-16 07:37 - 2016-11-15 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 07:37 - 2013-01-13 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 07:14 - 2012-11-03 07:51 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 07:14 - 2012-11-03 07:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 07:14 - 2012-11-03 07:51 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 07:14 - 2012-11-03 07:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 07:14 - 2012-11-03 07:51 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 07:09 - 2014-09-21 09:01 - 00000000 ____D C:\Users\OK\AppData\Local\ElevatedDiagnostics
2016-12-11 13:20 - 2012-11-03 08:17 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-12-10 08:32 - 2010-11-21 10:27 - 00670170 _____ C:\Windows\system32\perfh005.dat
2016-12-10 08:32 - 2010-11-21 10:27 - 00142296 _____ C:\Windows\system32\perfc005.dat
2016-12-10 08:32 - 2009-07-14 06:13 - 01588048 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-10 08:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-10 08:27 - 2015-07-14 14:29 - 00262792 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-12-10 08:27 - 2015-07-14 14:29 - 00197248 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-12-10 08:27 - 2015-07-14 14:29 - 00181384 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2016-12-08 20:22 - 2013-11-06 18:12 - 00003806 _____ C:\Windows\SysWOW64\CommonSetting.ini
2016-12-08 20:22 - 2013-11-06 18:12 - 00003806 _____ C:\Windows\CommonSetting.ini
2016-12-08 05:46 - 2009-07-14 05:45 - 00476912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-07 05:56 - 2012-11-13 17:27 - 00150336 _____ C:\Users\OK\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-04 18:38 - 2012-12-01 19:50 - 00000000 ____D C:\Users\SHARE
2016-11-30 06:39 - 2013-01-20 10:57 - 00000000 ____D C:\Users\OK\KBCertifikat
2016-11-27 20:11 - 2014-03-19 06:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-22 19:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-22 18:43 - 2016-11-11 07:08 - 00000442 _____ C:\Users\OK\Desktop\Router Settings.txt
2016-11-20 13:43 - 2012-11-13 17:27 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-11-17 11:25 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
==================== Files in the root of some directories =======
2015-01-13 16:42 - 2015-01-13 16:38 - 0524288 _____ (Simon Tatham) C:\Program Files (x86)\putty.exe
2012-12-14 19:58 - 2014-05-08 22:48 - 0006144 _____ () C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-14 18:06 - 2016-09-14 18:06 - 0004096 ____H () C:\Users\OK\AppData\Local\keyfile3.drm
2015-01-13 16:48 - 2015-01-13 16:48 - 0000600 _____ () C:\Users\OK\AppData\Local\PUTTY.RND
2013-01-22 20:02 - 2013-01-22 20:02 - 10485760 _____ () C:\ProgramData\WV5DataStore
Some files in TEMP:
====================
C:\Users\OK\AppData\Local\Temp\AcDeltree.exe
C:\Users\OK\AppData\Local\Temp\akt_prog_stavitel_2014.exe
C:\Users\OK\AppData\Local\Temp\cygiconv-2.dll
C:\Users\OK\AppData\Local\Temp\cygintl-8.dll
C:\Users\OK\AppData\Local\Temp\cygwin1.dll
C:\Users\OK\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\OK\AppData\Local\Temp\Deldevice.dll
C:\Users\OK\AppData\Local\Temp\esri32.exe
C:\Users\OK\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\OK\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\OK\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\OK\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\OK\AppData\Local\Temp\libeay32.dll
C:\Users\OK\AppData\Local\Temp\md5sum.exe
C:\Users\OK\AppData\Local\Temp\msvcr120.dll
C:\Users\OK\AppData\Local\Temp\ResetDevice.exe
C:\Users\OK\AppData\Local\Temp\sfamcc00001.dll
C:\Users\OK\AppData\Local\Temp\sfextra.dll
C:\Users\OK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\OK\AppData\Local\Temp\sqlite3.dll
C:\Users\OK\AppData\Local\Temp\un29425.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\OK\Desktop" je 61 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive
"C:\Users\OK\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusAutoRunM200DN
"C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON WorkForce AL-M200DN,hide,\S [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TdmNotify
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by OK (administrator) on OK-PC (17-12-2016 15:28:54)
Running from C:\Users\OK\Desktop
Loaded Profiles: OK (Available Profiles: OK)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Acresso Software Inc.) C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Users\OK\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmW.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files (x86)\ESRI\License\arcgis9x\ARCGIS.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(forum.viry.cz) C:\Users\OK\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [736552 2015-05-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4879264 2015-06-12] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LauncherM200DN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2587056 2012-09-13] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [M200DN RUN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [362928 2012-09-13] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1868472 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAutoRunM200DN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe [4277680 2012-09-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe [2162152 2015-08-06] (Gemfor s.r.o.)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\OK\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\OK\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d19f54-142c-11e6-a716-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d1a02d-142c-11e6-a716-d4bed97a6f29} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {39c28af6-5bbf-11e5-9efb-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {9a5f6242-c861-11e3-90da-d4bed97a6f29} - F:\AutoRun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} - F:\Startme.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {bd26fea1-5bce-11e5-a013-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {edb1d45c-9758-11e4-8e50-d4bed97a6f29} - F:\autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [HubicBackupRootOverlayHandler] -> {2DF0C6DB-1E85-4894-9D4F-63CB0EAB17EA} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\Windows\SYSTEM32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-12-08] (Wave Systems Corp.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\OK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-11-13]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0CD86CF3-0731-4622-94A0-61643C7E7232}: [NameServer] 93.153.117.33 93.153.117.1
Tcpip\..\Interfaces\{6F27A656-B3C0-4291-9D6B-45BF6A3A8319}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B40E6728-1BED-4D74-98BE-0E0FC1363BDF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C757C2EE-8B36-481F-9C05-5A5B9EC29591}: [NameServer] 93.153.117.33 93.153.117.1
Internet Explorer:
==================
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580811761-2930735587-3654941813-1000 -> {D928159A-287C-492F-AA0C-4E13E2ECDE4B} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default [2016-12-17]
FF Homepage: Mozilla\Firefox\Profiles\46vdldxe.default -> www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ftp", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.socks", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ssl", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> backup.ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ftp", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ftp_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> http", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> socks", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> socks_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ssl", "cache.natur.cuni.cz"
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> ssl_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\46vdldxe.default -> type", 0
FF Extension: (Adblock Plus) - C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Seznam lištička) - C:\Users\OK\AppData\Roaming\Mozilla\Firefox\Profiles\46vdldxe.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-12-06]
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-17]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1580811761-2930735587-3654941813-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96000 2015-09-25] (Alps Electric Co., Ltd.)
R2 ArcGIS License Manager; C:\Program Files (x86)\ESRI\License\arcgis9x\lmgrd.exe [1431440 2013-01-30] (Acresso Software Inc.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-12-01] (Broadcom Corporation) [File not signed]
R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1246112 2015-06-03] (Intel® Corporation)
R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-12-10] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-06-15] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [419096 2015-08-25] (Gemfor s.r.o.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 SENADB; C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [137648 2012-09-13] ()
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-11-25] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-09] () [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [414360 2015-11-25] ()
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2014-01-19] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-09-15] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-12-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-12-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-12-10] (ESET)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [32768 2010-10-08] (Huawei Tech. Co., Ltd.)
S3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [125952 2014-07-25] (Huawei Technologies Co., Ltd.)
S3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [380672 2014-09-30] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-08-04] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2015-09-15] (Duplex Secure Ltd.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
U3 aaevbjd3; C:\Windows\System32\Drivers\aaevbjd3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-17 15:28 - 2016-12-17 15:28 - 00000000 ____D C:\Users\OK\Desktop\FRST-OlderVersion
2016-12-16 22:44 - 2016-12-16 22:46 - 00000000 ____D C:\AdwCleaner
2016-12-16 22:43 - 2016-12-16 22:43 - 03977168 _____ C:\Users\OK\Desktop\adwcleaner_6.041.exe
2016-12-16 22:37 - 2016-12-16 22:37 - 00000498 _____ C:\Users\OK\Desktop\Addition.rar
2016-12-16 22:29 - 2016-12-17 15:29 - 00027977 _____ C:\Users\OK\Desktop\FRST.txt
2016-12-16 22:27 - 2016-12-17 15:28 - 00000000 ____D C:\FRST
2016-12-16 22:25 - 2016-12-17 15:28 - 02420224 _____ (Farbar) C:\Users\OK\Desktop\FRST64.exe
2016-12-16 08:09 - 2016-12-16 08:09 - 00000000 ____D C:\10db5ab6dfac70bf62
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\Users\OK\AppData\Roaming\Jpeg Resampler
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jpeg Resampler 2010
2016-12-11 09:43 - 2016-12-11 09:43 - 00000000 ____D C:\Program Files (x86)\JpegResampler2010
2016-12-08 20:25 - 2016-12-08 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-12-06 08:08 - 2016-12-17 14:58 - 00000000 ____D C:\Users\OK\AppData\Roaming\Seznam.cz
2016-12-06 08:08 - 2016-12-06 08:08 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-12-06 08:07 - 2016-12-06 08:07 - 00001094 _____ C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
2016-12-06 08:07 - 2016-12-06 08:07 - 00001064 _____ C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\Users\OK\Documents\My PDFill
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\ProgramData\PlotSoft
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-12-06 08:07 - 2016-12-06 08:07 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-11-27 20:12 - 2016-12-13 05:45 - 00000000 ____D C:\Users\OK\AppData\Roaming\hubiC
2016-11-27 20:11 - 2016-11-27 20:11 - 00000973 _____ C:\Users\Public\Desktop\hubiC.lnk
2016-11-27 20:11 - 2016-11-27 20:11 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hubiC.lnk
2016-11-27 20:11 - 2016-11-27 20:11 - 00000000 ____D C:\Program Files\OVH
2016-11-24 06:00 - 2016-12-03 18:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-11-22 15:07 - 2016-11-22 15:07 - 11556027 _____ C:\Users\OK\Desktop\TL-WR740N_V6_EasySetupAssistant.zip
2016-11-22 15:07 - 2016-11-22 15:07 - 00000000 ____D C:\Users\OK\Desktop\TL-WR740N_V6_EasySetupAssistant
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-17 15:14 - 2012-11-03 07:51 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-17 15:11 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-17 15:11 - 2009-07-14 05:45 - 00035040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-17 14:59 - 2016-10-06 18:53 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-17 14:55 - 2016-11-15 20:42 - 00000000 ____D C:\Users\OK\AppData\LocalLow\Mozilla
2016-12-17 14:54 - 2015-01-20 19:16 - 00000000 __SHD C:\Users\OK\IntelGraphicsProfiles
2016-12-17 14:54 - 2014-09-23 05:04 - 00002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2016-12-17 14:54 - 2014-06-17 20:10 - 00078848 _____ C:\Windows\KMSEmulator.exe
2016-12-17 14:54 - 2014-06-17 20:10 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2016-12-17 14:54 - 2014-06-17 20:10 - 00000194 _____ C:\Windows\Tasks\AutoKMS.job
2016-12-17 14:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-17 00:13 - 2009-07-14 06:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-16 07:37 - 2016-11-15 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 07:37 - 2013-01-13 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 07:14 - 2012-11-03 07:51 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 07:14 - 2012-11-03 07:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 07:14 - 2012-11-03 07:51 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 07:14 - 2012-11-03 07:51 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-14 07:14 - 2012-11-03 07:51 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 07:09 - 2014-09-21 09:01 - 00000000 ____D C:\Users\OK\AppData\Local\ElevatedDiagnostics
2016-12-11 13:20 - 2012-11-03 08:17 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-12-10 08:32 - 2010-11-21 10:27 - 00670170 _____ C:\Windows\system32\perfh005.dat
2016-12-10 08:32 - 2010-11-21 10:27 - 00142296 _____ C:\Windows\system32\perfc005.dat
2016-12-10 08:32 - 2009-07-14 06:13 - 01588048 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-10 08:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-12-10 08:27 - 2015-07-14 14:29 - 00262792 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-12-10 08:27 - 2015-07-14 14:29 - 00197248 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-12-10 08:27 - 2015-07-14 14:29 - 00181384 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2016-12-08 20:22 - 2013-11-06 18:12 - 00003806 _____ C:\Windows\SysWOW64\CommonSetting.ini
2016-12-08 20:22 - 2013-11-06 18:12 - 00003806 _____ C:\Windows\CommonSetting.ini
2016-12-08 05:46 - 2009-07-14 05:45 - 00476912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-07 05:56 - 2012-11-13 17:27 - 00150336 _____ C:\Users\OK\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-04 18:38 - 2012-12-01 19:50 - 00000000 ____D C:\Users\SHARE
2016-11-30 06:39 - 2013-01-20 10:57 - 00000000 ____D C:\Users\OK\KBCertifikat
2016-11-27 20:11 - 2014-03-19 06:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-22 19:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-22 18:43 - 2016-11-11 07:08 - 00000442 _____ C:\Users\OK\Desktop\Router Settings.txt
2016-11-20 13:43 - 2012-11-13 17:27 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-11-17 11:25 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
==================== Files in the root of some directories =======
2015-01-13 16:42 - 2015-01-13 16:38 - 0524288 _____ (Simon Tatham) C:\Program Files (x86)\putty.exe
2012-12-14 19:58 - 2014-05-08 22:48 - 0006144 _____ () C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-14 18:06 - 2016-09-14 18:06 - 0004096 ____H () C:\Users\OK\AppData\Local\keyfile3.drm
2015-01-13 16:48 - 2015-01-13 16:48 - 0000600 _____ () C:\Users\OK\AppData\Local\PUTTY.RND
2013-01-22 20:02 - 2013-01-22 20:02 - 10485760 _____ () C:\ProgramData\WV5DataStore
Some files in TEMP:
====================
C:\Users\OK\AppData\Local\Temp\AcDeltree.exe
C:\Users\OK\AppData\Local\Temp\akt_prog_stavitel_2014.exe
C:\Users\OK\AppData\Local\Temp\cygiconv-2.dll
C:\Users\OK\AppData\Local\Temp\cygintl-8.dll
C:\Users\OK\AppData\Local\Temp\cygwin1.dll
C:\Users\OK\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\OK\AppData\Local\Temp\Deldevice.dll
C:\Users\OK\AppData\Local\Temp\esri32.exe
C:\Users\OK\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\OK\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\OK\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\OK\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\OK\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\OK\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\OK\AppData\Local\Temp\libeay32.dll
C:\Users\OK\AppData\Local\Temp\md5sum.exe
C:\Users\OK\AppData\Local\Temp\msvcr120.dll
C:\Users\OK\AppData\Local\Temp\ResetDevice.exe
C:\Users\OK\AppData\Local\Temp\sfamcc00001.dll
C:\Users\OK\AppData\Local\Temp\sfextra.dll
C:\Users\OK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\OK\AppData\Local\Temp\sqlite3.dll
C:\Users\OK\AppData\Local\Temp\un29425.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\OK\Desktop" je 61 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneDrive
"C:\Users\OK\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusAutoRunM200DN
"C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON WorkForce AL-M200DN,hide,\S [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TdmNotify
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
- Přílohy
-
- Addition.rar
- (7.06 KiB) Staženo 66 x
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola FRST logu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d19f54-142c-11e6-a716-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d1a02d-142c-11e6-a716-d4bed97a6f29} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {39c28af6-5bbf-11e5-9efb-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {9a5f6242-c861-11e3-90da-d4bed97a6f29} - F:\AutoRun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} - F:\Startme.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {bd26fea1-5bce-11e5-a013-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {edb1d45c-9758-11e4-8e50-d4bed97a6f29} - F:\autorun.exe
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580811761-2930735587-3654941813-1000 -> {D928159A-287C-492F-AA0C-4E13E2ECDE4B} URL =
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 aaevbjd3; C:\Windows\System32\Drivers\aaevbjd3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\KMSEmulator.exe
C:\Windows\System32\Tasks\AutoKMSDaily
C:\Windows\Tasks\AutoKMSDaily.job
C:\Windows\Tasks\AutoKMS.job
C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\OK\AppData\Local\Temp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe
Task: {76AEB6F2-97DE-4F30-BB8C-086FA175FAA9} - System32\Tasks\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B} => pcalua.exe -a "C:\Users\OK\AppData\Local\Temp\Temp1_W.R3.70Fulllll.zip\WR370F\WinRAR 3.70 CZ.exe" <==== ATTENTION
Task: {BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C} - System32\Tasks\{AD9BE76F-358B-4873-B808-7FF70B3906B3} => pcalua.exe -a "C:\Program Files\rts_stavitel\Rozp.exe" -d "C:\Program Files\rts_stavitel\"
Task: {C223A0DE-2672-4526-A225-C23FA24EB677} - System32\Tasks\{D77159B5-5297-445A-962E-D65ACF747D85} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -c -remove -removeonly
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola FRST logu
Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by OK (18-12-2016 11:08:33) Run:1
Running from C:\Users\OK\Desktop
Loaded Profiles: OK (Available Profiles: OK)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d19f54-142c-11e6-a716-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d1a02d-142c-11e6-a716-d4bed97a6f29} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {39c28af6-5bbf-11e5-9efb-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {9a5f6242-c861-11e3-90da-d4bed97a6f29} - F:\AutoRun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} - F:\Startme.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {bd26fea1-5bce-11e5-a013-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {edb1d45c-9758-11e4-8e50-d4bed97a6f29} - F:\autorun.exe
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580811761-2930735587-3654941813-1000 -> {D928159A-287C-492F-AA0C-4E13E2ECDE4B} URL =
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 aaevbjd3; C:\Windows\System32\Drivers\aaevbjd3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\KMSEmulator.exe
C:\Windows\System32\Tasks\AutoKMSDaily
C:\Windows\Tasks\AutoKMSDaily.job
C:\Windows\Tasks\AutoKMS.job
C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\OK\AppData\Local\Temp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe
Task: {76AEB6F2-97DE-4F30-BB8C-086FA175FAA9} - System32\Tasks\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B} => pcalua.exe -a "C:\Users\OK\AppData\Local\Temp\Temp1_W.R3.70Fulllll.zip\WR370F\WinRAR 3.70 CZ.exe" <==== ATTENTION
Task: {BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C} - System32\Tasks\{AD9BE76F-358B-4873-B808-7FF70B3906B3} => pcalua.exe -a "C:\Program Files\rts_stavitel\Rozp.exe" -d "C:\Program Files\rts_stavitel\"
Task: {C223A0DE-2672-4526-A225-C23FA24EB677} - System32\Tasks\{D77159B5-5297-445A-962E-D65ACF747D85} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -c -remove -removeonly
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d19f54-142c-11e6-a716-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{13d19f54-142c-11e6-a716-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d1a02d-142c-11e6-a716-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{13d1a02d-142c-11e6-a716-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39c28af6-5bbf-11e5-9efb-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{39c28af6-5bbf-11e5-9efb-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a5f6242-c861-11e3-90da-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{9a5f6242-c861-11e3-90da-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd26fea1-5bce-11e5-a013-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{bd26fea1-5bce-11e5-a013-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edb1d45c-9758-11e4-8e50-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{edb1d45c-9758-11e4-8e50-d4bed97a6f29} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D928159A-287C-492F-AA0C-4E13E2ECDE4B}" => key removed successfully
HKCR\CLSID\{D928159A-287C-492F-AA0C-4E13E2ECDE4B} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
aaevbjd3 => service removed successfully
C:\Windows\KMSEmulator.exe => moved successfully
C:\Windows\System32\Tasks\AutoKMSDaily => moved successfully
C:\Windows\Tasks\AutoKMSDaily.job => moved successfully
C:\Windows\Tasks\AutoKMS.job => moved successfully
C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\OK\AppData\Local\Temp" folder move:
Could not move "C:\Users\OK\AppData\Local\Temp" => Scheduled to move on reboot.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS => Error: No automatic fix found for this entry.
C:\Windows\AutoKMS.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76AEB6F2-97DE-4F30-BB8C-086FA175FAA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76AEB6F2-97DE-4F30-BB8C-086FA175FAA9}" => key removed successfully
C:\Windows\System32\Tasks\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C}" => key removed successfully
C:\Windows\System32\Tasks\{AD9BE76F-358B-4873-B808-7FF70B3906B3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD9BE76F-358B-4873-B808-7FF70B3906B3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C223A0DE-2672-4526-A225-C23FA24EB677}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C223A0DE-2672-4526-A225-C23FA24EB677}" => key removed successfully
C:\Windows\System32\Tasks\{D77159B5-5297-445A-962E-D65ACF747D85} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D77159B5-5297-445A-962E-D65ACF747D85}" => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80872485 B
Java, Flash, Steam htmlcache => 96211 B
Windows/system/drivers => 4458583598 B
Edge => 0 B
Chrome => 0 B
Firefox => 357173567 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66338 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83565 B
systemprofile32 => 77284 B
LocalService => 16384 B
NetworkService => 539456 B
OK => 1352237363 B
RecycleBin => 4273836290 B
EmptyTemp: => 9.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-12-2016 11:16:13)
C:\Users\OK\AppData\Local\Temp => moved successfully
==== End of Fixlog 11:16:14 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by OK (18-12-2016 11:08:33) Run:1
Running from C:\Users\OK\Desktop
Loaded Profiles: OK (Available Profiles: OK)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d19f54-142c-11e6-a716-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {13d1a02d-142c-11e6-a716-d4bed97a6f29} - F:\Autorun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {39c28af6-5bbf-11e5-9efb-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {9a5f6242-c861-11e3-90da-d4bed97a6f29} - F:\AutoRun.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} - F:\Startme.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {bd26fea1-5bce-11e5-a013-d4bed97a6f29} - F:\Start.exe
HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\...\MountPoints2: {edb1d45c-9758-11e4-8e50-d4bed97a6f29} - F:\autorun.exe
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1580811761-2930735587-3654941813-1000 -> {D928159A-287C-492F-AA0C-4E13E2ECDE4B} URL =
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U3 aaevbjd3; C:\Windows\System32\Drivers\aaevbjd3.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\KMSEmulator.exe
C:\Windows\System32\Tasks\AutoKMSDaily
C:\Windows\Tasks\AutoKMSDaily.job
C:\Windows\Tasks\AutoKMS.job
C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\OK\AppData\Local\Temp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS
C:\Windows\AutoKMS.exe
Task: {76AEB6F2-97DE-4F30-BB8C-086FA175FAA9} - System32\Tasks\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B} => pcalua.exe -a "C:\Users\OK\AppData\Local\Temp\Temp1_W.R3.70Fulllll.zip\WR370F\WinRAR 3.70 CZ.exe" <==== ATTENTION
Task: {BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C} - System32\Tasks\{AD9BE76F-358B-4873-B808-7FF70B3906B3} => pcalua.exe -a "C:\Program Files\rts_stavitel\Rozp.exe" -d "C:\Program Files\rts_stavitel\"
Task: {C223A0DE-2672-4526-A225-C23FA24EB677} - System32\Tasks\{D77159B5-5297-445A-962E-D65ACF747D85} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -c -remove -removeonly
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d19f54-142c-11e6-a716-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{13d19f54-142c-11e6-a716-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13d1a02d-142c-11e6-a716-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{13d1a02d-142c-11e6-a716-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39c28af6-5bbf-11e5-9efb-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{39c28af6-5bbf-11e5-9efb-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a5f6242-c861-11e3-90da-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{9a5f6242-c861-11e3-90da-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{aad8a7bb-0e6b-11e4-ad84-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd26fea1-5bce-11e5-a013-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{bd26fea1-5bce-11e5-a013-d4bed97a6f29} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edb1d45c-9758-11e4-8e50-d4bed97a6f29}" => key removed successfully
HKCR\CLSID\{edb1d45c-9758-11e4-8e50-d4bed97a6f29} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1580811761-2930735587-3654941813-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D928159A-287C-492F-AA0C-4E13E2ECDE4B}" => key removed successfully
HKCR\CLSID\{D928159A-287C-492F-AA0C-4E13E2ECDE4B} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
aaevbjd3 => service removed successfully
C:\Windows\KMSEmulator.exe => moved successfully
C:\Windows\System32\Tasks\AutoKMSDaily => moved successfully
C:\Windows\Tasks\AutoKMSDaily.job => moved successfully
C:\Windows\Tasks\AutoKMS.job => moved successfully
C:\Users\OK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\Users\OK\AppData\Local\Temp" folder move:
Could not move "C:\Users\OK\AppData\Local\Temp" => Scheduled to move on reboot.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoKMS => Error: No automatic fix found for this entry.
C:\Windows\AutoKMS.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76AEB6F2-97DE-4F30-BB8C-086FA175FAA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76AEB6F2-97DE-4F30-BB8C-086FA175FAA9}" => key removed successfully
C:\Windows\System32\Tasks\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F80DA9A2-4213-415E-BDE0-D08FBB42C90B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF6061D4-FE0B-4A7B-B6E9-CC956D34AC5C}" => key removed successfully
C:\Windows\System32\Tasks\{AD9BE76F-358B-4873-B808-7FF70B3906B3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD9BE76F-358B-4873-B808-7FF70B3906B3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C223A0DE-2672-4526-A225-C23FA24EB677}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C223A0DE-2672-4526-A225-C23FA24EB677}" => key removed successfully
C:\Windows\System32\Tasks\{D77159B5-5297-445A-962E-D65ACF747D85} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D77159B5-5297-445A-962E-D65ACF747D85}" => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80872485 B
Java, Flash, Steam htmlcache => 96211 B
Windows/system/drivers => 4458583598 B
Edge => 0 B
Chrome => 0 B
Firefox => 357173567 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66338 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83565 B
systemprofile32 => 77284 B
LocalService => 16384 B
NetworkService => 539456 B
OK => 1352237363 B
RecycleBin => 4273836290 B
EmptyTemp: => 9.8 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-12-2016 11:16:13)
C:\Users\OK\AppData\Local\Temp => moved successfully
==== End of Fixlog 11:16:14 ====
Re: Kontrola FRST logu
chvíli to vypadalo že je vše ok, ale nyní se stále projevuje stejný problém jako na začátku svchost -> cpu 25 %
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola FRST logu
Pokud máte aktualizace zapmuté, na zkoušku je vypněte. Zkuste přeinstalovat antivir.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola FRST logu
Provedeno bohužel stále beze změny, aktualizace trvale vypnuty
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola FRST logu
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola FRST logu
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 19.12.16
Čas skenování: 22:30
Logovací soubor: MBAM.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.791
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: OK-PC\OK
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 441407
Uplynulý čas: 6 min, 10 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 19.12.16
Čas skenování: 22:30
Logovací soubor: MBAM.txt
Správce: Ano
-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.791
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: OK-PC\OK
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 441407
Uplynulý čas: 6 min, 10 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola FRST logu
Log je OK, váš PC je zcela bez malware. Problém musí způsobovat některá regulérní aplikace, která má přístup na internet. Svchost je totiž proces hostování služeb.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola FRST logu
Mnohokrát díky za pomoc, řešení mého problému bude zřejmě zde http://kverulant.s.cz/win-update.html
-
Rudy
- Site Admin
- Příspěvky: 119609
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola FRST logu
Vždyť jsem se vás na ty aktualizace ptal a vy jste tvrdil, že jsou vypnuté. No nic, je jen na vašem rozhodnutí, kde si necháte pomoci. Nemáte zač.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?